Pages:
Author

Topic: Setting up a cold storage (Read 502 times)

legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
September 14, 2024, 12:07:00 AM
#35
I rephrase; If he can just use it in the last step, then it's useless in OP's case.

And talking about QR code and camera, the Android Electrum's camera should work so there should be no issue scanning the signed raw transaction's QR code which is what you're suggesting to use the tool for.
I know you're a "Self-proclaimed Genius" but how do you know he has a working camera on his smartphone and he wants to use it for broadcasting his tx while he still hasn't answered my question about that precisely?
That question is a stretch.
In that case, how do you know that he will come across a camera issue on his smart phone? You started that route.

All I'm saying is that tool isn't recommended and wont work in the use-case you've initially suggested.
We're getting quite off-topic to the main topic and I think I've given enough response about that tool.

regards,
legendary
Activity: 2604
Merit: 2353
September 13, 2024, 05:16:45 AM
#34
-snip-
I thought my message along with the quote from the github of this tool was pretty clear, but maybe not enough obviously. If you need or want to broadcast a signed transaction with a broadcast service or another wallet than Electrum, from the QR-code you will need a tool like that to decode it. It is what it is. If you don't want or don't need to use this QR-code, you can copy each character of the signed transaction instead but it's not easy with an air gapped device, you're going to have to do it by hand or to take a picture of it and to use an OCR software to read the characters in the photo. Yet, QR-codes were invented precisely to prevent that.
That contradicts the very reason why you've posted a solution to a problem that isn't raised by the OP:

May I ask you how do you plan to send (and receive) your unsigned transaction from your smartphone to your computer and how you plan to send back your signed transaction from your computer to your smartphone or to another device in order to broadcast it?

Unfortunately there are often issues with webcams and Linux distributions. So you may have some troubles to send your unsigned transaction from your smartphone to this set up.
You've misread(or I wasn't clear enough), as you can see I asked him how he was planning to send his unsigned transaction from his smartphone to his air gapped computer AND how he was planning to send his signed tx from his computer to his smartphone or to another device, for broadcasting it. And I mentioned two (most) common pitfalls he could encounter in relation to that.
You need a working camera to read the QR-code before decoding it so using this Electrum43 tool can't fix a webcam issue. But it allows you to not have to depends on, neither to trust, your Electrum wallet, Electrum servers and the device using it for broadcasting your transaction, while continuing to use a simple QR-code for the transmission. It prevents the leak of the seed into the unreadable QR-code by a malware or a backdoor inside your cold wallet which is a common concern towards hardware wallets using closed/encrypted QR-codes and it allows to check if the transaction hasn't been tampered with another destination address among other things.

I rephrase; If he can just use it in the last step, then it's useless in OP's case.

And talking about QR code and camera, the Android Electrum's camera should work so there should be no issue scanning the signed raw transaction's QR code which is what you're suggesting to use the tool for.
I know you're a "Self-proclaimed Genius" but how do you know he has a working camera on his smartphone and he wants to use it for broadcasting his tx while he still hasn't answered my question about that precisely?

If he come across the "webcam issue", it'll be for the transfer of the unsigned raw transaction, it's now in PSBT format which isn't compatible with the tool.
Then he'll need another tool to do that or use the USB flash drive method.
Using flash drives is not safe at all, because you can contaminate you air gapped environment with malwares inside them, and seeds can be leaked into them. I strongly advise against this method if you are holding funds you can't afford to lose in your cold wallet, personally.
hero member
Activity: 686
Merit: 403
DGbet.fun - Crypto Sportsbook
September 13, 2024, 02:35:33 AM
#33
Running Debian and Tail is good for someone who knows how to do it neatly, I won't trust recommending to someone who isn't very good with computers, they will do something wrong and put blame on you, this have happened between me and a cousin of mine.

