Author

Topic: Newbies: Want cold / offline storage for your bitcoins? Here's how. (Armory) (Read 3307 times)

newbie
Activity: 31
Merit: 0
If you are storing for years and will not be actively buying/selling, and tend to forget things, consider copying this list (at least IV) into a text file that you copy onto the Linux drive. That way 4 years from now when you read an article about Bitcoin hitting $50,000 and decide to access your BTC100, you can refresh your memory as to the process. Some of the steps you could forget (unplug internet) others are obvious (grab beers).
newbie
Activity: 54
Merit: 0
Great info, thanks for the post!
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Thank you so much for this great tutorial, very good post.

Thanks, hope it helps someone secure their coins.
newbie
Activity: 20
Merit: 0
Thank you so much for this great tutorial, very good post.
newbie
Activity: 44
Merit: 0
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Ultimate in Security:  Offline Wallet

This is a guide to create an offline wallet (cold storage) for your bitcoins using the Armory Offline Wallet, https://bitcoinarmory.com/ .  I don't like seeing posts like "My bitcoins were stolen off my computer or from some website wallet" and I feel that newbies trust their precious coins to places they shouldn't.  This is about as secure as you can get while still having access to your bitcoins.  If you make many transactions per day I’d recommend using this offline storage for a majority of your bitcoins and then using an easier-to-use wallet to hold the bitcoins you need for day to day transactions.  I’m sure most people are happy to trust a website or trust windows or trust their phone to store their private keys, but I’m not.

This involves a wallet stored on a USB key with a clean version of linux.  We'll install linux and the armory wallet to the usb key and then never use that usb key on the internet again.  This will keep our private keys safe.  We'll only boot to that drive after disconnecting from the internet.  We’ll never load our private keys into windows (windows sucks for security).  We’ll only load our addresses so that we know our balance.  The whole process looks like this:

1.  Windows installation is used to create the transaction (address, amount)
2.  Unsigned transaction is transferred to our offline linux installation
3.  Offline linux installed on usb-key contains our private keys and is used to sign the transaction
4.  Signed transaction is transferred to our online windows installation
5.  Online windows installation is used to broadcast the transaction to the network

It involves a lot of setup, but once done you'll have a good deal of security.  Think of it as safe-deposit box instead of an online checking account.

If you have a computer that you can dedicate to your offline bitcoin wallet only, then you can use that instead of a usb-key install.  Substitute that computer below for your offline linux installation.


A.  Install Linux

1.  Get the following:
a)  Something to install linux from:  either a CD-R or a USB flash drive (at least 2 GB)
b)  Something to install linux to:  either a USB flash drive (8GB, different from above), or a computer that you'll only use for your bitcoin wallet and nothing else

2.  Download Xubuntu 12.04.  You can really use any linux distrubtion.  This one is lightweight and long term.  You can torrent it or straight download the iso:

a)  http://torrent.ubuntu.com/xubuntu/releases/precise/release/desktop/xubuntu-12.04.2-desktop-i386.iso.torrent
b)  http://mirror.anl.gov/pub/ubuntu-iso/CDs-Xubuntu/12.04/release/xubuntu-12.04.2-desktop-i386.iso

2.  Create a bootable version of the xubuntu installer.
a)  You can burn it to the CD-R (http://infrarecorder.org/) or
b)  Install it on your USB key:  Use YUMI http://www.pendrivelinux.com/yumi-multiboot-usb-creator/

3.  Shutdown, insert your CD or USB key, and boot to that device.
4.  If using the USB key, choose linux distributions -> Xubuntu
5.  Once it boots, choose:  Install to a Hard Disk
6.  Choose your language
7.  Don't let it update anything, you can do that later and don't install 3rd party software
8.  Under installation type choose:  "Something else"
9.  Write down all the devices, they look like /dev/sda, /dev/sdb, etc
10.  Insert the second USB key that you want to install linux to and click revert.
11.  Now you should see a new entry, perhaps /dev/sde or such -- this is the USB key you just inserted.  If you don’t see anything, click back, choose something else, and then continue
12.  Choose that new device (your USB key) and click choose new partition table
13.  It will create "free space" -- click that and click Add
14.     Use as:  Ext4
15.     Mount point:  /      (just type a simple forward slash here)
16.  Choose that same USB device (e.g. /dev/sde) under:  device for boot loader installation
17.  Click install now and set your time zone, etc
18.  Choose a username and password
19.  After it's finished installing shut down.  Remove the USB drive you installed linux from; leave the USB drive you installed linux to inserted.
20.  Close any popups that come up
21.  Right click on the desktop and choose: Open terminal here.  Now you're cooking with gas.
22.  Type:  sudo apt-get update
23.  Type:  sudo apt-get upgrade
24.  Get a beer and wait a long time.  It will update your distribution to plug any security holes.  This will be the only time we do this.  If you're paranoid about updating your packages, you can skip this, but you may have problems installing armory.  You could also write your own linux kernel and wallet if you're really paranoid.
25.  Reboot.  Type:  sudo shutdown -r now

Now you have a clean linux installation.  Don't ever leave this in the computer when booting into windows.  Always remove it if you're not going to boot into it.

B.  Install Armory on linux

1.  Boot to your new linux drive
2.  Right click on your desktop and open a terminal window
3.  First install dependencies needed for our wallet:
    Type:  sudo apt-get install python-qt4 python-twisted python-psutil
4.  Then install armory:
    Type:  wget https://bitcoinarmory.googlecode.com/files/armory_0.88.1-beta_i386.deb
    This will get what is currently the latest version of armory.  If a newer version comes out, change the link.
    Type:  sudo dpkg -i armory_0.88.1-beta_i386.deb (or whichever file you downloaded.  You can even type sudo dpkg -i armory and hit tab to auto-complete)

*** From here on out we need to be offline for highest security.  Disconnect from the network (pull the cable or click the little up/down arrow at the top -> disconnect).  If you're not connected to the internet your wallet can't be stolen ***

5.  Run armory in offline mode:  Click the icon (a bird?) in the upper left > Internet > Armory (offline)
6.  Accept the license and click Create your First Wallet!  Click Accept
7.  Choose a password to encrypt your wallet.  Write it down!!  This is extremely important.
8.  If you have a printer hooked up to your computer you can print your wallet backup.  Otherwise write it down by hand.  This is extremely important.  You may even want to delete your wallet and restore from this printed backup to ensure that you wrote it down correctly.
10.  Highlight your new wallet and click Wallet Properties
11.  Create Watching-Only copy.  Save this to your desktop.  This doesn't hold your private keys, so it's not vulnerable to stealing -- it just holds your addresses.  Well it actually holds the algorithm to create all the addresses you’ll ever need, which is nice because it means you only have to do this step once.
12.  Close Armory.
13.  Copy the watching only copy from your desktop to:
  a)  Any USB key *EXCEPT* the one you're currently using for offline linux
  b)  Your computer's hard drive -- if you're using your regular windows computer, click your hard drive on the desktop and copy it right there.  You will use this location many times to transfer your transactions back and forth from windows to linux
14.  Shutdown (upper right corner, or type:  sudo shutdown -h now)
15.  *** Remove your linux USB Key -- keep it safe from your nasty windows OS! ***

III.  Install Armory on Windows
1.  Reboot to windows (re-install ethernet cable)
2.  Download and install armory:  https://bitcoinarmory.com/get-armory/
3.  Run armory & Follow instructions to install bitcoin-qt through armory.  Don't create a wallet.
4.  Click import wallet
5.  Import the watching only wallet you saved earlier
6.  Wait a long time for bitcoin-qt to sync up (could take a day).  Have some beer.  Eventually your balance will go from (...) to 0
7.  Send some bitcoins to this wallet.  Maybe start with just a little and test it out first.

IV.  Transactions (sending from this wallet)
1.  Highlight your offline wallet and click Send Bitcoins, fill in the address, amount, and fee
2.  Click Create Unsigned Transaction
3.  Click save as file -- save this to the same location you saved your watching wallet
4.  Shutdown windows, insert your linux USB-key, remove your ethernet cable, boot to linux
5.  Run armory (offline).  Click offline transactions -> Sign Offline Transaction
6.  Click Load file, choose the unsigned transaction file from step 3.  Click Sign. Save that file.
7.  Reboot to windows, (re-install ethernet cable)
8.  Open armory, grab a beer and wait 10 minutes for it to scan your history (I know, it's very slow)
9.  Offline Transactions -> Sign and/or Broadcast Transaction
10. Load the signed transaction and broadcast it!  (Make sure it's the signed one, not the unsigned one)

Hooray.  Now you have sent bitcoins without trusting your private keys to windows or a website.  It is a pain, but worth it for the security conscious.  You only need part IV from now on.
Jump to: