Topic: Importing private keys gradually to increase security and safety, will it work? (Read 106 times)

Obviously, that's why some merchant create bundle of 2 or more hardware wallet[1-2]. It's especially useful if you,
1. Don't want to use software wallet in case the hardware wallet is lost/broken.
2. Plan to use multi signature address.
3. Want to diversify risk of putting everything under single hardware wallet/risk.

[1] https://shop.ledger.com/products/ledger-backup-pack
[2] https://www.thecryptomerchant.com/products/trezor-model-one-family-pack

It's always good not to hold all your coins in the same wallet, so if one wallet is compromised you don't lose absolutely everything. This can be as simple as using different seed phrases on the same hardware wallet, but would be far more convenient to have two hardware wallets with different seed phrases.

Having two devices also makes it easy to recover access to your wallet quickly and securely in the event you lose one device. You don't have to order and wait for a replacement to arrive, and can recover your coins on to your second device if you need to.

If your devices are from different manufacturers then there is additional security if one of the devices turns out to be bugged/flawed/vulnerable etc.

As a counter to my point above, if your devices are from different manufacturers then you have now shared your personal information with two different companies so you are twice as likely to be the victim of a data breach or leak. You will also have to keep up to date with latest developments in software and firmware from two companies, and potentially be exposed to two companies' worth of data collection and privacy invasion.

Many thanks guys for your replies and your advices !

Do you think there is any advantage of having 2 hardware wallets rather than one?

The disadvantages that I can see:

1) taking care about 2 devices and 2 seed papers instead of just one. Which makes owning 2 hardware wallets less convenient.

2) To pay for 2 devices instead of 1.

Any advantages? What do you think?

Importing private keys doesn't damage your security and safety if you do it offline and if your computer is clean (no virus, no malware).

Ideally, you should use Electrum on Linux that has less risk than Windows.

https://electrum.org/#download

I would follow NeuroticFish's instructions above, but you can do it so the private keys never need to leave your old offline computer which is running Core.

Electrum does not work on Windows 7 since version 4.2.0, but you can still download the latest version of Electrum which does work (and all the signatures necessary for verification) from here: https://download.electrum.org/4.1.5/.

Use this to create an Electrum wallet on your offline computer which already contains your Core wallet to import your private keys to which can sign transactions, and a corresponding watch only wallet on your online computer containing only addresses to create the transaction for offline signing. That way you never expose your private keys to any device other than the one they are already on.

You'd spend more time and spend more Bitcoin for transaction fee when you do it on each private key. But it's just small disadvantages since you could use 1 sat/vbyte as transaction fee rate. There's also security concern since it looks like 2nd computer (used to export key and send BTC to HW wallet) is connected to internet.


Personally i'd recommend you to export private key after you buy/configure hardware wallet and make sure computer you use is clean/secure.

Yes, you still risk some of your funds. So you can do better.

I will give the steps with Electrum, but Electrum may not work on your Win7 and you may need something a bit different than I say. However:
1. Install Electrum onto an offline computer. Ideally newer than Win7. That computer will not go online until the transactions are confirmed and arrived to your HW.
2. Import into this offline Electrum the private keys of the addresses you have funds in.
3. Install Electrum onto an online computer.
4. Import into the online Electrum the addresses you have funds in. You'll obtain a watch-only wallet.
5. On the online Electrum create a transaction that sends the funds to the HW.
6. Save the transaction (you cannot sign it yet, no problem), copy it to the offline computer, load it into the offline Electrum, sign it (the offline Electrum can sign, has private keys), save it back.
7. Load the signed transaction into the online Electrum, broadcast it, wait to get confirmed.

You can do this with one address or all. Since you work with cold storage, it's safe. The only weak point is the USB stick you'll use to transfer data, maybe you can do that with camera if both the online and offline computer have it. However, it's safer than your idea of setup.
If Electrum cannot be installed on the offline computer then maybe you get temporarily another computer you can keep offline until the tx is confirmed, or maybe somebody can explain how to do this with Bitcoin Core (I did this with Electrum, I didn't do with Bitcoin Core, I don't know if it's more difficult or the same).

The second computer you have installed Electrum is air-gapped or connected to the Internet? If your Electrum is "hot", it is very dangerous to keep your funds there: you'd better wait until your hardware wallet arrives to send your funds immediately after import from Core is complete. And what do you mean by "importing" anyway? There are several ways to import your private keys into Electrum, but if you don't want to compromise the security of your old computer, you can "import" private keys by typing them manually on a new computer. No disks or USB connection is required in this case. Once one of your keys is transferred this way, you simply send it directly to an address generated by your hardware wallet. By the way, you are more likely to fuck up with your hardware wallet setup than with importing keys from an old computer to a new one. Pay attention to the details of the setup process, and always test your backups twice before sending any funds.

• I can't foresee any disadvantages that you would encounter. Importing private keys would normally have come with the added risk of not having multiple addresses to send from, thereby, reducing the privacy of future transactions, but you're transferring out to a hardware wlalet either way

• It should work, if done properly.

Hi guys,

I have been experimenting with wallets (old Core and new Electrum) and with exporting and importing private keys and got an idea that importing private keys gradually may increase security during moving from one wallet to another.


Please look at my plan of changing wallets where I hold btc, please approve or disapprove it. Because I don't know whether it will work, whether it will work properly, and whether it will not cause any problems, and whether it has no disadvantages.


1. I hold my btc on old Core which is located on old PC that is always offline.  (I was experimenting with another Core, I have 2 Core wallets).

2. I want to move my btc into hardware wallet.
But I cannot go online with the old PC in order to just send funds to hardcore wallet as a transaction. It is too dangerous to go online with Windows 7.
So I can do it only from my new PC.
But I don't want to set up new Core on my new PC. Because sync will take centuries with my Internet provider and because if I  mess up something  I'll need to sync again.
That's why I want to use Electrum on the new PC.

My plan is:

Step 1.
Export private keys from old Core and import them into new Electrum. (Well, completely new one, not the same I was experimenting with).
Step 2.
Purchase hardware wallet. Btw, if I pay with btc, I can purchase it cheaper. Because the local shop I am going to buy from is giving a good discount to those who pay in btc.
Step 3. Set up hardware wallet and send btc from Electrum to hardware wallet.

Now about importing private keys gradually on the Step 1.
I have 6 addresses on old Core to which I ever received btc.
I checked addresses on the blockchain, and it shows that 4 of them have btc on them.

What if I don't import all 4 private keys at the same time at the beginning?  What if I import into Electrum at first just 1 private key? After that I transfer btc from Electrum to hardcore wallet. Then I import one more private key, then send btc to hardware wallet and so on.

Why I think it is more secure and safe than importing all private keys at the same time:

In case of  messing up with something, malware, not properly verified Electrum, viruses and so on, I am running the risk to get problems with just a fraction of old wallets content. Not with all btc which are in the old wallet.
That's why such gradual moving from Core  to Electrum and then to hardcore wallet would  increase security and safety.
Because there would be no risk to get  problems which affect everything. There would be a risk that something may get affected, but not everything.


Is there any disadvantages with my plan?
Anything that will not work?
Will it work at all?
Anything that can cause problems?

Thank you!!