What you are looking for is present on ever good hardware wallets out there, you can sign them to a watch-only app and even if you need to make a transaction you need to sign the transaction using your hardware wallet, this is the best feature of a hardware wallet, they are by far superior to all other crypto wallets and ideas.

You don't have to complicate any thing OP, just stick with the Electrum wallet on your Smartphone till you will be able to afford a open source hardware wallet, I recommend...

1. OneKey.
2. Trezor.
3. Keystone.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
September 13, 2024, 02:07:28 AM
#32
-snip-
I thought my message along with the quote from the github of this tool was pretty clear, but maybe not enough obviously. If you need or want to broadcast a signed transaction with a broadcast service or another wallet than Electrum, from the QR-code you will need a tool like that to decode it. It is what it is. If you don't want or don't need to use this QR-code, you can copy each character of the signed transaction instead but it's not easy with an air gapped device, you're going to have to do it by hand or to take a picture of it and to use an OCR software to read the characters in the photo. Yet, QR-codes were invented precisely to prevent that.
That contradicts the very reason why you've posted a solution to a problem that isn't raised by the OP:

May I ask you how do you plan to send (and receive) your unsigned transaction from your smartphone to your computer and how you plan to send back your signed transaction from your computer to your smartphone or to another device in order to broadcast it?

Unfortunately there are often issues with webcams and Linux distributions. So you may have some troubles to send your unsigned transaction from your smartphone to this set up.

I rephrase; If he can just use it in the last step, then it's useless in OP's case.

And talking about QR code and camera, the Android Electrum's camera should work so there should be no issue scanning the signed raw transaction's QR code which is what you're suggesting to use the tool for.
If he come across the "webcam issue", it'll be for the transfer of the unsigned raw transaction, it's now in PSBT format which isn't compatible with the tool.
Then he'll need another tool to do that or use the USB flash drive method.
If this topic is just about electrum43 tool, then it's a valid answer to its use-case; but since this is about OP, it's just a solution looking for an issue.
legendary
Activity: 2604
Merit: 2353
September 12, 2024, 12:27:48 PM
#31
No that's a tool to decode Electrum QR-code format because classic decoders like https://zxing.org/w/decode.jspx don't work for Electrum QR-codes, they don't know this format unfortunately.
Actually, Electrum will accept that decoder's "Parsed Result", it's basically what Electrum decodes when it scan the QR code. (try it)
Yes I guess, I didn't say the opposite, I didn't try it either but I trust you.

You're probably talking about the "Raw bytes HEX" in the result of zxing decoder, it doesn't work because Electrum is expecting a serialized signed raw transaction if provided a hex string in its "Load transaction" menu.
That hex string in zxing's result is the raw bytes interpretation of the Base43 string contained in the QR code;
In simple words, it represents those letters, numbers and signs, not the transaction itself.
I didn't talk about what Electrum is expecting, because everyone has been able to see that you can send a signed transaction from an Electrum wallet to another one through QR-codes without encoding issues.

Besides, electrum43 tool is 8years old, in modern Electrum versions, it'll only work on fully signed Electrum transaction's QR codes.
The (unsigned) PSBT's QR Code when decoded into hex string is be incompatible with Electrum (since v4.0.1 - July 2020) since it's expecting either a Base64 or Base43 PSBT string or a RAW PSBT file. (reference)
So, in terms of use-case, that tool is pretty unnecessary since she can only use it at the last step,
The PSBT will have to be transmitted by other means like the simple but effective PSBT file/text method, or find a solution to the webcam. (if it became an issue)
I thought my message along with the quote from the github of this tool was pretty clear, but maybe not enough obviously. If you need or want to broadcast a signed transaction with a broadcast service or another wallet than Electrum, from the QR-code you will need a tool like that to decode it. It is what it is. If you don't want or don't need to use this QR-code, you can copy each character of the signed transaction instead but it's not easy with an air gapped device, you're going to have to do it by hand or to take a picture of it and to use an OCR software to read the characters in the photo. Yet, QR-codes were invented precisely to prevent that.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
September 11, 2024, 10:58:54 PM
#30
No that's a tool to decode Electrum QR-code format because classic decoders like https://zxing.org/w/decode.jspx don't work for Electrum QR-codes, they don't know this format unfortunately.
Actually, Electrum will accept that decoder's "Parsed Result", it's basically what Electrum decodes when it scan the QR code. (try it)

