Topic: Which spending method from airgapped wallet is safest for a novice. (Read 89 times)

Thanks, yes I agree about the virgins that might say this are incorrect.
So i dont have a cold wallet or airgapped wallet really.



I don't know why that is. Sorry, can't help you there.

It seem to be because too many inputs and I have to use coin control
To make less inputs ifI can work out how. Then the qr code will work.


I don't know why you would go through this trouble of setting up a third device and testing the transactions like you are planning. What do you expect will happen if you don't carry out those tests

I was a little bit worried if there was a malware lurking on the old laptop or if I did put one there with the usb stick by mistake.
Then I could be shown in the preview what looked to be a good transaction and I click sign. Then export the qr code but actually it was a qr code sending my bitcoins to a hacker. It is hard to see what is inside that qr code. I would think the watch only wallet could reveal it was a bad qr but maybe it would send or something would be revealed in that QR that was now getting to the internet.

So I thought maybe load that qr code with the signed tx into a 3rd offline machine with electrum and make sure the preview looked good.
Then if that looked okay then load it to the watch only and send it.

It could be unnecessary but only takes one second to scan that qr to the 3rd offline machine.

Or rather I might then use the watch only to see the hex of that qr code and send that hex with bitcoin core full node.

When people describe how to make a totally safe airgapped wallet from scratch perfectly it seems beyond my skills.
Even a brand new laptop they say sanitize the bios, remove wireless, make sure install totally safe and checked operating system again without usb or some internet seems impossible to me. Then all the new softwares or making my own private keys without any software like bitcoin core. I thought get a trezor or cold card but I still have to get the coins off that old laptop and sent to a trezor.
Then some people they dont like hardware wallets for various reasons, some which do make some sense.

  I think I will make more mistakes than just maroon this old machine  and try to limit anything on or off except qr codes and the odd input with usb where qr code is overloaded. Once I learn to

It's one and the same. A wallet isn't airgapped/cold if it periodically connects to the internet or has done so in the past.

That's what I thought. In that case, it's not an airgapped setup. A properly airgapped computer requires that you reformat the drive and install a clean OS on it. Linux is recommended. The computer shouldn't possess network connectivity hardware, so that you or someone else can't even mistakenly connect it to the internet.

A hot wallet doesn't necessarily mean an unsafe wallet, and you can use them just fine. But the chances that something goes wrong is significantly higher on a computer with a hot wallet and especially one that you use for everyday tasks and internet browsing. 

The proper way is to make it airgapped from the beginning. A hot wallet can't be considered cold if the keys were part of an internet-connected machine.

You can't wipe away the past like that. Yes, your computer can't connect to the internet any longer. But that wasn't true in the past. You could have infected it with some malware in the past that is now lying there and waiting.

Here is another analogy for you. If you have had sex, you are no longer a virgin. You can't consider yourself virgin from next month if you intend to stop having sex. You had intercourse in the past.

I don't know why that is. Sorry, can't help you there.

That will work. You can save the PSBT on a USB or MicroSD card to transfer data to and from the two computers. 

If the transaction was created properly and signed, I don't know what can go wrong during the broadcast stage. I think you are thinking too much about it.

I don't know why you would go through this trouble of setting up a third device and testing the transactions like you are planning. What do you expect will happen if you don't carry out those tests? 

You have lost me. I have never heard of anyone including a third device in an airgapped setup for the purposes you mentioned.

Thanks I see that I was calling my wallets cold wallets and airgapped wallets
But they are not cold at all. Maybe they are airgapped? Or maybe they are not airgapped either.

This laptop where they are stored both electrum and bitcoin core. Was once used with the internet.
It has not been turned on or connected to the internet in over a year or more. Maybe 2 years.
I checked the block explorers ( from a different machine) and the balances were still there.
I was worried it may not be sensible to ever connect that to the internet or allow it to connected with anything at all even usb.
Because nothing leaked off it yet but in future?


So I decided to make this laptop my " cold wallet" ( I understand this is not cold now) taking out my wifi card, deleting the bluetooth and disabling it and never to put the ethernet cable. Also put on airplane mode.

So i thought this machine is now airgapped nothing in and nothing out except a qr code from electrum only.
So yes I guess this isnt a cold wallet but it is now airgapped? Nothing physical touches it and no internet capacity.


That was my plan. But sadly the qr code from the watch only machine  cant contain enough info for the psbt.
This is a big problem.


So then my plan was okay, I will allow usb with the psbt into the airgapped wallet only because I have no choice. Then format it each time.
But only allow qr codes for the signed.txn out of the airgapped machine no usb out.

I though well if I only allow qr codes out from the airgapped machine then test before submitting  then what issues can happen?

Even if I did transfer a key logger into the airgapped machine then surely as long as the air gapped machine only outputs an electrum qr code ever and nothing else it should still be okay if that usb was then formatted on air gapped machine before using again


So I have my signed.txn qr code and I want to test that before broadcasting.

So I set up a 3rd laptop with electrum. Also offline, to scan in the QR code and see if the inputs out puts look okay. Just incase the watch only wallet shows me fake info or just auto broadcasts before I can detect it is about to scam me. I just want to read that qr code in human readable text before I load it to the watch only wallet. But it seems impossible to read it.
Someone said you can make it to json to read it but I dont know without using 3rd party software.

If the 3rd laptop (offline electrum just to check)  looks okay and all checks out the I know the airgap generated qr code is probably good.
I can also then test the qr code on the watch only electrum, that is running a different version of electrum downloaded at a differ time.
If that shows the correct inputs also.  Now I'm very sure this is a good signed.txn qr code. Correct?

Now I could broadcast that with the watch only wallet, but i want to broadcast on my own core full node. So more steps.

Sadly the qr code is not accepted by bitcoin core so this needs to be made to hex.

To get the hex I guess I can either use either laptop 3 or the watch only to reveal the hex of the loaded qr code. I have not tried this yet.
Or take the hex from the airgapped electrum which signed it ?

I just didnt want to touch the airgapped machine at all with usb at any point. So to get the hex off this airgapled machine without usb is an issue so i hope once I load the qr code of the signed.txn into the watch only then I can press some tab to reveal the hex that was contained in the qr code.  

If not damn.

If that does not work I can still get the airgapped machines signed.txn hex code perhaps by taking a photo of the screen in my phone and using the special select feature it turns text in images to text you can use to save to a file or just email to the machine running bitcoin core to broadcast the rawtransaction.

I could rename this thread how to get bitcoin off a machine without the internet or usb ,but I guess this would work the same for cold wallets in airgapped machine.

I suppose I got unlucky with the psbt being to large for the qr code on mine other people probably can never touch their cold or airgapped wallets physically. And can do the entire thing with QR codes.

Also most people may just be happy to broadcast their signed qr with electrum and not want to decode it to hex to send on their core node.  

So Its a bit more steps for my way to keep my old machine free from usb and internet totally.
Only communication via camera or keyboard is desirable.

I will change the title.

Wait, you already have an airgapped setup with Electrum and Bitcoin Core on it? How did you set that up if you don't mind me asking, since you are now asking questions and looking for advice about how to spend from an airgapped wallet?

Are you looking to import those keys from a different computer or the same one? What is the problem with your current airgapped setup?

A cold wallet can't have a visible transaction history. If that's the case, it means that it was online at some point in the past. If your wallet was online, you don't have an airgapped system and your wallet can't be considered to be a cold one.

Compare it with paper bills you keep in your wallet. If I pay you $10 with a $10 bill, you now have $10. That's one UTXO. Someone pays you again, that's another UTXO. You can put that bill next to the other $10 bill in your wallet, or you can put it in your back pocket. If that's all the money you have, and you need to pay someone $15, you are going to have to use both bills. The one in your wallet is address #1, address #2 is in your pocket. Doesn't matter if the bills where next to each other (in your wallet) or in different places, you'd still have to spend both to buy something worth $15.

Thanks I've realised then that you can not start the spend from the cold wallet on the air gapped machine.
I thought I could do that.

Import the key from where? You are going to create a new wallet on your airgapped system. That's where you generate your seed and the private keys. Don't import a private key from somewhere else. It's not going to be a key you created in an airgapped environment, unless it came from another cold wallet

I should explain my bitcoin core with a bit of a bitcoin and my electrum with a bit of a bitcoin.
Both are on the same airgapped machine. So maybe just to dump the priv key and import to electrum will be okay so long as camera cant see it. Because these wallets have some tx histories I think it maybe possible to start the send tx and sign from the airgapped machine.

However, if that is not possible.  You have made me realise that If the QR code can not contain the full information of the psbt generated by the watch only wallet. There are just 3 choices. To use a usb. To ignore the yellow triangle  warning sign saying fees can be maliciously increased or copy the psbt by hand to the airgapped machine.

I think the qr code can always contain enough data for the signed.txn
So that is one good thing.

But from what I can find out there is no way to keep the laptop fully airgapped if the qr code can not contain the full data of the psbt from the electrum watch only wallet. Not for a novice.

For an advanced expert it would be possible.

I guess it does not make a big difference because if the airgapped wallet ever only outputs a qr code from electrum then it would be unlikely to leak anything dangerous.

Just a shame you do have to plug a usb at all to the airgapped machine with the electrum psbt process.

Thanks for the explanation of the uxtos and addresses.
I guess it is very dangerous for the untrained to make assumptions in this field.
I had though if always sending and receiving to the same address you could not have to worry about which input uxtos specifically.

Forgot all that

To properly use a hardware wallet with electrum, you should use the native function "use hardware device "



This is how the manufacturers advice to properly use your hardware wallet with electrum

Even if you could, you would be slightly reducing your security by importing a key from a properly airgapped system into a hardware wallet that is connected via USB to a desktop machine that is online. But forget about private keys, that's in the past. Use seed phrases.

Import the key from where? You are going to create a new wallet on your airgapped system. That's where you generate your seed and the private keys. Don't import a private key from somewhere else. It's not going to be a key you created in an airgapped environment, unless it came from another cold wallet.
 
It's bad for your privacy to use only one address to receive all your bitcoin transactions. Everyone who knows that address belongs to you, can keep track of how much bitcoin is on it.

Right. Your airgapped wallet won't display your UTXOs because it's not connected to the internet or Electrum servers. It can't retrieve information about your UTXOs. You'll have to create transactions on the online wallet and use the cold one just for signing purposes.

No. You can have multiple UTXOs on the same address or spread around on different addresses. When it comes to spending, it makes no difference to the network. Spending from different addresses doesn't cost more than spending UTXOs from the same address.

Like I said earlier, using the same address over and over again is bad for your privacy. 

Not exactly. Before you signed the transaction on your airgapped wallet, you must import the transaction you created on your online wallet via QR code, USB or Micro SD card. Only then can you sign it on the cold wallet and export the signed transaction to be broadcasted on the online wallet.
 
You can't. It has no connection to the internet, so the wallet contains no information about your UTXOs. It only has the signing keys.

It all depends on how fast you need the transaction to confirm. I use https://mempool.space/ and https://jochen-hoenicke.de/queue/#BTC%20(default%20mempool),2h,weight to check how everything looks at the moment I send transactions. If you are in a hurry, you need to set a high enough fee for your transaction to be included in one of the upcoming blocks. If not, you can use the no/low priority fees or even below that if you don't mind waiting. But pay attention to the purging rate, and don't set a fee lower than that.

I started a specific thread for this idea only. To get critique from experts on a process to spend as safely with a cold wallet as you can.
Maybe other novices can use this thread after experienced users say it is going to work.

I'm a novice user trying to understand this but I see on reddit so many people wanting to achieve this. But they get stuck on setting up electrum servers or worrying about connecting to a malicious electrum node or set of nodes. Or stuck because their qr code is not large enough to contain the information from the psbt,  but they want to remain ice cold.

I want my cold wallet to remain 99.99% cold as possible.
No physical connection with usb or any input at all except my own typing or qr code at worst.
Output I prefer only QR code. No usb extraction if I can.
Would like to broadcast on my own bitcoin node if possible.

This could be ideal for when you get an issue where the qr code can not contain all the info from the psbt. Then you need to go usb but dont want to.
I'm not sure of any hardware wallets that you can import a priv key, and you dont trust hardware wallets maybe.

Option A -  perhaps could work out? Or a possible issue? How to select appropriate fee?

Forget psbt? Maybe this is easier if your qr is too large to work.

1.import private key to electrum airgapped
2. Look what address appears.
3. Set up electrum watching wallet for that address only  on other internet live machine see balance.
4. On airgapped wallet select spend but untick use new change address ( this is because if I'm not wrong the drawback with starting on an airgapped wallet is it doesnt update its memory of prior tx until you submit and it gets confirms which it cant do airgapped.
But at least getting all change to the same address. You can keep spending from this cold wallet until you know it is all used up. Or can you? Are uxto the same as addresses? Maybe even when change is issued to the same spending address. There can still be an issue starting a new spend from a cold wallet? This I dont know right now.  
5. Export the signed tx with qr code.

At this point nothing has been put on the cold machine only a qr code taken off from it.

6. Spend that qr code with the watch only electrum, or if want to spend on you own bitcoin full node see 7.
7. You have a qr code but electrum encodes it with some other format. Maybe to save space and pack more info. Or maybe to make sure electrum only can read this qr code. You can not easily see the hex code that you see if you save a signed.txn on a usb stick. To see this
Hex code you need to spend with bitcoin core. Some person made a website electrum43 to decode that signed tx QR code to hex format.
I am guessing there is a way that an electrum watch only wallet can scan this QR code and you can look at the hex version there and save to a usb or maybe you have that on your same machine with bitcoin core full node running.
8. I believe it is possible to spend that hex directly on bitcoin core wallet with a command like sendrawtransaction or some other command. If you can figure that out you could test the hex code from that QR code one time on your watch only electrum but dont submit. Then if looks good go to blockstream pushtx site and send from there at least their node would not be malicious but you lose privacy so use a burner phone if that is an issue you dont like.

All done.

*4 is seen as a little bit unsafe taking the security from 256bit to 160bit think I understood so not good for long term storage.
I think this can be maybe avoided by clicking save tx to history but I dont understand that enough to know how that stops a possible attempt at spending from uxto that maybe dont have sufficient funds in the future? I think it would work if you only ever used the cold wallet on that machine and not a different cold wallet with the same private key.

This is the tricky part to understand as to how you start a spend with a cold wallet not start with a psbt from a watch only.
The second part is the fees. I guess just look at the network congestion and put a good fee.

Is there any safer way for a novice to spend from a cold wallet or paper wallet where the qr codes cant contain all the information of the psbt from the watch only wallet?p
Are there issues with this process?

On the other hand so to speak

One expert did say this entire idea was a convoluted mess, and if you are happy to have change return to the same spend address. You can just spend and sign on an offline airgapped bitcoin core wallet and copy the hex over to spend on a synced up full node push with blockstream push tx. But he didnt have time to explain how get this hex off the airgapped machine without usb.

So can anyone give the critique of my plan. Or suggest a better way for when qr codes dont work.
Is starting a spend from the air gapped unsynced wallet always a bad idea that can cause issue with attempting to spend from uxto that are now empty? Should you always go with a psbt from a watch only?

Spending from a cold wallet seems a bit tricky fully airgapped for a novice when they hit this qr code space limit on the psbt.
Also spending signed qr code from electrum on core can be a bit tricky too due to it having to be decoded. But I expect the watch only can show that qr hex in some option.