Topic: Setting up a cold storage (Read 491 times)

That question is a stretch.
In that case, how do you know that he will come across a camera issue on his smart phone? You started that route.

All I'm saying is that tool isn't recommended and wont work in the use-case you've initially suggested.
We're getting quite off-topic to the main topic and I think I've given enough response about that tool.

regards,

You've misread(or I wasn't clear enough), as you can see I asked him how he was planning to send his unsigned transaction from his smartphone to his air gapped computer AND how he was planning to send his signed tx from his computer to his smartphone or to another device, for broadcasting it. And I mentioned two (most) common pitfalls he could encounter in relation to that.
You need a working camera to read the QR-code before decoding it so using this Electrum43 tool can't fix a webcam issue. But it allows you to not have to depends on, neither to trust, your Electrum wallet, Electrum servers and the device using it for broadcasting your transaction, while continuing to use a simple QR-code for the transmission. It prevents the leak of the seed into the unreadable QR-code by a malware or a backdoor inside your cold wallet which is a common concern towards hardware wallets using closed/encrypted QR-codes and it allows to check if the transaction hasn't been tampered with another destination address among other things.

I know you're a "Self-proclaimed Genius" but how do you know he has a working camera on his smartphone and he wants to use it for broadcasting his tx while he still hasn't answered my question about that precisely?

Using flash drives is not safe at all, because you can contaminate you air gapped environment with malwares inside them, and seeds can be leaked into them. I strongly advise against this method if you are holding funds you can't afford to lose in your cold wallet, personally.

Running Debian and Tail is good for someone who knows how to do it neatly, I won't trust recommending to someone who isn't very good with computers, they will do something wrong and put blame on you, this have happened between me and a cousin of mine.

What you are looking for is present on ever good hardware wallets out there, you can sign them to a watch-only app and even if you need to make a transaction you need to sign the transaction using your hardware wallet, this is the best feature of a hardware wallet, they are by far superior to all other crypto wallets and ideas.

You don't have to complicate any thing OP, just stick with the Electrum wallet on your Smartphone till you will be able to afford a open source hardware wallet, I recommend...

1. OneKey.
2. Trezor.
3. Keystone.

That contradicts the very reason why you've posted a solution to a problem that isn't raised by the OP:


I rephrase; If he can just use it in the last step, then it's useless in OP's case.

And talking about QR code and camera, the Android Electrum's camera should work so there should be no issue scanning the signed raw transaction's QR code which is what you're suggesting to use the tool for.
If he come across the "webcam issue", it'll be for the transfer of the unsigned raw transaction, it's now in PSBT format which isn't compatible with the tool.
Then he'll need another tool to do that or use the USB flash drive method.
If this topic is just about electrum43 tool, then it's a valid answer to its use-case; but since this is about OP, it's just a solution looking for an issue.

Yes I guess, I didn't say the opposite, I didn't try it either but I trust you.

I didn't talk about what Electrum is expecting, because everyone has been able to see that you can send a signed transaction from an Electrum wallet to another one through QR-codes without encoding issues.

I thought my message along with the quote from the github of this tool was pretty clear, but maybe not enough obviously. If you need or want to broadcast a signed transaction with a broadcast service or another wallet than Electrum, from the QR-code you will need a tool like that to decode it. It is what it is. If you don't want or don't need to use this QR-code, you can copy each character of the signed transaction instead but it's not easy with an air gapped device, you're going to have to do it by hand or to take a picture of it and to use an OCR software to read the characters in the photo. Yet, QR-codes were invented precisely to prevent that.

Actually, Electrum will accept that decoder's "Parsed Result", it's basically what Electrum decodes when it scan the QR code. (try it)

You're probably talking about the "Raw bytes HEX" in the result of zxing decoder, it doesn't work because Electrum is expecting a serialized signed raw transaction if provided a hex string in its "Load transaction" menu.
That hex string in zxing's result is the raw bytes interpretation of the Base43 string contained in the QR code;
In simple words, it represents those letters, numbers and signs, not the transaction itself.

Besides, electrum43 tool is 8years old, in modern Electrum versions, it'll only work on fully signed Electrum transaction's QR codes.
The (unsigned) PSBT's QR Code when decoded into hex string is be incompatible with Electrum (since v4.0.1 - July 2020) since it's expecting either a Base64 or Base43 PSBT string or a RAW PSBT file. (reference)
So, in terms of use-case, that tool is pretty unnecessary since she can only use it at the last step,
The PSBT will have to be transmitted by other means like the simple but effective PSBT file/text method, or find a solution to the webcam. (if it became an issue)

No that's a tool to decode Electrum QR-code format because classic decoders like https://zxing.org/w/decode.jspx don't work for Electrum QR-codes, they don't know this format unfortunately.
Electrum uses a custom base 43 encoding actually, so you won't get a readable hexadecimal string ready to be broadcasted if you try to decode it with a random QR-code decoder.
The tool is open-source, you can find its code on Github, but since the transaction is already signed, there is no way to tamper it, that's why broadcast services are used without worries by the way.
https://github.com/jacoblyles/base43js

I guess its quite too low even you make a transaction of course we need to consider the security of your device which is with the low specs seems outdated with the updates and possible it has a vulnerabilities or sadly becomes compromised already and just waiting to you to make some records to that PC, if you are using a cold wallet base on my experience I haven't get any trouble since I'm using a hardware wallet with Trezor. Just make sure that your seed phrase is safe offline to prevent someone getting access of it.

What is the link you shared, I never knew this one?
Did you mistype it ?

May I ask you how do you plan to send (and receive) your unsigned transaction from your smartphone to your computer and how you plan to send back your signed transaction from your computer to your smartphone or to another device in order to broadcast it?
Unfortunately there are often issues with webcams and Linux distributions. So you may have some troubles to send your unsigned transaction from your smartphone to this set up.
And if you need or want to broadcast your signed transaction from another device or another software, you will need to convert your QR-code because Electrum uses a special format http://electrum43.org/

All Cold-storage setup tutorials tell you to create the wallet in the air-gap device, so in the process, the seed phrase and passphrase are kept "cold" as well.
That makes it "Cold", unless you "accidentally" store it on an online machine.

If you're going for Tails setup, its "Persistent Storage" where you should put the cold-storage wallet's data directory
can be encrypted with a password of your choice, every other generated files will automatically be forgotten in every session.
With that, set a strong persistent storage encryption password (different from your wallet's password and seed phrase's passphrase)
So even if the flash drive is stolen, the thief wont be able to access its contents.

Using a LINUX operating system is much preferable due to their security factors around it, with windows I'm not certain but somehow if you aren't security conscious enough there could be some compromise such that you may not be able to handle, basically i have the Linux preference and that ahs fueled my recommendation for you. cold storage been a thing that cannot be really compromised easily because of the fact that there is little to almost no internet connection on it is a more reason you should consider a security measure that will help in getting your asset very secured than it has ever been even before now.

For Linus 2gig may be too slow to run it maybe you should get something higher if you want to dedicate a separate system to that purpose, i feel that will be the best approach for this. these are my suggestions and taught tho you may choose to try something else if you don't feel comfortable to use this information if you feel they aren't true enough or do not suite your needs on this actually.

I understand you want to keep your coins safe but still use your phone to make transactions. Using old computer as wallet is good idea but I am worried about your security. Computer has Windows and not much memory which could be problem. I think you should use Linux instead it is safer and works well on old computers. Do not worry about memory Linux can still run well. I do not think you should use Windows because you have games and other programs that could make it less secure.

Everybody's living situation is individual. You have to assess your potential loss risks yourself.

Cold, offline and analog storage of mnemonic recovery words, if you use an optional additional mnemonic passphrase and the passphrase for the storage media encryption is preferable. Mnemonic recovery words and optional additional mnemonic passphrase for the wallet need to be stored separately, never together. I would store the passphrase for the storage encryption also separately from both.

Do not try to rely on your wet brain memory. It will fail you, especially after longer periods on non-use. You should also consider how your heirs can recover your stash if something happens to you. Good planning and good documentation is key.

I'd use quality archival paper and archival document safe ink. For protection against loss by fire, I stamped all required secrets on stainless steel washers (titanium is a good option, too). Hiding the metal stuff is a bit more difficult, but messy corners or boxes with seemingly worthless stuff are a good start. Be creative...

Paper isn't difficult to hide (a thief usually doesn't spend a lot of time searching for some paper stuff). Burglars look for money (leave some bait money which is easy to find to satisfy them), precious items, stuff that can be quickly turned into money.

You should of course keep a low profile and don't brag with your crypto coins or that you're heavy into crypto. If you don't keep a low profile, you're plain stupid and shout out for trouble.

I've  not been able to reply to the comment because of time although  I did read them but I was so lazy to reply them but I think I should just do that today because I have another current ongoing issue, I will create a new thread for that
Okay, this seem to be pretty a good way to do this, I will try giving it a shot once I get the PC, thanks for the YouTube video.
I will also go through this too , thank you for the links.
So I will have to keep both passphrase and mnemonic word cold too, any suggestion of a safe way to do that.

Just use Explorer with your address and bookmark it, or add to your homepage on phone.

The convenience is you have offline keys that you can store any way you like. If an unauthorized person can find your keys, they can also find your pass phrases, normal wallet, cold storage, etc....

Chikito and Dragonfund have guide threads on Tails OS too.

• How to Install Tails OS on USB flash drive for Wallet Purpose
• [Tutorial] How to make a cold storage Bitcoin wallet with TailsOS and USB Flash

My Tails topic: https://bitcointalksearch.org/topic/m.63685294
2GB is enough.

Use Bluewallet watch-only to view balance on mobile.

Please, don't recommend paperwallets to newbies, I don't think that's a good idea. They don't offer any of the convenience of a normal wallet, even when the normal wallet is split into a hot watch-only and an offline cold part.

If any unauthorized subject finds your plain paperwallet, your coins are gone, unless you use special precautions. Truely safe creation of paperwallets isn't too easy, either. The wallet generator has to be used on a disposable offline system and you need to be sure that the wallet generator isn't rigged in any way. As most use Javascript code shit, goog luck with cryptographically safe and strong entropy as it heavily depends on the used Javascript engine.

I don't see any advantage of merely obsolete paperwallets over proper cold wallet storage.