You're probably talking about the "Raw bytes HEX" in the result of zxing decoder, it doesn't work because Electrum is expecting a serialized signed raw transaction if provided a hex string in its "Load transaction" menu.
That hex string in zxing's result is the raw bytes interpretation of the Base43 string contained in the QR code;
In simple words, it represents those letters, numbers and signs, not the transaction itself.

Besides, electrum43 tool is 8years old, in modern Electrum versions, it'll only work on fully signed Electrum transaction's QR codes.
The (unsigned) PSBT's QR Code when decoded into hex string is be incompatible with Electrum (since v4.0.1 - July 2020) since it's expecting either a Base64 or Base43 PSBT string or a RAW PSBT file. (reference)
So, in terms of use-case, that tool is pretty unnecessary since she can only use it at the last step,
The PSBT will have to be transmitted by other means like the simple but effective PSBT file/text method, or find a solution to the webcam. (if it became an issue)
legendary
Activity: 2604
Merit: 2353
September 11, 2024, 04:57:04 PM
#29
What is the link you shared, I never knew this one?
Code:
electrum43.org
Did you mistype it ?
No that's a tool to decode Electrum QR-code format because classic decoders like https://zxing.org/w/decode.jspx don't work for Electrum QR-codes, they don't know this format unfortunately.
Electrum uses a custom base 43 encoding actually, so you won't get a readable hexadecimal string ready to be broadcasted if you try to decode it with a random QR-code decoder.
The tool is open-source, you can find its code on Github, but since the transaction is already signed, there is no way to tamper it, that's why broadcast services are used without worries by the way.
https://github.com/jacoblyles/base43js
Quote
Try it live at electrum43.org

The Electrum bitcoin wallet uses a custom base 43 encoding on data before it is displayed as a QR code. See the "base_encode" function here:

https://github.com/spesmilo/electrum/blob/master/lib/bitcoin.py

If you used a QR reader to transfer data from electrum off of a machine, you need to be able to transform that into a hex string before bitcoin will know what to do with it. This project offers a webpage and a js library that will decode the Electrum base 43 format.

For example, if the QR code you read was a transaction that you signed on an offline airgapped machine, after using this project to decode it you could use blockchain.info to decode the hex data or broadcast the transaction

legendary
Activity: 1750
Merit: 1329
Top Crypto Casino
September 11, 2024, 09:02:41 AM
#28
I guess its quite too low even you make a transaction of course we need to consider the security of your device which is with the low specs seems outdated with the updates and possible it has a vulnerabilities or sadly becomes compromised already and just waiting to you to make some records to that PC, if you are using a cold wallet base on my experience I haven't get any trouble since I'm using a hardware wallet with Trezor. Just make sure that your seed phrase is safe offline to prevent someone getting access of it.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
September 10, 2024, 11:22:32 AM
#27
And if you need or want to broadcast your signed transaction from another device or another software, you will need to convert your QR-code because Electrum uses a special format http://electrum43.org/
What is the link you shared, I never knew this one?
Code:
electrum43.org
Did you mistype it ?
legendary
Activity: 2604
Merit: 2353
September 08, 2024, 01:26:57 PM
#26
May I ask you how do you plan to send (and receive) your unsigned transaction from your smartphone to your computer and how you plan to send back your signed transaction from your computer to your smartphone or to another device in order to broadcast it?
Unfortunately there are often issues with webcams and Linux distributions. So you may have some troubles to send your unsigned transaction from your smartphone to this set up.
And if you need or want to broadcast your signed transaction from another device or another software, you will need to convert your QR-code because Electrum uses a special format http://electrum43.org/
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
September 08, 2024, 02:54:46 AM
#25
So I will have to keep both passphrase and mnemonic word cold too, any suggestion of a safe way to do that.
All Cold-storage setup tutorials tell you to create the wallet in the air-gap device, so in the process, the seed phrase and passphrase are kept "cold" as well.
That makes it "Cold", unless you "accidentally" store it on an online machine.

