Topic: Possible method for cold wallet spend with bitcoin core. (Read 398 times)

No, and according to my little guide, it's even easier. Once Tails start, all you need to do is connect to a Tor circuit, open Electrum, create a wallet, backup the seed phrase, and it will connect to random Electrum server via Tor automatically.

SeedSigner is more comfortable than an airgapped computer once you learn the basics, but it'll take a few hours until you set it up and experiment with Sparrow to see how it works. You don't need to run your own node, even though it's always recommended for better privacy.

Generally though, Electrum is the way to go for a Bitcoin newbie. Sparrow is more advanced. If you don't feel like you'll study Bitcoin, then just dedicate a computer as an airgapped device, and install Tails, using Electrum.

Please note that if you don't run your own full node, then the Electrum / Sparrow server can link your addresses together.

But if that is the reason, why aren't you worried about using Bitcoin Core? It's open-source, like many other software, but it means very little to you personally if you have no understanding of how it works under the hood. I don't see why you would be paranoid about Electrum and at the same time not be paranoid about Bitcoin Core.

It's more user-friendly than Bitcoin Core. It's a light client with a native seed format, but also supports BIP39 seeds. It's not hard to learn the basics.

You would be backing up a long string of letters and numbers that make no sense to the human brain. It's not user-friendly, and it's easier to make a mistake with a random character than it is when backing up a set of 12 or 24 English words. Don't forget, there are no seeds in Bitcoin Core.

thank you. i genuinely appreciate that.


trying to get a streamline, airgapped process using btc core only if possible and no manufactured hardware wallets (don't trust them). for some reason i am weary about having to use other apps or programs in the process. that is either due to a lack of understanding or paranoia.

also, isn't electrum quite difficult/not newb friendly? i have started looking into seedsigner but again it seems like i need an electrum server set up and sparrow wallet. two additional programs to keep all this together. but i don't know what i don't know.

thank you for the links i will check them out.

It would be a cold storage, but you should not rely on digital back ups, as disk corruption is a common phenomenon. Instead, you should be able to back up your bitcoin in paper, human-readable. That's a seed phrase.
[/quote]

and getting a paper back up of a btc core HD wallet is difficult/cumbersome?

I would add the Blockstream Jade to that group. It can be used as a normal hardware wallet (not-airgapped) or as a stateless signer, as it uses SeedQRs just like the Seedsigner. The one thing that is questionable is that it requires Bluetooth or USB connection with the Blockstream Green software wallet during the initial setup to download the firmware. After that, everything can be done with QR code scanning. The official shop is in the US, but they have a bunch of resellers all over the place.

Feel free to make any question you want. There are no stupid questions.

Well, yes, but my question is why would you want to do that? Bitcoin Core is not newbie friendly, and does not support a seed phrase standard like BIP39 (which helps a lot for backups). Instead, I would follow this little guide and install Tails which come with Electrum pre-installed.

It would be a cold storage, but you should not rely on digital back ups, as disk corruption is a common phenomenon. Instead, you should be able to back up your bitcoin in paper, human-readable. That's a seed phrase.

but you don't have private key needed for latter in your wallet hehe

forgive me. i am struggling with this stuff as well.

could someone just install btc core on an airgapped device. launch core. create a new wallet. create a "receive address" and the from an exchange or other hot wallet send btc to that  receive address?

would this not be a cold wallet? then that person could make back up copies of the wallet.dat file for redundancy/protection?

Look. Cold / Airgapped storage is generally more secure, if you know what you're doing. The whole premise lies on the fact that the private keys never "touch" an Internet connected device, so they can only be compromised physically. Hardware wallets on the other hand, while are separate concept than a usual "hot wallet", are not airgapped, because you're connecting them to your Internet connected computer. Theoretically, if a security vulnerability is discovered, the attacker might be able to compromise the private keys of your hardware wallet. This is impossible in an airgapped device, because it is simply physically impossible to send keys over any communication channels.

If I were you, I'd buy myself an airgapped device instead of a hardware wallet. Either Foundation Passport or SeedSigner. It is an opportunity to educate yourself about the Bitcoin space as well.

I think there is a way.

Let's say you use vanitygen to create a bitcoin address, and save the addy and privatekey.

Then with bitcoin core you build the transaction but never send it to the blockchain, when you create the transaction you you use the new generated address as the output.



At this point you save the signed transaction and have it ready to broadcast.

When you want to get the coins then you can send the raw transaction from a wallet or an online service like: https://live.blockcypher.com/btc/pushtx/ or from a core with the command:


And to access those coins you only have to import the privatekey from that address (the one that you generate with vanity gen) to any wallet, and then you will be able to spend them.

Oh that is very strange, mine started to sync up at once when copied over the appdata folder

Hardware wallets seems to have mixed replies when I ask.
Some like hardware wallets some like cold wallets held in offline laptop.

Also I didnt get any answer yet how to dump priv key direct  to a hardware wallet.
Also one person just seems to lost 27btc on ledger on reddit and lots of people cant see why it happened yet. Even experts looking to it.  I didnt understand the issue of course but lots of people with high ratings I see were puzzled and never seen it before.

Someone said cosmic Ray's changes 1 bit of info during some process.
At first I thought they were joking but I see more people saying that is the only explanation.

I'm liking electrum with watch only atm.

But yeah its weird we have a different experience with the syncing up element of core
Can other verify this is the case please?

Your wallets will not start to sync without the password.entered first?

No, it doesn't work like that.  how can you sync your wallet with the blockchain if you don't enter a password?  But another problem is that your transaction will not be automatically broadcast to the blockchain just by copying the folder from the offline computer. You'd still need to open the wallet and broadcast them yourself, which, guess what, requires that password.



I think you are doing everything wrong. Maybe you should just consider buying a hardware wallet that will save you all the trouble and protect your coins from being hacked?

Yes I think I have not described well what i was originally intending to do. I was not going to enter any password on the internet connected machine.

Like this.


Laptop 1. Offline with v21. Wallet there is not synced fully because machine has not been online maybe 2 years.
When you open bitcoin core v21 on this offline machine, it  tries to sync but can not because it has no internet.

However you can attempt to send bitcoin and it asks for the password.  If you enter the password it signs the tx and says unconfirmed.
Then you can shut down bitcoin v21 on the offline laptop.


So at this point I thought the tx has been signed but could not be submitted and will sit there unconfirmed forever because laptop1 has not internet.


So how to send this already signed but not confirmed tx I wondered?


I assumed ( incorrect perhaps) that if I copied the entire appdata folder over from laptop1 to an internet connected laptop running v23 that v23 would load up and auto try to sync fully and then without asking for the password again it would auto send the tx I created on laptop 1.  I did not think laptop 2 the internet connected machine would ask for the password again.

Then you informed me that actually no need to transfer the entire appdata folder just transfer the wallet.dat and the same thing would happen.  I have not tried that because I decided to go the electrum way.

But either way if I copied the entire appdata folder or just the wallet.dat from the offline machine I was thinking that if I never had to enter any password on the internet connected machine that the private keys were never revealed to the live internet computer at any point.


Perhaps that is not correct.
I am using electrum now. 


But I just didnt and still dont understand if the internet computer never asks for the password but just finished syncing up and broadcasts the tx. I dont understand how that is as risky as just only having 1 live internet connected machine where you have to type your password on it.

I mean I have not tried the entire process luckily. So maybe V23 has to ask for the password again even though you already have sent and signed it on v21 on the offline machine.

If you press send on laptop1 the machine with no internet and it asks for the password is that not signing it at that point. ?
So once you close the qt down is that tx not already signed and stored ready to launch somewhere in the appdata folder?
I assumed this point all signed and never need to be resigned again?

I didnt know if you grabbed the entire appdata folder or maybe just the wallet.dat and moved to a new machine that machine will still need to ask the password to broadcast.

When you say if you just transfer the signed tx that will be okay.
Would copying only the wallet.dat across contain the tx signed on the offline machine to the online machine achieve this without having to enter the password again?

I thought maybe signed but unbroadcast Tx maybe was somewhere else in the appdata folder but also copying entire appdata avoid the rescan wait.

Either way I guess maybe not many people would want to have tried sending from an unsynced offline machine and moving it to a live machine because it has some security issues. So maybe nobody has tried it to see if you have to renter the pass again or it just auto syncs and sends without requesting the pass. I decided to ask here before getting to that part.

I'm sure though once with an alt coin I sent the coins before it synced up actually it was on airplane mode but I didnt see that.
Then my laptop ran out of power before it cold send because I wasnt paying attention and playing some games on playstation.
Then disaster it would not boot up

So took out the ssd and copied the appdata file and put on another machine and when it all came back alive I'm sure it synced up and I reinstalled the new alt wallet. It read the appdata and the tx sent but I sure it never asked the password again.

I could be wrong. But I seem to remember thinking it was surprising at the time. This machine could send but didnt know my password.

Thanks.

If you simply sign the transaction from the offline laptop, and transfer the signed transaction to the online laptop, there is no problem. If, however, you transfer the wallet.dat in the online laptop, and sign the transaction in the online laptop, you'll be asked the wallet's password needed to decrypt it. At that point, you'd risk having your wallet compromised.

If you transfer the encrypted wallet in the online laptop and you don't decrypt it, then, given that you've entered a very strong password, it does not introduces the same risk, no. The question is: why would you ever want to do that, though? Signing takes place in the offline computer. The wallet file has no other purpose than signing.

Thanks yes I am using electrum now. It is nice how the xpub and psbt works.


When you said this part :

"The wallet.dat is encrypted, but you decrypt it in the same device"
I don't understand that part.

Do you mean if you press send and enter your password on the offline laptop 1 then close bitcoin core on laptop 1.. Then grab the wallet dat with a usb and load that wallet.dat into laptop 2

That even though you don't enter your password on laptop 2 that the wallet dat is de encrypted to broadcast? I thought it would just sync and broadcast without asking the password.

I didnt realise laptop 2 still decrypted the wallet.dat even though it was signed and attempted to be broadcast on the offline laptop 1 previously.


Yes I think core is for experts and is probably safer but only if you know exactly what you are doing.
I may go back to it in the future after learning more about it.

Yes I notice already this exchange has closed down but they did give people some time to withdraw.

It is the most trustworthy one, but it is not suitable for inexperienced users. The best wallet software for inexperienced, in my opinion, is Electrum and Sparrow. If I were you, I'd spend a few hours to play with both and see which fits me better.

It's good that you felt the need to withdraw them from the exchange. 

Because you use the offline computer to mitigate malicious actors via the Internet. If you want to make sure that no one can access your wallet, then you must never expose it to an Internet connected computer. An Internet connected computer is prone to a host variety of malware and cyberattacks, which can compromise its security.

The wallet.dat is encrypted, but you decrypt it in the same device. What if some malware has made you believe you're using the authentic Bitcoin Core, whereas you're using their compromised version that sends passwords to their server on submit? Or what if a spyware logs everything you type and send it over to their server? These are just two examples.

Thank you marvel man.

I'm sure that you're correct.
But so as i can understand why. Could you explain why you say this.

I'm trying to learn how many things work with core and other wallets.
Why would  needing to enter your wallet password on an offline computer be the same as just entering it on the internet connected computer?  I thought that in doing this the internet connected computer would always have the wallet password protecting the private keys inside the wallet dat.  Is that part not correct?  

I don't doubt that is is just as bad or maybe worse, but I don't currently understand how? Can you explain it to me please.

Also what are the extra attack vectors you would open yourself to more than just using this wallet as an encrypted hot wallet that is brought online to sync ,sign and send.

I am going to use the method described above by blackhat, but I am interested in what you have said and feel it would be great to find out more about bitcoin core and things that increase or decrease security.


Thanks for your input.

Hey Joe-Bloggs, the process you laid out for using an offline wallet doesn't actually get you any of the security benefits of keeping a wallet offline.  You're just kinda shuttling the wallet file back and forth between computers - there's no reason for one of them to be offline if youre gonna do that.  Plus it introduces some new ways a bad actor could get at your coins when you move that file around. 

You are correct I shouldn't have really tackled with bitcoin core.
Although I wanted to remove my bitcoin from an exchange and thought this was the most trustworthy one.

Yes, one of the things I wasnt sure about was if tx that were not synced or confirmed were stored inside the wallet dat until they were confirmed or if there was something outside of the wallet.dat that was needed to ensure immediate broadcast

I entirely accept and am grateful for your suggestions.
Which I intend following.

Just asking a few extra questions to gain some further knowledge really.

It's kind of you to take the time to answer and advise. I appreciate it.
Maybe I'm not great at google but it's kind of hard to find specific answers to certain questions.

Actually bitcoin talk seems even better or just as good as reddit

Thanks.

.

This is precisely why I advised you to study more about how things work. It is apparent that you don't know how Bitcoin Core works, and with this behavior, it is a matter of time until you lose coins.

You don't need to transfer the entire application data. Just having the wallet.dat (and its password) is enough to recover the wallet from elsewhere. But, you shouldn't be using Bitcoin Core as a wallet software in the first place, if you want my opinion. Simply set up Electrum, and point that to your node (which can run in the same machine).

I totally agree that mitigating all risk should be the aim.

Why I tried moving the entire appdata/bitcoin folder was because I didnt know which files contained inside there were altered when you clicked send and entered the password.

I didnt know if all changes took place inside the wallet.dat or maybe some other files were altered inside appdata when it tried to broadcast when out of sync, and that would be needed on the internet connected machine.

Thanks for explaining I will not get 12 words when creating a electrum wallet from a priv key from core.

I have been reading on reddit and just got told so many ways to spend half of an old core wallet securely that I got confused.
The easiest way seemed to me to do it by just copying over to a machine that never experienced me typing my pass into it.

But as you noticed it has 2 major issues

1. . Biggest issue is needing to copy updated information post broadcast back to the offline machine so that for future transactions it is able to correctly spend the remaining funds.

A key logger could get inside this and get back on the offline machine.

2  . They could grab the wallet.dat from the internet connected machine with the private keys inside and crack it open their end.

So this isnt a good solution.