Topic: Interesting ways to store your private keys for offline wallets (Read 2851 times)

I have a fairly strong opinion that if you have an encrypted wallet, there is zero need for any additional layer of encryption.

Similarly, if you have a single private key, you encrypt it once, but to do this you can't trust other peoples' algorithms and "help."

This is probably the best way to keep your private keys safe for cold storage. It is also, by far the simplest way. You will need to somehow create your private key (on an offline computer), so you might as well keep the keys there.

I do admit that there are a large number of very creative ways of storing your cold/offline private keys however you should really remember "KISS" - Keep It Simple Stupid

This makes tags for really harsh environments like pipelines, so it should do for permanent code storage including cases like fire and flooding.  Not sure if they do lower case but if not just put a slash in front of the char that is going to be lower case.

I'm going to get one and try it out.

http://www.amazon.com/DYMO-Tapewriter-Metal-Embosser-101105/dp/B000FD7Z7I/ref=sr_1_3?ie=UTF8&qid=1413480605&sr=8-3&keywords=tape+embosser

http://www.amazon.com/DYMO-Non-Adhesive-Stainless-Embossing-Cassette/dp/B000O78D94/ref=pd_sim_op_1?ie=UTF8&refRID=0S9RH5Z6WBSQ2RMV22PY

If i write a random combination of numbers and separate them into several pieces would the guy that finds out know that it is the bitcoin private key. Probably he might think that it is for some online banking password. But just to keep it safe. I even write down several parts of the code and keep it at my other in law house in case something happens to mine 

You can effectively hide a private key in plain sight by applying an easy to remember rule to it.

For example, take your private key and invert the case of all characters following the 8th character.  Very easy to remember, very easy to do (e.g. in Word or with pen and paper by hand), impossible for anyone to guess (unless you somehow publicise or hint at your method).

Personally, I prefer to have multiple digial copies of my offline Electrum wallet's 12 word mnemonic code.

Split the mnemonic code into 2 or 3 groups of words, and hide them in different places.  Emails, files, photos, wherever.  So long as you know how to find them, you can hide multiple copies virtually anywhere e.g. your PC, your NAS, different email accounts, Dropbox, etc.

No one is going to find the 6 words of your mnemonic code hidden in a 200 page PDF stored in your Dropbox and OneDrive account, let alone the other 6 words hidden elsewhere.  Crucially, however, you will know where to look, you will know where the other 6 words are and you will be able to rebuild your wallet pretty much anywhere in the world.  It is also reasonably easy to explain to a loved one how to rebuild the wallet, should the worst happen.

Physical backups are great, of course, but there are always stories of safes being stolen from homes, for example, damaged paper wallets, or failed hard drives or USB thumbsticks.

Bip38 ec multiplied two factor keys have been around for years.  You can read about how it works here:

https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki#Encryption_when_EC_multiply_mode_is_used

In short, it takes advantage of the fact that in elliptic curve math, pubkey1*privkey2 = pubkey3, and privkey1*privkey2 = privkey3.  So you are giving them your pubkey1 with the intermediate code, and they create a new private key and multiply it by your public key to generate a public address, and then they give you their privkey2, which enables you to get privkey3 because you also have privkey1.  Your bip38 password is run through a key derivation algorithm, and eventually also sha256 hashed, which produces a pseudo-private key, which has a corresponding public key, which is used to encrypt the entire payload.

So the guy who makes the key for you can decrypt the encrypted key, but he still can't get the private key, since your privkey1 is part of the key derivation from your password before everything is sha256'd to get the shared secret between you two.

So only you, with the correct password, can recreate the correct privkey1, and then also decrypt the payload, and then use privkey1 with the now decrypted privkey2 to get the actual relevant key, privkey3.

Additionally, the key derivation function is scrypt, with some additional random bytes that you create.  Because it's scrypt, it's really slow to brute force, and because you add in random bytes, rainbow tables won't work.  The actual bip38 encrypted payload in a bip38 ec multiplied address is those random bytes, privkey2 from the guy who generated the key, and a checksum hash of pubkey3 to verify that everything was decrypted properly.  That gives you all the information you need to be able to, along with the correct password, derive and decrypt everything and generate privkey3, which is the private key for the address that "belongs" to the bip38 encrypted key.  (And then you can verify that everything worked with the checksum hash.  If the hash doesn't match, the password entered was incorrect.)

New ways might have major flaws in it. I just have to wait until it will be perfect.