If you're going for Tails setup, its "Persistent Storage" where you should put the cold-storage wallet's data directory
can be encrypted with a password of your choice, every other generated files will automatically be forgotten in every session.
With that, set a strong persistent storage encryption password (different from your wallet's password and seed phrase's passphrase)
So even if the flash drive is stolen, the thief wont be able to access its contents.
full member
Activity: 462
Merit: 205
Duelbits.com
September 06, 2024, 07:13:35 AM
#24
I've been planning on switching to a cold storage format to keep my coins but I want it to be in a way of watch only wallet from my mobile where I can initiate my transactions . I'm  currently thinking of using my old PC apart from the one I'm currently using, but I don't know how safe it is maybe I should just switch to Linux becaus it's windows , the Pc is around 2GB Ram I don't think I can upgrade that don't know if it will work for Linux or can I just use the Windows just that I've installed alot of games you know still so small to realise all those shit
In short, I need complete guide towards the set up

Using a LINUX operating system is much preferable due to their security factors around it, with windows I'm not certain but somehow if you aren't security conscious enough there could be some compromise such that you may not be able to handle, basically i have the Linux preference and that ahs fueled my recommendation for you. cold storage been a thing that cannot be really compromised easily because of the fact that there is little to almost no internet connection on it is a more reason you should consider a security measure that will help in getting your asset very secured than it has ever been even before now.

For Linus 2gig may be too slow to run it maybe you should get something higher if you want to dedicate a separate system to that purpose, i feel that will be the best approach for this. these are my suggestions and taught tho you may choose to try something else if you don't feel comfortable to use this information if you feel they aren't true enough or do not suite your needs on this actually.
sr. member
Activity: 448
Merit: 354
September 05, 2024, 08:31:33 PM
#23
I understand you want to keep your coins safe but still use your phone to make transactions. Using old computer as wallet is good idea but I am worried about your security. Computer has Windows and not much memory which could be problem. I think you should use Linux instead it is safer and works well on old computers. Do not worry about memory Linux can still run well. I do not think you should use Windows because you have games and other programs that could make it less secure.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
September 05, 2024, 05:12:53 PM
#22
So I will have to keep both passphrase and mnemonic word cold too, any suggestion of a safe way to do that.
Everybody's living situation is individual. You have to assess your potential loss risks yourself.

Cold, offline and analog storage of mnemonic recovery words, if you use an optional additional mnemonic passphrase and the passphrase for the storage media encryption is preferable. Mnemonic recovery words and optional additional mnemonic passphrase for the wallet need to be stored separately, never together. I would store the passphrase for the storage encryption also separately from both.

Do not try to rely on your wet brain memory. It will fail you, especially after longer periods on non-use. You should also consider how your heirs can recover your stash if something happens to you. Good planning and good documentation is key.

I'd use quality archival paper and archival document safe ink. For protection against loss by fire, I stamped all required secrets on stainless steel washers (titanium is a good option, too). Hiding the metal stuff is a bit more difficult, but messy corners or boxes with seemingly worthless stuff are a good start. Be creative...

Paper isn't difficult to hide (a thief usually doesn't spend a lot of time searching for some paper stuff). Burglars look for money (leave some bait money which is easy to find to satisfy them), precious items, stuff that can be quickly turned into money.

You should of course keep a low profile and don't brag with your crypto coins or that you're heavy into crypto. If you don't keep a low profile, you're plain stupid and shout out for trouble.
newbie
Activity: 20
Merit: 6
September 05, 2024, 01:05:22 PM
#21
I've  not been able to reply to the comment because of time although  I did read them but I was so lazy to reply them but I think I should just do that today because I have another current ongoing issue, I will create a new thread for that
Debian or Xfce or Tails are the options that will work for you on that old computer and it is better to use Tails.

 - Delete everything on the memory, delete Windows and make sure to format everything.
 -  Remove all the connecting parts from the network cable to the Bluetooth.
 - burn Tails on your computer and use electrum to generate the addresses and MPK.
 - Save the wallet seed on a piece of paper or a metal piece.
 - import the MPK to the wallet on your phone.

You can find more information here or by searching on Google for tails electrum cold storage

https://electrum.readthedocs.io/en/latest/tails.html
https://www.youtube.com/watch?v=1e6IDTP3g5o
Okay, this seem to be pretty a good way to do this, I will try giving it a shot once I get the PC, thanks for the YouTube video.
I will also go through this too , thank you for the links.


Proper, safe and redundant backup of your mnemonic recovery words and what other details about your wallet are helpful for any later recovery is mandatory. Personally, I would also setup a fully encrypted filesystem for the cold storage, so that a possible theft of the cold storage device doesn't compromise your private keys. Of course, don't ever loose the filesystem's encryption passphrase. Redundant and safe backup for it is key, too!
So I will have to keep both passphrase and mnemonic word cold too, any suggestion of a safe way to do that.

full member
Activity: 247
Merit: 124
dON'T tRUST, vERIFY!
August 24, 2024, 10:09:16 PM
#20
Use Bluewallet watch-only to view balance on mobile.
Just use Explorer with your address and bookmark it, or add to your homepage on phone.
legendary
Activity: 2062
Merit: 1035
Fill Your Barrel with Bitcoins!
August 22, 2024, 08:56:47 AM
#19
Just generate and print a Paper Wallet offline. It's pretty much that simple.
...
Nothing more secure than having an offline paper wallet. You can backup your keys after that however you wish.
Please, don't recommend paperwallets to newbies, I don't think that's a good idea. They don't offer any of the convenience of a normal wallet, even when the normal wallet is split into a hot watch-only and an offline cold part.

If any unauthorized subject finds your plain paperwallet, your coins are gone, unless you use special precautions. Truely safe creation of paperwallets isn't too easy, either. The wallet generator has to be used on a disposable offline system and you need to be sure that the wallet generator isn't rigged in any way. As most use Javascript code shit, goog luck with cryptographically safe and strong entropy as it heavily depends on the used Javascript engine.

I don't see any advantage of merely obsolete paperwallets over proper cold wallet storage.

The convenience is you have offline keys that you can store any way you like. If an unauthorized person can find your keys, they can also find your pass phrases, normal wallet, cold storage, etc....
member
Activity: 239
Merit: 59
a young loner on a crusade
August 22, 2024, 06:45:09 AM
#17
My Tails topic: https://bitcointalksearch.org/topic/m.63685294
2GB is enough.

Use Bluewallet watch-only to view balance on mobile.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
August 21, 2024, 07:32:26 AM
#16
Just generate and print a Paper Wallet offline. It's pretty much that simple.
...
Nothing more secure than having an offline paper wallet. You can backup your keys after that however you wish.
Please, don't recommend paperwallets to newbies, I don't think that's a good idea. They don't offer any of the convenience of a normal wallet, even when the normal wallet is split into a hot watch-only and an offline cold part.

If any unauthorized subject finds your plain paperwallet, your coins are gone, unless you use special precautions. Truely safe creation of paperwallets isn't too easy, either. The wallet generator has to be used on a disposable offline system and you need to be sure that the wallet generator isn't rigged in any way. As most use Javascript code shit, goog luck with cryptographically safe and strong entropy as it heavily depends on the used Javascript engine.

I don't see any advantage of merely obsolete paperwallets over proper cold wallet storage.
Pages:
Jump to: