Bitcoin Forum

Update: August 2018

*** A reminder that you should ALWAYS run the generator from the GitHub source code, never from a live website. ***

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

bitcoinpaperwallet.com is under new ownership
 
First of all, thanks to everyone who supported this project and helped with its development since I started it back in 2013.
 
At the end of April 2018, I sold the bitcoinpaperwallet.com website, service, and associated domain names to a new owner.  This also includes related projects such as litecoinpaperwallet.com and ethereumpaperwallet.com.  All orders for hologram stickers and CDs, and any questions relating to the business, should be directed to the new owner at orders@paperwalletshop.com.  Also, I will no longer be making updates or accepting code contributions for this project at https://github.com/cantonbecker/bitcoinpaperwallet. The updates posted in September 2017 are my final contributions to this project.
 
If you have any questions regarding bitcoinpaperwallet.com, please direct them to the new owner at orders@paperwalletshop.com.
 
Canton Becker
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEdh99U9EVkSdKFwuDknetcTbh2bYFAltjUJ0ACgkQknetcTbh
2bb4lggAmSQECgNx8XUccJOa5NkU76hQjtZLe+REWnaqLb9MOt3LhBl0+uaDaVPX
VpIqBH0J78phPX7ZGIb5TnEfEy7Q19njCANtTqD686aKqNUsJRfKiRqmQBP9aAAq
BcXdyl/zDHLw0taZIhmaemlb/FAze1jq5IvJ3XjcXn35N0Zd9k/7s9WBXOGWwvsZ
IzFlUJwd1uT6hiT9lMiZ5AwBYUH5wmNSat4dK6qfh+3hu65A3Ex0/EcOFOqRBPBH
801Gv347/vFkV8LOuVEUnbhf/9FwJkqxy1TADVNQyNr7cdJfX5Rg3/X0FGnYUE6s
xA9RXpfGJvFOZ4yoUTa3+qWt6krQbQ==
=28VT
-----END PGP SIGNATURE-----



----------------------------------
Original post (April, 2013)

I had lots of fun this weekend working on my own design for a two-sided tri-fold tamper-resistant paper Bitcoin wallet. Thanks for any and ALL criticism / comments -- whether it's about the look & feel, functionality, security features, etc. See:

http://youtu.be/V4H1VE3EAtI

This video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on!

Design features:

• Private key is hidden behind folds, so your wallet content is still safe if left out in the open or photographed.
• Tamper-proof tape indicates when you (or someone else!) has revealed the private key.
• Folding design obfuscates private keys so they’re hidden even when holding wallet up to a bright light.
• Reverse side has basic wallet operation instructions and a register for writing down deposits / balance.
• Private and public keys are replicated (and rotated) in triplicate to maximize chances of recovering keys if paper is damaged / crumpled.

When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)

If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.

200 btc bounty am I am in

Looks like someone already nicked the 0.1. :) The paper wallet looks great. The old one on bitaddress.org is too low resolution for printing, plus the private key is right there in the open necessitating that each bill is put into an envelope for security. Your bill solves those problems beautifully.

Where did you buy the tamper proof tape?

I've also made some nifty paper wallets (though not as well designed as yours), but here's my problem with making well designed paper wallets:
If you're making it for yourself, what do you care about design/tamper-proof/etc?
If you're making it for others, why would they trust you that you didn't print another copy of the private key at home?

Seems I was too slow  :-\
Address: 16nQ2FD6qTLymmsZQAufJHqdqPJYbcGpj6
Privkey: 5K9bNHVjCGgqnv1vGZAKaye4VPdFUMvexbqCCmkB5rouC93wWSC
The 0.1BTC are already gone

The idea isn't bad. I think I saw some other threat here with a similar approach (the banknote one iirc).
That one worked without folding by using those grey rub-off stickers.

Just for my understanding:
I also had the private key copied 5K9bNHVjCGgqnv1GZAKaye4VPdFUMvexbqCCmkB5rouC93wWSC

When going to Blcokchain.info. opening an account/wallet and importing private key, I get the Error Importing private key: unknown key format.

I also tried to use a new multibit wallet, but even when exporting a key, replacing it with the one above and reimporting, it did not work.

So how would I recreate my wallet from just a private key backup?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

Thanks -- in fact I'm already having good success modifying the bitaddress.org code so it works exactly like it did before, but with this new design at 300dpi.


Ebay! $7 for 100 stickers, delivered. These are the 2 inch wide strips.

It's not just for myself -- once the design is reviewed/revised, it will be available as a clientside javascript wallet generator based on the code from bitaddress.org. The idea is just to incrementally improve on the paper wallet generator already there, especially for people who want to do things like give their family members and friends a more attractive and idiot-proof wallet. Also I think a wallet should look valuable so that if I die, someone stumbling on my belongings will think, "Oh, this looks valuable. Maybe we should keep it!"  ;)

I like the design - well done.

If I'm not mistaken, inkjet printer ink can fade relatively quickly (a couple of years?).  I am not sure about laser printers.  

If I were you I would put some warnings up when using the software to that effect.

Something else you could do if you don't think your printer is up to snuff, is to go get a bunch of blank ones printed in high quality, and then just run them through your printer with only the address part of the template showing.

Have you tested it both with different lights, different printers, different types of paper, lit at different angles, trying to curve it so the layers of paper separate a bit etc?

Only one printer so far, and my biggest concern is about the volatility of inkjet printers. I don't think the ink fading significantly would be a big deal but I am trying to figure out some ways to try to protect against moisture which is a huge issue. (One ounce of water and the whole bill turns to soup.) Some success with packing tape but I wonder if there's a better fixative...

What do you mean re: "layers of paper separate a bit"? If your question is about trying to read the private key via backlight, it's hard to imagine any combination of supplies/lights would bear fruit. Very, very opaque. I've played around with a high intensity laser even, and though you can get a couple of letters of the key it's neigh impossible to get anything close to a complete cipher.

BTW here's a couple of photos -- I realized I'd only posted the video so far.

https://i.imgur.com/SjP2Lhw.jpg
https://i.imgur.com/Hlg2S43.jpg

I mean so the folded parts aren't touching each other kinda like () instead of ||

One problem is that the mask is a regular pattern - it's trivial to shine light through the folds and subtract this pattern. I simply include a piece of aluminum foil as a mask in my wallets..

Another issue is that this wallet advertises what it is. My wallets are stripped-down version of bitaddress - just two QR codes, and Al foil mask folded around the priv key. Then I laminate these - works as well as security sticker (I'd know if someone had cut the wallet to reveal the priv key).

Finally, this thing is huge. Too much wasted real estate.

You did a really good job. Keep up the good work!

Oh I totally get it now. Thanks for the ASCII art. :)

You're the second person to comment on this possible weakness. (The other person was on reddit.) So I just now [did a test], squishing the bill and then shining an extremely bright laser through the now 2 instead of 3 folds. Result? The QR code is still totally obfuscated because of the security pattern printed on the opposite panel. However I could easily read *some* of the characters in the alphanumeric private key. Probably not enough to be a risk but I'll redesign to make sure there's a good security stripe that gets folded over the alphanumeric private key as well.

Thanks for the advice!

https://i.imgur.com/LeJ3ZIT.jpg

I've been fooling around with bright lights and lasers and such I'm feeling pretty confident that transparency won't be a problem...

... but would you like to wager on this, just for fun? I'll mail you a wallet loaded with the equivalent of $5 USD (lord knows what that will be in BTC as of tomorrow) and if you can read the private key without opening the tri-fold you can swipe the funds with my blessing. (In return I'd appreciate you telling me how you succeeded so I can improve the design.) If you fail, you can load the same amount into that wallet's public key and I'll trust you to destroy the wallet afterwards. ;) Send your snailmail to canton@gmail.com if you'd like to have a go at it.

With regards to the bill being obvious and bulky, I agree that secretive wallets should be obtuse, memorized, etc. However there's a legitimate need for providing idiot-proof wallets to friends & family. Additionally, if I die and my wife finds a few paper wallets in my desk, I'd like her to be able to easily recognize the wallets as having value (as opposed to being scraps of random gibberish.)

Will you also be providing a method for redeeming them?   e.g., a page that takes two fields:  Withdraw  (for scanning the private key) and the Send To (for the Bitcoin address to pay).   That way I can simply do two scans, first the private key from the paper wallet, and the second I show my QR code for my mobile wallet.

Also, will this work with only a black and white printer?

It's on!  Not just for fun, but also because I like what you are trying to do. I suggest you don't load the value until I let you know I've received the mail. You'd have to trust me I won't first try, then claim I've never received the letter if I can't figure it out. ;)

Indeed! Your victim wallet just went out to the mailbox. If anyone reading this wants to sweeten the pot for Niko, feel free to chip a few pennies into the wallet @ 1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt. Niko, I have total faith in our respective country's postage services so the wallet has already been funded: https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt (https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt)

http://bitcoinpaperwallet.com/pix/niko-wallet-envelope.jpg

Hey, just want to say thanks in advance.

I was looking around for a service that would allow me to "print money" like this in a secure and easy to use manner which I could give to people.

Most excellent! I'll try out a few non-destructive methods, and if I fail to extract the key I'll add the same amount of bitcents canton has already loaded, and it all belongs to him.
I find it important to determine if paper-only wallets can be made as tamper-proof as Casascius coins.

Danger Will Robinson!

The instructions on the back talk about sending part of the balance. Doing this presents a very  real chance of losing coins. The user must explicitly send the tx change back to the note's address (theone on the front)    . Otherwise the change is lost to an unknown  public key.       

       

Yes, you can only spend the entire balance associated with a private key. The difference between this and the actual payment is so-called "change" sent to another address (presumably the one that the client controls). Most wallets/clients do not make this apparent to the user - you only see your total balance. By the way: if you are concerned with privacy, you should not send round numbers as payments. Otherwise it is clear which one is the payment, and which one is the change (associated with the new address that now we know you control).

On the related (wording) note  - the exposed qr code is the public address, not public key. To avoid confusion down the line, it is wise to be strict about this distinction.

Okay here is a flaw in your design. You trust your printer to print your keys and not report back to mallory.

Can you point to any documented examples of similar exploits? I am thinking about home inkjet or laser printers, not the enterprise copier/printer/fax/scanner networked machines.

Speaking of home printing, everyone should know that many home printers include steganographic serial number in the printout, but that is irrelevant for the tamper-proofness of he design.

Do I win a prize in BTC if I can? I know plenty of not so well known exploits and not just with printers.

Great project.

One comment about printing: It is very easy to imagine trojan/spyware that would 'listen' for specific types of printing (i.e. from certain apps/scripts) and capture/send the output somewhere. Probably not easy to detect if disguised as a printer driver library for example. Also, many newer printers are wi-fi connected and a printer-resident trojan is not an impossibility either, although it's unclear if this has been exploited (yet).

Just a thought.

to feed your paranoia.
QR codes are not made by someone with a pen doing dot to dot. in 99% of cases people use googles QR code generator or blockchain.info, or an app designed by a third party to grab the QR Code image to then print out. whats stopping those third parties from keeping logs of every string of code it receives to convert into a QR Code image.....

Good point. Is this an improvement?

http://bitcoinpaperwallet.com/pix/instructions-apr-9-2012.jpg

Ultimately, I'm thinking that the wallet printing page might have some options for what appears on the back, e.g.
Language: [select language]

Style:
[]blank
[]simple deposit register
[]deposit register plus instructions my grandma can understand
[]happy birthday

Oops! Thanks. How's this for edits on the front & back?

http://bitcoinpaperwallet.com/pix/instructions-apr-9b-2012.jpg

A few people have brought this up, and I don't think it's a tinfoil hat issue. Stuxnet spread far and wide to infiltrate the control software for fairly dumb uranium enrichment equipment behind Iran's military firewalls, so it's conceivably easier to write a virus that reprograms printers so that they transmit any printed QR codes to the mothership.

My intent with this wallet printing service is to give users clear tutorials on what steps to take depending on their level of paranoia (or based on the value of the wallets they intend to produce.) So what are some reasonable steps a fairly paranoid user should take when printing? For example:

Less paranoid: Connect directly via USB, turn off your internet connection when printing wallets, and cycle power on printer before going back online.

Most paranoid: Dedicate a printer to printing wallets exclusively, never let it go online, connect it directly via USB to your computer, factory-reset your printer from time to time.

Insanely paranoid: Don't use a printer. Use a photo-sensitive ink and expose it by pressing it against your screen to burn in the QR code that's been generated by your totally offline javascript. :)

And depending on the model of printer used, i guess it might be possible to perform a sort of audio variation of TEMPEST style attacks... ¬.¬

Another security idea is to use a printer which support on-site Printing, eg you put a Picture or PDF on a USB or SD card, and then you print with the printer "stand alone".

Many printers today have the capatibility to print files from a USB or SD card.

Since the computer cannot know which off-line stand-alone printer you use, the risk of getting a "fake firmware update" is negligible. Many printers also have a sequence that needs to be triggered Before it will accept a firmware upload via USB/SD, so its completely secure. For example Power on the printer with the firmware update USB/SD inserted. So never turn on the printer with a SD or USB inserted to be on the safe side.


For a leak to sucessfully travel from your printer to internet, the printer would have to "infect" the usb with a autorun software containing the private key AND a "payload" that transmits the private key home. And for such infection to exist in the printer, it would have to travel from computer to printer via USB/SD, and for that to happen, the printer must be able to receive software updates arbitary via USB and the computer needs to know the exact model of your printer.

Yeah, I don't imagine that those are real threats at this time (at least not yet) but anyone with a security background will appreciate we should all be aware of potential vulnerabilites.

One printing idea for durability is to use laser-printable waterproof, white polyester sheets. Not sure where they can be purchased now but have used them for other projects. Pretty much tear-proof with a paper-like feel and color laser-printable.  

Thanks for your work on this project - it will be very useful for many.

Here's some waterproof/tearproof mil-spec laser-printable material:

http://rippedsheets.com/laser/reemay.html#100721-1

Outrageously Insanely paranoid: Also available in Olive Drab / Desert Sand colors in case you find yourself running through a Red-Dawn style post-apocalyptic landscape clutching your paper wallet. Be sure to print in both colors, as a precaution ;D

It's in my hands!  First attempts at non-destructive readout will follow soon, as allowed by my newborn's sleep schedule...

Not that it matters, but it seems that bounty has been claimed three days after wallet was mailed out, and five days before it arrived into my mailbox...???

https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt

Very nice project. It will be interesting to hear about the outcome.

BTW: One thing to try is a halogen worklight.

OI! Matters quite a bit. I'm trying to figure out WTF might have happened. I messaged you privately with details. As for the bounty even though it's no longer on the wallet I'd still pay up of course.

Good luck!

bright light and good software = I can get all your numbers, they just shine on through

This is exactly the problem we are solving over at Open Paper Wallet.

We've designed wallets that follow a standard template, with lots of different designs. The graphics are pre-printed on high quality paper and shipped with security features.

However, the keys are self-printed at home

That way you get the best of both.

We're a couple of weeks from the first 5000 sheet production print run. See the project here:

https://bitcointalk.org/index.php?topic=155847.0;all

Exactly what niko suspected. If you poke through this thread you'll see that he and I have a friendly wager to see if the wallet can be "candled" without tampering with the tape. I hope he finds some weaknesses I can improve on! (I'm confident that there's *some* way to make a secure folding wallet, even if I didn't get it right this time.)

When you do find out how the keys were compromised please let us know so similar risks can be avoided.

Been lurking around and found this post.  It's a good idea but there is 2 big issues.

1) What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing.  I just tried it on a test paper and it worked as the whole flap came out.

You can solve this by getting something like double sided security tape for the 2nd fold but then it'll add to the cost.


2) The worse enemy of all stickers ... good old heat gun / blow dryer

The adhesive will just peel off if you work at it long enough.  Unless there is some heat sensitive ones I am not aware of.  Even so that will add to the cost.


Low tech solution to a high tech problem  ;D

 :D Donate too if you feel this feedback is worth it:
15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT

Well I found out a couple hours after Niko first noticed the balance was missing. I've just been too embarrassed to fess up to what happened. Here's the skinny:

Back when I generated Niko's test wallet I was still using a photoshop template to make these wallets. (Now I'm using a fork of bitaddress.org / javascript.) The same day that I printed out his wallet, I also did some work in photoshop on a different (non-folding) bitcoin template for another project on bitcointalk.org. I used my photoshop template as a starting point (which still had Niko's codes on it) and I accidentally included the QR code from Niko's test wallet in a couple of design templates over here:

https://bitcointalk.org/index.php?topic=155847.100

Someone apparently tried out the codes, realized there was a balance, and swiped the wallet. That person was kind enough to contact me anonymously and let me know that s/he had swiped the bounty. If Niko wins the bet I'll just have to send him his BTC the "old fashioned" way.

tl/dr: I screwed up and posted an image containing the private key QR code to bitcointalk.org.

THAT IS FRIGGING AWESOME. I didn't think it was possible reading your post, but then I tried it myself on a test wallet and was able to reveal the inner flap without disturbing the tape. That's a superb low-tech work-around, nice job.

I could add a third sticker requirement to cover the open fold - could even be a nice circular hologram of a BTC or something. Or, I could change the design so it includes an extra cut in the middle like so:

https://i.imgur.com/5BSvlXA.jpg

This way the tape holds down the innermost flap as well.

I can't quite decide whether it's better to have more stickers plastered on the thing, or require that users make an additional (farily deft) set of cuts. Opinions?


Good idea. I'll have to experiment with dry heat (if Niko hasn't already) to see if these tamper-evident stickers are susceptible.

Thanks for the excellent feedback. Just sent you a beers-worth of BTC to your address.
https://blockchain.info/address/15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT

The one concern I still have about paper wallets, which a lot of people seem to forget. (seeing this here too on the instructions on the front)

You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY the moment you used the private key to transfer (some) of the BTC, the paper wallet is technically no longer safe. Best is to transfer them all to a normal wallet, take what you need and create a new paper wallet for the remaining funds.

Hence also why its better to have 50 paper wallets with 20 BTC each, than 1 with 1000 BTC.

A million percent agreed. Here's the current back of the wallet, though I wonder if the point should be amplified...

https://i.imgur.com/W9dYz6q.jpg


And here's the related bit of instructions as they'll appear on the web. Note the tip in the middle. Especially that typo. Oops. :)

https://i.imgur.com/c4Ygc1x.jpg

The link to "lose your balance forever" goes to this excellent thread:
http://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/ (http://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/)

I welcome any edits/ideas/additions to making this hugely important point as clear as possible.

Very nice work cantor!

I can't wait till you launch the site.

How's this for an updated reverse?

https://i.imgur.com/puhVJQL.jpg

May I suggest that while you have this nice dollar bill size paper wallet, you can also make a nice A4 or Letter size full page paper wallet. Easier for people to use a printer, as they just put the whole page in.

Also, you can put more newbie type instructions on the full page paper wallet, the QR codes can be larger, and you have more design artwork space, and maybe more space for additional fund deposit information.

I personally have tried two cheap paper wallets:
1. one page that contains 50+ private keys / public keys / pairs. No QR code.
2. one page that contains only 1 public / private key pair. Giant text. Giant QR code.

Your size = fits in a real wallet like any other fiat money.
My full size = fits in an envelope, looks like a stock certificate or bearer bond or something really valuable.

I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.)

Thanks again yellowcoin for the excellent experiment.

https://i.imgur.com/Cx4Tg8V.jpg

PS: Yes, those are live keys, but there's nothing stored in them this time. Yet. :)

Whats wrong with using a third sticker? Or a foil sticker on the inside?

I've been busy on other fronts, but here is a preview of a simple attempt:
https://i.imgur.com/acZq7Du.jpg
Clearly, some letters of the private key can be read, through all the folds and the safety sticker.
While I wasn't able to extract the complete key yet, this is a warning to anyone creating paper wallets. Canton takes this seriously, and from our private communication it seems that he has already implemented further improvements to the tamper-proofness (sic!) of his design.

While public information about techniques of non-destructive readout of hidden print is limited, everyone should bear in mind that we can see oil paintings that have been painted over, the insides of living creatures, insides of bags and people's pockets and underwear at the airports, obliterated serial numbers from hand guns, etc.

I'll try to find time to keep having fun with the paper wallet canton has sent me. Besides through-illumination and image processing, other simple methods involve volatile liquids that make paper temporarily translucent.

Finally, I'll share what I've been doing for many months: print a paper wallet, and place a piece of aluminum fold (folded in V-shape) around the fold with private key. I then laminate the whole thing. It would be extremely hard to read what's on the paper between two layers of Al foil. Added benefit - private key survives baking in the oven that completely destroys the exposed public key.
Án example, before laminating:

https://i.imgur.com/6PJTGd6.png

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread [ either they'll scan, or it'll fail ]. Because, out of like 8 tries, I've read "1264FsZE5Fkc7TcsP1qg4PTcVi3^VYMgrA" off that QR code twice.

I do think that new design is a good compromise between cutting difficulty and the issue with sneaking the panel out, though.

Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art.

Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG.

https://i.imgur.com/03MhJNI.jpg

Couldn't get that one to read garbled even when I tried vile things with it ( rotating the camera, off-axis, etc... ) so was probably the blurriness.

For what it's worth, I was able to instantly scan all of the codes from this page without issue.

I wonder if the lower resolution coupled with a lower quality scanner was the problem...? I used a Galaxy S3, but I have no idea how that camera compares to anything else.

New design looks great!
I tend to think outside of the box and that was like the first thing that pop up on my head.  I'll poke around the new format when I get the chance to see if I can break it.

Thanks, and again thanks for your extremely useful feedback.

For anyone who doesn't quite see how the new design addresses yellowcoin's "pull out the fold with stickytape" hack, here's how the new design folds up In Real Life

https://i.imgur.com/QwKGJwM.jpg

Now the two strips of tamper-evident tape stick to all 3 panels of the fold, preventing it from being snuck out.

Time to send another one to Karl Marx for testing?

IDK if it was still a question, but I would like to confirm that all of your QR codes worked for me. Secondly I think this is really cool, keep up the good work man.

I love this idea and what you've done with it. It's nice to have the private key hidden when carrying it in your wallet and being reasonably sure it hasn't been tampered with when you put your wallet on a table. They can be carried with you so not all your BTC is on your mobile phone (online). And you can use them to transfer BTC to other trusted parties who will know they should sweep the funds within a short time span.

Here is a link to a similar concept I proposed:
https://bitcointalk.org/index.php?topic=51978.0

I wonder if your method can be tweaked by just using tape instead of tamper resistant stickers. Obviously it's less secure but might be good enough for lower BTC amounts.

Definitely still works with regular tape, especially if you're mostly concerned about casual tampering (wallet on the table) as opposed to dedicated fooling around with liquid solvents and heat guns. :)

To this end:

#1: Today I soft-launched https://bitcoinpaperwallet.com (https://bitcoinpaperwallet.com) which not only provides the wallet generator (in-browser two-sided printing) but also features security tips, and allows you to purchase custom holograms using bitcoin. Wallet generator is open-source and can run entirely offline as it's based on bitaddress.org.

#2: Somewhat unrelated, but I entered a variation of my design for a *non-folding* project organized on bitcointalk.org. These paper wallets will be professionally printed (any you'll only home-print the keys/QR codes.) Have a look and vote for whichever design appeals most to you: https://tricider.com/en/brainstorming/poxx (https://tricider.com/en/brainstorming/poxx)

Very cool! Works well.

The calibration didn't align the front and back 100%, but it probably has to do with the printer rather than the design. I just had to cut the edge a little closer. All this did was uncenter the Bitcoin symbol over the private key, although it was entirely visible. I used Zoom: 3, Shift: 7 if that helps anybody else.

Any chance there will be an option to specify the size? Would that mess up the Zoom/Shift settings? I think it would be cool to have it the same size as paper currency, but I suppose paper currency has different sizes throughout the world.

Great stuff :)

With any combination of zoom/shift settings, did you manage to get the calibration page to print out perfectly *centered* (horizontally centered, that is?) That's the factor that influences how accurately the front/back line up. For zoom 3 / shift 7, what browser / OS were you using?

If anyone reading this thread is scratching their heads, this is what we're talking about:

https://i.imgur.com/fZlxoaK.png

So far I've had the best success with Safari, pretty good with Firefox & IE, possibly some problems with Chrome.


Not yet. I'll think about that some, like a "master zoom" function. However the resulting wallets wouldn't size properly for the tamper-evident tape I sourced -- so you'd be obligated to use regular tape.

+1

Brilliant!

Offline computer using Chrome printing to PDF... PDF saved to SD card... SD card inserted in printer.

Looks great. Can't wait to print some.

Chrome / Windows 8.


I'll see if I can try another browser soon.


It was just a thought. It may not be doable. It's awesome as is :) Since carrying it around in your wallet sort of defeats the purpose, my thought is probably bad, but maybe a function then to print a "public" bill that has only the public key and doesn't fold... that way you can carry it around without worrying that your funds will be stolen, even if your (physical in real life) wallet is. Both (the "secret" bill and "public" bill) would be able to print on one sheet of paper.

Anyway, just spitballing. I think it's really cool already. Cheers!

Using Chrome / Windows 8 printing on a HP CLJ, the zoom and shift didn't seem to do anything at all, but the extra bleed on the back was adequate to make it a reasonable fit, here is the bleed after been cut with the details from the calibration page behind, maybe it just needs extending on that leading edge at the right of the picture

https://i.imgur.com/MfDirzr.jpg?1

I believe this is why the textual private keys aren't lined up so any damage will damage different parts of the key. See https://i.imgur.com/4Pmh5lp.jpg ( grr, had the wrong link here before I decided to remove the half letters to simulate more damage ) -- [ printed wallet, cut the flap in half, and removed any half letters ( simulating a pretty huge space of damaged textual key -- and honestly, I really doubt damages from a fold will damage exactly one letter ) ] -- QR code removed because I'm feeling silly and havehad 0.05BTC sitting on that address if anyone can recover the private key.

I'm re-reading this and now I'm undecided. I first thought it was a bounty. Is it?

Well, it *was*: https://blockchain.info/address/15mNseGxoTxq3yWeR6utULoeQdWuJYSgNy

Okay. That was me. I just wanted to make sure I was actually allowed to steal it. But I guess I'm derailing this thread a bit. Sorry.

I'd do something like this, where the middle two QR codes are actually randomly generated nonsense data.

https://i.imgur.com/6U9sQE5.gif

This. Great idea. I'd also add some message on the bogus codes to avoid confusion:

https://i.imgur.com/Ueual7C.jpg

Also on the other side of the paper too, behind the actual private key.

For fun, maybe instead of QR codes, random dot stereograms :) Seriously though, I thought of doing bogus QR codes but I was afraid of usability issues for novices... maybe if there's a real obvious "NOT HERE" type mark. I'll think about this some more.

This is a really cool thread, idea, and execution.  I may have use for these in the near future :)

If I could make one small suggestion, put a web address somewhere on the template for basic instructions, so I can give to a newbie and they can learn everything they need to, like bitcoin.org or whatever.

Jinx. I just did that -- literally -- 10 minutes ago. :)

See the bottom right of the notes/deposit area:

https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/back-300dpi.jpg

- Canton

PS: If you haven't yet voted on your favorite open source bitcoin paper wallet design, hurry up, voting is ending soon!
https://tricider.com/en/brainstorming/poxx

You actually encouraged me to order ink cartridges (refills with reset chips actually) for a long unused inkjet printer, and some good stock.

Be wary - inject printer ink has a finite and relatively short life (can be as short as a few years).  Don't use inkjet unless you know the ink is long lasting, or only for temporary wallets.

It's water resistant pigment based ink :)  and its going on 100% cotton stock.

Canton I did a lecture today on your wallet. I recommended it to my students seeking a paper backup:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

Excuse me if this seems unappreciative (I think your design is awesome and have printed out 3 wallets for my family).  But has anyone verified the Javascript in the Zip download?  I'm just wanting to make sure that the random mouse movements are actually seeding the RNG and we aren't all just making the largest Bitcoin donation in history. ;-)

If someone is paranoid and is going to go through the extra effort of doing this completely offline, it would help to have 100% confidence in the RNG.

I looked through the javascript and it seems to be legit; however, I have not invested a huge amount of time verifying this claim. The random movements are seeding the PRG; however, I have not verified that he has implemented a CSPRNG.

He is using crypto-js https://code.google.com/p/crypto-js/downloads/detail?name=Crypto-JS%20v2.5.4.zip&can=2&q= (https://code.google.com/p/crypto-js/downloads/detail?name=Crypto-JS%20v2.5.4.zip&can=2&q=) Simon Greatrix and Jeff Mott. Yes the implementation looks fine.

Canton any reason you didn't use the newer implementation?

https://code.google.com/p/crypto-js/

I've been experimenting with spraying the finished printouts with Krylon "Preserve It" before folding up. Stinky as hell, but I think it's going to make a difference as long as their marketing info is accurate:

• Digital photo and paper protectant more than doubles the life of documents and photos.
• Ideal for protecting digital photos, address labels, greeting cards, scrapbook materials, artwork and more
• Acid-free/Archival-safe

Hi Charles,
Lecture looks *great* I skimmed it. Really glad to see a detailed straightforward explanation in such depth.

No (good) reason at all! My generator is based on GitHub fork of bitaddress.org from about 2 weeks ago, so whatever bitaddress.org was using back then I'm still using now. I haven't folded in any recent developments (including BIP38 which I'm considering implementing.) I'll have to ask if pointbiz/bitaddress.org are using the older crypto for compatibility reasons or if it just needs refreshing.

I've also been thinking about building in some very human random input other than mouse movement... like an option to flip coins or throw dice or something...

I'm enormously grateful for any source code checking anyone wants to do, especially for a forthcoming live bootable CD I intend to distribute. (Someone generously ported my design to their own linux-based command line generator which uses an in-memory filesystem and PDF generation to circumvent issues with cached print files ending up on the hard drive, etc.)

The only reason I mentioned is that Jeff worked pretty hard to speed up the code in version 3.0.


Mouse movements are likely to be a more random express than such inputs. JS-Crypt's implementation has not been vetted as a CSPRNG, but it seems sufficiently good. You could always implement a proof of work style random generation and then hash the solution and select the first few bits of output as your seed. All hardware will have different solution time and the randomness of network latency would also add a slight stochasticism even on the same configuration. Combined with a hash, you would have a totally random seed.


If I can find the time, then I'd be happy to help. Shoot me an email. And any course suggestions you would recommend, I'd greatly appreciate.

Does anyone have any ideas about how a paper wallet design should look & work when the private key has been encrypted with a password? I'm talking about https://en.bitcoin.it/wiki/BIP_0038 implementation.

Folding, tamper-evidence, all that seems unimportant if you can show off your encrypted private key to the world with (relative) safety. On the other hand, what I like about an unencrypted wallet is that -- for example -- if you die, your spouse can recover your funds from a wallet stored in a safety deposit box without knowing your passphrase.

One idea I'm kicking around is a design that prints out a wallet plus a backup wallet stub (like on the open paper wallet project elsewhere on bitcointalk) -- but in this case a mixed encrypted / unencrypted private key wallet. Something like this:

https://i.imgur.com/wdC1mg1.png

If not this, then what do YOU think would be a good way to implement BIP38 on a paper wallet?

Canton, do you do all the graphics art yourself?

Wouldn't the best use of BIP38 be to have the manufacturer print half the private key while the customer writes down the other half? You can print a really nice note for them and they know that you don't have access to the funds, but they can verify that the half of the code you printed is correct.

Yup! Programming web stuff is my mainstay but I do a fair amount of design for fun and work as well.

For professionally printed notes, I was thinking the process might go like this:

• customer uses a secure generator (like bitaddress.org) to produce 100 pairs of BIP38 encrypted keys and public addresses.
• customer sends the list of keys to the professional printer
• printer prints out fully-filled in ready-to-load notes and sends them back.

I'm still not 100% sure I understand how BIP38 is supposed to be used so please correct me if my assumptions are wrong here.

That's already too complicated.


IMHO it should be more like:

• Customer visits site
• Customer clicks "Buy a paper wallet"
• Client side script generates two pass phrases, only showing one to the customer
• Clear and concise instructions tell the customer to write down or print their pass phrase
• Client side script then sends the other pass phrase and the public address to the server
• Client side then says "to complete your order send XXX BTC to 1?... and also presents a QR code
• Server alerts production that a new wallet is ordered
• Production prints out and ships the wallet

The customer shouldn't have to know about BIP38 or any of that, although if they want to learn about it good links should be available.

The wallet should have the codes to verify that the pass phrase in the wallet will generate the half of the private key. The website should have a client side script page that will take both pass phrases and use them to determine the real private key.

I made a test wallet using my Shire Silver equipment, putting a piece of aluminum foil between two pieces of 100# cardstock and laminating them (private key on the inside of one of the pieces of cardstock). It sure seemed to be pretty well guarded against casual prying, and only when the laminate was cut on three sides was the private key portion visible.

You can also save the pass phrase that the customer didn't get in a database, so if they ever lose the card they can always ask for another (for a price).

The latest revision to this wallet design is fairly minor. But pretty! I had gold and silver tamper-evident hologram stickers custom printed with white "bitcoin" text that exactly matches the pseudo "watermark" design on the reverse of the folding wallet.

https://i.imgur.com/CrKoR83.jpg

Rainbows are wicked hard to photograph, so this video shows the silver vs. gold holograms best: http://youtu.be/gZBXhFT_GKo (http://youtu.be/gZBXhFT_GKo)

Although I haven't officially launched this design yet, the stickers and the latest folding design are all both available at http://bitcoinpaperwallet.com

I finally got a couple of hours to play with the early prototype. Here is what I was able to get by simply shining light through the wallet:
https://i.imgur.com/u25IAm0.png

Now, as much as I am satisfied that I was able to read most of the letters, the level of satisfaction will not increase significantly if I spend time doing this until I am able to read all of the letters. If it was a 100-coin wallet, maybe.

Furthermore, canton included a sample sticker (that he did not apply to the wallet he sent it with) that would pretty much render my attempts completely futile: the sticker substrate appears to be metallic. No way we'll be able to read through that any more that we can read through Casascius coins.

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

This was fun. Again, if you do make your own paper wallets, and you store any significant value in them, do not take tamper-proofness lightly.

Nice work with the partial reveal, Niko!

I'll PM you an address for the .0255 BTC bet, but only if you let me send you a batch of these new holograms for your own use. :) Do you want silver, gold, or both?

Things usually work out much better when you don't try too hard. After officially giving up, and paying up the dues, I could finally have some fun with the sample wallet. I was able to read the key in about two minutes, without any apparent damage.
Canton, I emailed you with the details.

My stickers just arrived today (thanks Canton, shipping to South Africa was FAST!) - I'm not going to post an unboxing, it's a frikkin envelope:)

I printed a wallet (1PJegEonLNGqxgtk1dva6sJze9F1HwraMn) in grayscale and decided to try candle it. For my experiment I'm using a Fenix TK41 U2 (http://fenixlight.com/ProductMore.aspx?id=17&tid=8&cid=1), which produces 860 Lumens of blinding white brightness.


I know it may be a little hard to see clearly, but even at 860 Lumens there was sufficient blur to make the QR code unreadable and impossible to clean up. The stickers obliterated any chance at reading the code. If I was extra paranoid I could stick an extra sticker to cover the QR code:) I'm confident that even at 860 Lumens, printed with relatively light toner on a grayscale laser printer, that it is safe to use. I'll be printing out a new permanent one in colour to be extra safe:)

I wanted to confirm for anyone following this thread (or following the bet Niko and I had re: his efforts to try to bypass the tamper-evidence features of this wallet) that Niko did in fact come up with a very smart way to reveal the private key without damaging the tape.

Once he sends me his public address I'll send him a few beers BTC to honor our bet.

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that. :)

Fluffypony -- thanks both for ordering those stickers and for testing them out with what appears to be a Jedi lightsaber.

Glad the stickers arrived to you intact. Your order was one of the first 30 or 40 orders in which I was using an attractive/descriptive "bitcoinpaperwallet.com" return address. Two of those orders (both to Canada, interestingly) were sliced open before arrival. Stickers intact, but someone tampered with the envelope on the way for sure, possibly someone high up in the CA postal route.

"It's not paranoia if they really are out to get you."

I've since made the return address more obscure, less likely to draw attention.

So, will you inform us when you do have a solution? I would like to be sure it's the most secure possible before starting to use it.

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.

This exactly. I don't think that this is designed to be kept loose in your wallet, there are other solutions for that. This is meant to be stored somewhere safe, and is designed in a way that tampering will be evident.

1. These wallets aren't designed to be kept in your open space office desk drawer. You should keep it secure and unavailable for others' physical access.
2. More probable attack vector of someone who accessed that wallet physically is to rip it open and withdraw coins. All users should be aware that if someone can access the wallet, they're screwed.

Considering this, I think it's safe to assume that everybody sane will keep their paper wallet secured. And considering this, I think it's better to openly describe the hack, because crowdsourced solution might come much faster.

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

That is ingenious - very clever attack vector! The only way to mitigate it somewhat, I suppose, is to handwrite something on the wallet. That way, unless they go to the extraordinary length of getting a really good handwriting forger, you will recognise someone else's handwriting.

Handwriting the deposit information on the back would lead to early detection.

I am wondering if a two factor wallet would be a better option for the paranoid and/or large amounts.

Well, I've suggested this before, but it seems none of the paper wallet systems out there support it: why can't the private key be encoded/encrypted with a passphrase? When importing, the passphrase would be required to decode/decrypt the private key, thus mitigating most physical attacks.

Truly paranoid could also deposit using multi signature transactions. You send the deposit to two or three recipients (addresses of your own paper wallets). Then when you want to withdraw, there are two private keys required from two of your wallets. Of course you store these paper wallets in different physical locations.

(BTW I love your evil scenario for replacing wallets with look-alikes. Very clever.) I think the next round of holographic tape I order might (1) feature a totally custom hologram (expensive to forge) plus (2) stickers with unique serial numbers printed in pairs to discourage wallet swapping / sticker replacing.

Regarding encrypted private keys, I'm working on implementing BIP38 as a different design less suited for gift-giving and more suited for long-term storage, something like this:

https://i.imgur.com/wdC1mg1.png

Finally, for anyone dying to know what Niko's subterfuge was, it was about soaking the wallet in a liquid to remove the stickers without detection. At some point he thought a heatgun/blowdrier might work as well. I haven't tested.

Good points, Terk. Furthermore, the slight-of-hand attack you described in yor next post is great. BIP38 addresses these kinds of problems, and canton is working on implementing it.

Good work, Canton!

I love the design and am definitely going to start using these.

I agree completely, but I am very much enjoying the friendly battle with Niko.

Is there any way you could post the base design without keys and QR codes so that I could stick in a vanity address just for fun?  Or maybe you could find a way to incorporate vanitygen, though that sounds like it might be a bit difficult.  It might also be nice if other address formats could be used.  I would love to use this for Litecoins, too.

Hi Jabberwok,

I sure will post the PSDs/PDFs for editing/adjusting. Also someone else has generously worked on a shell script (live CD!) based version that uses vanitygen and outputs PDF files of my design as an alternative to the current bitaddress.org-based method I'm using now. Distributing this might be a few weeks out. It's a wicked bit of code: uses a RAM drive during wallet generation and then shreds the memory space afterwards -- less worrying about printer cache files and such.

First of all, this is my favorite paper wallet I've seen by far. It has had a lot of thought put into it, and it shows. They look so good I am considering buying a color laser printer so that I can print these in color!

A couple of questions:

• The tamper-proofing is nice, but I intend to store these securely and so it is not as important to me as being able to trust the wallet generation code itself. Are there any plans to get a third party to post a hash of a vetted version of the offline wallet generator (and/or of the upcoming official Live CD)?
• I am currently using the technique of booting a Ubuntu Live CD from a non-internet connected computer which has the offline version of the paper wallet generator available on a USB thumb drive. Once opening this in Firefox, I print to a B&W laser printer (connected via USB). Once finished, I remove the Live CD and reboot into my normal OS, and reconnect the network cable. Would the official Live CD provide more security than this?

A few suggestions for the back:

• Typo in third point "until you are ready import"
• The last warning on the back of the wallet could be misinterpreted to mean you can't partially spend the funds you have on the wallet (i.e. so how do I ever use this to buy something less than the value on the wallet?). Since you mention How to Deposit as its own step, perhaps you should also have an entire step on How to Withdraw?
  
  Current:
  When withdrawing your funds from this wallet you should remove the ENTIRE BALANCE.
  If you attempt to spend only some of the funds you will likely lose the remaining bitcoins forever.
  
  Suggested (feel free to condense):
  To withdraw your funds from this wallet:
  1. Prepare a software wallet to receive the funds. This could be a bitcoin client on your computer or phone, an exchange, or an online wallet.
  2. Transfer the ENTIRE BALANCE to the software wallet. See http://bitcoinpaperwallet.com for instructions on how to perform this transfer. Note that it is important to transfer the entire balance in order to avoid losing control over the remaining bitcoins.
  3. Wait for the transaction to be confirmed. This typically occurs in under 10 minutes. Once confirmed, the funds are free to be spent as desired.
  4. Do not reuse the paper wallet - there is now a software wallet that has knowledge of its private key.
  

The reason I'm suggesting referring the user to the website for instructions on how to perform the transfer is because there doesn't seem to be a good way to do this just yet. There are several manual ways, some more complicated than others, but unfortunately there doesn't seem to be a feature common to most/all wallet software to sweep funds from another wallet, so the idea is that the current "recommended" ways of doing this could be maintained on the website, rather than out-of-date methods being printed on the wallet itself.

I love this wallet. I printed myself one of these and stored 0.1 BTC in it. Putting in a suitcase where I'll find it by surprise many months from now. :P Have you considered selling professionally printed wallets? Albeit everyone would have to trust you don't record the public keys. It'd still be nice. All I have is an inkjet, and no idea where I can possibly find a laser printer.

Hi JCW,

Thanks very much for the kind feedback. And especially for identifying yet another typo on the back. Oops. I think your suggestion about having the back refer to the website for more comprehensive/up-to-date wallet swiping instructions is an excellent one.

Ultimately for the back of the wallet I'd like to make the back something that's customized on-the-fly during print-time, so that when you print the wallet  you can choose:

* the language -- someone already sent me a portuguese translation...
* whether to include instructions at all (versus for example ample space to write a nice note if the wallet is a gift)

PS: If you decide not to buy a laser printer, there are some ways you can make your inkjet-printed wallets more water-resistant. I'll be posting a report on this soon as I'm in the process of testing a bunch of different products/solutions.

Funny you should ask! A related project selling professional printed paper wallets just launched at http://safepaperwallet.com . It's not a folding / tamper-evident design, and you still have to print out your own codes onto the blank spaces on the wallet, but these promise to be super high quality.

Right now I wouldn't invest much effort/trust in having anyone professionally print wallets *with* keys for you. There's a protocol in progress called "BIP38" which will make it possible for you to choose a password before having a wallet printed, which will circumvent the trust issue altogether. I haven't implemented BIP38 myself yet, but it looks very promising.

Canton,

Very kind of you to drop a mention of the Safe Paper Wallet.

Today I upgraded the initial order, from 4000 to 8000 wallets, from regular perforation to micro-perf and from digital offset to 4-color linotype press.

The paper is a textile-weave texture, on 250gsm weight heavy paper which is acid-free and archival quality to last a lifetime, even on display and under light (which degrades regular paper and inks).

I will have samples at the conference.

The next print run will include your design as I branch out to more designs (and the MB Messer design too).

If the current rate of orders continues for a few days, I will be running break-even by end of week and ordering the next print run for 20,000 wallets.

Thank you for the mention and all your incredible work on this and other projects!

I didn't know you had entered the wallet business. I'll update our course to mention the safe paper wallet in the paper wallet lecture.

We're lucky to have people like Canton in our community.  I've used both his paper wallet site, and ordered stickers (which came amazingly fast).

Thank you Canton, you are an amazing addition to the bitcoin community!

Thanks very much for the kind words, dhenson. Working on these designs combines a lot of my passions (cryptopunk, print design, web design, ecommerce, and STICKERS I love stickers) so it's nice to hear when this work is proving useful to other folks as well.

I'm slightly curious how well it'd work to do a three-pass print and not a two-pass. ( which makes this even closer to the other project, but... )

Print the front and back in color without the QR codes on some printer [ color laserjet, color inkjet? I wonder how it'd work if those ink could bleed when wet when the QR code couldn't? ], and then print the QR codes on a cheaper black and white laser printer.

This would probably also work for your "super paranoid" option, without having to buy a nice color laserjet and only use it for wallets.

[ However, I imagine the pain this would be to align and calibrate across two different printers ]

This. Ow ow ow ow. Yes.

In any case, Aantonop's safe paper wallet project is definitely geared towards what you're describing here -- he'll ship you professionally printed designs (offset printing) and then you just laserprint on the QR codes and alphanum keys in B&W.

I have upgraded the printing order, it will now be a full linotype press print, not digital offset, which will result in much much higher quality with brilliant color and durability of color. I received an incredible rush of pre-orders at the discounted price, which gave me confidence that I will sell all of them, so I upgraded all the parameters of the print production:

- Full lino press
- Micro-perforations instead of regular perforations - 72 cuts per inch, makes a completely smooth edge.
- A beautiful "Crown" brand, 80# weight, textile-weave textured white paper.
- Double volume: 2000 sheets (8000 wallets), instead of 1000

After a long search I finally found a perfectly transparent Ziplock bag that fits my design properly. This should hugely improve the life expectancy of wallets, especially when printed using inkjets. I'm expecting that these will not only mitigate water damage but also may reduce air-degredation (a problem for ink printers like HP that use heat activated instead of piezo heads.)

https://bitcoinpaperwallet.com/images/wallet-in-ziplock-bag.jpg

I'll probably have to trim about 1mm off of the height of my design to make it easier to load these baggies, but I think it's worth it since this is a more convenient protection compared to buying polyester paper or spray-on preservatives. I'll be adding these to the https://bitcoinpaperwallet.com site in a week or so for a nominal add-on fee.

Awesome. I'll be ordering some of these along with some stickers as soon as they're ready. How many wallets per bag would you recommend, is it 1 per?

Also I am very interested in the combo design you posted earlier. The use case for me is the left hand side (private key encrypted with a passphrase) could be kept in my actual wallet or somewhere reasonably accessible and the tear away part (with the plain text private key) would go in a zip lock bag in a secure place (e.g. a safety deposit box). Is that idea something that is still in the works?

Definitely in the works though there are some other items ahead of that in the queue, e.g. language translations, "two-up" design to save paper when printing. Also I need to get my head around BIP38 and see how the bitaddress.org implementation of BIP38 is progressing. (I think Pointbiz/bitaddress.org might only have decrypting right now, not encrypting?)

Hi canton,

Just to let you know I used Bitcoinpaperwallet to offer bitcoins to a friend, for his birthday. It's fantastic, very easy to use, and the design of the wallet is really gorgeous. Sadly, I printed it in black and white (on a laser printer), but it was still really cool and he loved my gift.

Mind if I suggest you only one thing? To be able to use our own public addresses/private keys. I guess it wouldn't be very secure, but since it was a gift, I thought it could be funny if the public address was a vanity one that I generated before. Thus, I used your great tool but had to generate the QR codes somewhere else, and replace them along with the keys using the Chrome Inspector.

I don't know if you'd like to implement a feature like that, but hey, maybe you'll consider it. :)
Thanks!

What paper are you using? Just regular inkjet paper?  I am using this:

http://www.amazon.com/gp/product/B004PX7Z3S/ref=oh_details_o00_s00_i00?ie=UTF8&psc=1

http://en.wikipedia.org/wiki/Teslin_(material) (http://en.wikipedia.org/wiki/Teslin_(material))

You're using Teslin with the tri-fold design? How many mm thick is that product, does it fold OK?

Folds easily.  Its 10 mil thick. Strong.

75 mil                                                                 Nickel

60 mil                                                                 Penny

50 mil                                                                 Dime

10 mil                                                                 Business card

6 mil                                                      white trash bag used in kitchens

4 mil                                                             standard piece of paper

Cool, I think I'll try that out, thanks!

Canton: Thanks for all the work you've done optimising this paper wallet solution. It rocks.

Just printed a few tests using Teslin IJ (10 mil). Folds great, feel is similar to Australian etc. polymer notes.

Teslin IJ is synthetic and completely waterproof, soaked it in water for a few hours after printing on a standard HP inkjet just to see... Neither the material nor the printing was affected in the least. Can highly recommend.

i would be wary of 3pass printing on a paranoid level, because a laser (like on the previos tests) with the correct frecuency coud candle the qr from 1 ink while the obscuring pattern having a different pigment could be transparent to that particular frecuency

have you tried alumajet (http://www.horizonsisg.com/alumajet.html (http://www.horizonsisg.com/alumajet.html)) i have printed in it and it looks great, and it is prety durable. Besides it would help making the wallets look valuable

You can get paper that is the exact same quality as United States dollar bills.  Just take a United States dollar bill and bleach it.  I've heard of counterfeiters doing this.  They take a one dollar bill, bleach it and print a hundred dollar bill on it.

That looks *neat*. Is it at all waterproof? Or does dropping a bit of water on it cause the ink to run? Maybe "alumajet" plus something like Krylon Preserve It spray would be an interesting combo. Speaking most generally though, isn't aluminum a pretty "reactive" metal? Not sure it's a good choice for long-term storage... But agree this would be gorgeous e.g. for gifting bitcoins short-term!

It looks neat, but devil is in the details. You are right that aluminum in itself is extremely reactive - so much that it will immediately react with oxygen to form a layer of aluminum oxide on its surface. Any ordinary piece of aluminum you see around is at least self-passivated this way. Alumajet is claimed to be "anodized aluminum" - which means processed to increase the thickness of the oxide layer. While aluminum oxide - think of it as a ceramic - is relatively inert, it is far from durable. Both acids and basescan weaken it. Thermal expansion is ways different from that of underlying aluminum, leading to cracking from hot/cold cycles, then to related localized corrosion. Finally, to be inkjettable, ideally it needs to be somewhat porous. If porous, it's not good passivating layer. Even the manufacturer recommends laminating signs printed on alumajet.

I like the idea behind the product, and might even try printing some photos (color management nightmare, probably), but would not trust it for btc wallet any more than paper.

actually it has some sort of special covering on one side which is the printable one (has to be single face, but it folds nicely) because the ink doesn't stick well on the other side.
and it can tolerate some water when printed with a regular canon printer

are these things meant to be exchangeable?

how is this secure?  you have the private key to his account!

 you can make paper wallets more secure with Visual Cryptography.

 https://bitcointalk.org/index.php?topic=226671.new#new

Hi bluemeanie1,

This is a neat idea, and something I'll consider if BIP38 doesn't come to full fruition for some reason. (As I understand it, visual encryption would effectively do the same thing as https://en.bitcoin.it/wiki/BIP_0038 (https://en.bitcoin.it/wiki/BIP_0038) )

As for the wallet sent to Niko not being secure because I knew the private key, it was even less secure than that because I subsequently inclued the private key in a mockup on an unrelated forum post by accident, and some clever person stole the funds while the wallet was still in transit. :)

But to answer your concern directly -- the purpose of this wallet isn't to simulate physical cash, it's meant for (1) storing your own coins, or (2) giving coins to people who implicitly trust you, e.g. friends, family.

For a full overview / explanation of the intent (and to try out the working code) please check out https://bitcoinpaperwallet.com

- Canton

Hi Canton,

it's possible right now to make password protected coins using Transaction Scripts.  Thus you could make such 2-factor protected coins, but not necessarily an entire address, but there are probably ways to simulate the functionality you are looking for.

-bm

I'm also really interested in using my own addy's and keys from vanitygen. Unfortunately, I have zero coding experience. I was able to use chrome inspector to change the private and public keys, but after making my own QR codes, I got lost trying to figure out where the qr code image files are referenced in inspector.  Any help would be appreciated :)

This might be a stupid question, but why can't I just sandwhich a paper wallet between two pieces of dark construction paper and put it in a sealed envelope?

Seems like a KISS solution that avoids the light thing.

Out of curiosity... I take it this physical wallet isn't intended to be exchanged like currency?  But rather, it's designed to be a wallet to store incoming funds until such time as you wish to transfer these funds into a secure address?

In which case what's the point of it being tamper proof?  You can't use it as a medium of exchange anyways so there's no point in a tamper-proof private key.  If someone steals the wallet they can just steal the funds in it by opening the wallet anyways.  I guess this protects against someone finding it and writing down the key and leaving it where they found it, or photographic it, then?  But you can just leave the private key at home in a safety deposit box and carry around the QR code for the public address.

I can't imagine a scenario where the average person would need a wallet that can accept an unlimited number of coins until such time as you want to buy something with it, which you can only do once and only with certain technical knowledge (I'm thinking of the change, here) after which it's useless and you need a new one.

A tamper-proof private key is only useful when you want to use it as a medium of exchange, which this thing can't be used as since anyone can print off any nonsense private key they want to on the private key slot before they seal it off.

Where tamper resistance is warranted -

A) If the person is a guest in your house when it vanishes, you know who likely did it. So stealing the key to later extract funds is a better move than stealing it.

B) If there isn't much value on it, thief can wait until it has more value.

Hey there!

Someone's posted what might be a pretty good exploit on reddit, using a camera speedflash, see:

http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/ (http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/)

However I'm having a devil of a time trying to reproduce his results. See my attempts here:

http://imgur.com/a/FzPB0 (http://imgur.com/a/FzPB0)

Can anyone else see if they can use a flash to expose a readable QR code off of a properly printed/folded/sealed wallet? I'll gladly put up a token bounty just for fun, say .10BTC (or I'll send you a nice batch of free stickers & sealing bags, your choice.)

This is the best I could manage:

https://i.imgur.com/cyFKEPl.jpg

Make sure the layers are pressed together, perhaps between two plates of glass. This minimizes the blurring related to scattered light.

You can also use some liquid to see it properly.

Hmm... have you tried?

I was told that freons work, and evaporate cleanly, but have not tested it myself. 

Ultimately, what's the actual problem here? If somebody can get to your paper wallet, and wish to steal the funds, they would be much smarter to just steal the damn thing, than to tamper with stickers, solvents, photo flashes, laser scanners, optical coherence tomographs, and neutron beams just so they can scan the priv key while leaving the wallet seemingly intact. Extracting the key without damaging the paper wallet is more of a prank than a crime.

If I am ever to accept a casascius coin or a paper wallet as payment, I'll gladly rip it open and spend it into my address. If it's more than a couple of hundreds of dollars worth, I'll check it for unconfirmed spends. If it's more that a couple of thousands of dollars worth, I'll wait for a confirmation or two. That's all.

I think the concern applies mostly to wallets that are passed on, when you might trust the original creator but not the individual that gave you the wallet (or anyone else in the chain of ownership).

You did a really good job. Keep up the good work

That one worked without folding by using those grey rub-off stickers

This is indeed a very nice design, and canton is an awesome guy to talk with.

An idea I was contemplating, how about if you make a striped line in the middle, and a corresponding unique number per paper wallet on both of the halves.
This would allow to put the private key slip in a bank box, and keeping the public key slip in your wallet.

This way you could keep track of which public slip corresponds to which private slip.

Illustration, now I am no designer, but you get my point

http://anonymouse.org/cgi-bin/anon-www.cgi/http://anonymouse.org/cgi-bin/anon-www.cgi/http://anonymouse.org/cgi-bin/anon-www.cgi/http://anonymouse.org/cgi-bin/anon-www.cgi/http://img835.imageshack.us/img835/672/tmog.jpg

You forgot to mention unicorn breath, which is known to render all muggle technology fully transparent. :)

Your point is a good one though. What I'm aiming for is "casual" tamper-resistance -- for example, what would be especially useful for a paper wallet given as a gift. Myself, each time I give away 1 BTC to a friend or family member, I'm satisfied knowing that my design ensures that the recipient wont inadvertently lose their balance by letting someone post a photograph of the pretty wallet on Facebook, or to a sneaky bad roommate or ex girl/boyfriend.

That's the best design i've ever seen for a paper wallet

Spot on.  This is exactly where I've gone wrong to date in gifting bitcoins.  People accidentally lost them on their computers somewhere.  Oddly, that was part of the reason I created the physical bitcoins that i'm selling (like Casascius but with a proprietary counterfeit/theft protection).  If it looks valuable, people will take care of it. 

Incidentally, I have people that want my physical bitcoins even though they couldn't care less about what a bitcoin is, purely because they look valuable. 

Good design is a gateway to bitcoin adoption.  Well done.

Thanks very much to the both of you for the kinds words.

Today I just figured out a really basic solution to (additionally) discourage tampering. Just use a 3rd sticker to seal the bag itself:

https://i.imgur.com/r4Cq3VC.jpg

actually i have a theory about the reddit flash way:
i have noticed that in most cases laser toner is much less translucent that inkjet ink, so if the wallet was printed with a cheap color inkjet printer, and then the codes added with a laser one (seen it recommended for durability purposes) it's possible that such difference is enough to render useless the obscuring pattern when a bright enough light is used

update:
i managed to reproduce the effect on a wallet printed on inkjet in one go, but sadly my phones camera is unable to photograph any detail at such light conditions, but ill explain in detail:
first thing is slightly pressing on the sides to separate the layers, so the light of the front obscuring pattern gets scattered before reaching the qr, so you will need to make the 3rd fold separate from the first two, which is actually quite harder than separating the first one, so you need to make a fold like this:
http://img42.imageshack.us/img42/5965/wt01.jpg (http://imageshack.us/photo/my-images/42/wt01.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)

make sure you don't make it like this:
http://img59.imageshack.us/img59/9770/fvwz.jpg (http://imageshack.us/photo/my-images/59/fvwz.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)

and it should end up looking like this:
http://img850.imageshack.us/img850/3296/6qcr.jpg (http://imageshack.us/photo/my-images/850/6qcr.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)
notice the small creases that show that it seems to be "inflated".

front:
http://img9.imageshack.us/img9/7899/a61k.jpg (http://imageshack.us/photo/my-images/9/a61k.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)

note:i used duck tape because i was doing several tries and it was easier and cheaper just using duck tape.
in case there is the slightest gap between the edge off the tape and the edge off the fold you can insert a needle and it will make it much easier, so never make any wallet like this:
http://img12.imageshack.us/img12/344/j3jw.jpg (http://imageshack.us/photo/my-images/12/j3jw.jpg/)
Uploaded with ImageShack.us (http://imageshack.us)

but alternatively you could just pierce a small and discrete hole on any crease and do the same

continue in next post...

now candle it from the front, so the dispersion off the front obscuring pattern's light works in your favor, and if you did it correctly any part off the qr that touches the back obscuring pattern should be visible, but any part that is'n touching it should still scatter.

before photographing make sure to press gently on the white surface on the back so all the qr touches the pattern and therefore becomes clear.

in this step i can confirm that a cellphone light in a dark room is enough to make it perfectly clear to the human eye, so a good camera should be able to clearly pick it up.

since i was already using duck tape, i though about using it to obscure qr, so i did this:
http://img833.imageshack.us/img833/7286/icj1.jpg (http://imageshack.us/photo/my-images/833/icj1.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
http://img94.imageshack.us/img94/5910/hz58.jpg (http://imageshack.us/photo/my-images/94/hz58.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
http://img163.imageshack.us/img163/7352/hmn0.jpg (http://imageshack.us/photo/my-images/163/hmn0.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
http://img850.imageshack.us/img850/7707/afoe.jpg (http://imageshack.us/photo/my-images/850/afoe.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
[IMG=http://img5.imageshack.us/img5/3336/38ki.jpg]http://[/img] (http://imageshack.us/photo/my-images/5/38ki.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
http://img833.imageshack.us/img833/1733/hcb2.jpg (http://imageshack.us/photo/my-images/833/hcb2.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
http://img28.imageshack.us/img28/1976/8ui2.jpg (http://imageshack.us/photo/my-images/28/8ui2.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)

but still wasn't enoug, because upon retriing one off my previos attemps at candling i used this old beast:
http://img34.imageshack.us/img34/6111/917x.jpg (http://imageshack.us/photo/my-images/34/917x.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)
note: this thing actually can lift again a small piece off tinfoil falling towards it when it fires

and actually i got the best picture i have been able to get from this particular flash on my phones camera:
http://img819.imageshack.us/img819/5563/58p2.jpg (http://imageshack.us/photo/my-images/819/58p2.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)


if you notice the black shadow at right it's because this flash is faster than my cameras frame rate (60fps) and i couldn't light the whole frame, so under this conditions it's imposible to get my cellphone to focus or at least get any detail at all

proposed solution at next post....

my suggestion would be to change the back pattern which now i think its the most vulnerable, and besides its the one less likely to be confused with a qr for something like this:

http://img94.imageshack.us/img94/7285/rly9.png (http://imageshack.us/photo/my-images/94/rly9.png/)

Uploaded with ImageShack.us (http://imageshack.us)

If you look closely, you'll see a creepy smiling face in there.

i just generated a huge random qr an started randomly using gimp's clone tool (no face intended)

Canton, can you confirm the recent changes on the website?

sha1sum:
dbcaf6ff3a8b0bf1bd213272884b8a6c945dc678 - current website
a64a1bde6be1a0120984da9acf8d031842dc4f68 - current git code and website before change

Thanks.

Sorry for the confusion here, I think you might have noticed that for a few days, bitcoinpaperwallet.com (the live website) was a little more up-to-date than the git code. This is because I was soliciting feedback before pushing some significant Oct 1 version changes to github. (For example, you can now use your own keys / vanitygen and you aren't obligated to use the built-in random key generator.)

At the time I'm writing this, both the website and the github code should be identical. I'd post the SHA1SUM here, but what I prefer is for you to check the GPG signature that is distributed with the github zip code:


The reason I prefer the GPG signature method is that it's not vulnerable to situations like bitcointalk.org getting hacked and having its posts modified. Not that this could ever happen of course, because bitcointalk.org never gets hacked. ;)

Hi 413j0,

Thanks for the testing out the design! I didn't think it would be feasible to 'pinch' apart the folded layers, at least not without damaging the tamper-evident tape. Honestly, I tried your technique for about 5 minutes, both with a needle and by manipulating the inner fold with some sticky tape on the end of a firm bit of cardboard, but I just couldn't get them to separate so as to attempt an illuminated photograph. I don't doubt you succeeded -- it's just that on my end I wasn't able to. Perhaps it's my paper stock (or even humidity!) that's making it difficult. In any case, I'll think on this challenge a bit and see if there's an improvement I can come up with on the design. In the meantime, your addition of extra duct tape (or as others have suggested, slipping in a bit of tin foil) are great ways to improve the light impermeability.

As a thank you for your work on this, if you private message me your mailing address I'll send you some of the brand new tamper-evident stickers that include unique sets of serial numbers printed in white thermal foil (see image below).

https://bitcoinpaperwallet.com/images/gold-serials.jpg

Thanks for the clarification. A GPG signature is indeed a far better method than a checksum posted in the forum.
I missed to notice the sig file in the archive.

i just used standard 75 g/m printing paper, but the folding part wasn't easy, and actually left the paper a little creased, it's easier to get about half off the qr at at a time and maybe photographing it with a good enough camera to joint it.
but as you point paper stock should have a huge effect on this technique, it's hard enough with standard paper, so a thicker or stiffer one should make it much harder.

Hi Canton

Is there anyway you could allow an upload of own design for the wallet? Say I wanted my own logo or some text for promo's written on it?

Absolutely. Just download the ZIP from github and it should be very obvious which two images you swap out. It's the two 300dpi JPGs you see here:

https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/

Can this be done for litecoin as well?

Your tamper proof wallet is the worst!!  How dare you waste my time with this nonsense?..  How was that?

Seriously though has anyone collected the .1 BTC yet?

I bet someone at Defcon could probably do it. They seemed to have no problem compromising Casascius coins which are probably considered the most secure/safe physical cryptocoins in existence.

IMO no physical variation of cryptocoins is 100% secure. The security measures and tamper evident properties will be broken over time as new technologies are developed and implemented. That's part of the reasons I probably won't sell "loaded" coins in my physical cryptocoin project, only customer funded/assembled coins. I don't want anyone to get the idea that I personally back the coin's worth if they are factory loaded and appear to have not been tampered with.

The truth is I cannot stop people from tampering with the coins after they leave my hands. As with all physical cryptocoins, it comes down to trusting the person you're buying the coins from that they haven't tampered with it... no matter what security measures are implemented or how reputable the company is that makes them.

Perfect design. Best paper wallet I've seen by far.

Tip: Print on 10mil teslin for a 100% waterproof (inkjet) and durable wallet. Much more opaque than paper so shining light through isn't an issue either.

Any chance of adding optional BIP38 support for added security?

Thanks for the kind words. Yes, Teslin synthetic paper rocks. I've been comparing about 3 different brands and so far Teslin is my favorite for this application. I've been thinking about adding BIP38, possibly with this different layout/design:

https://i.imgur.com/wdC1mg1.png

As I understand it, a folding/tamper-evident BIP38 design doesn't make a whole lot of sense since -- if BIP38 holds up the way we hope it does -- you can share a BIP38 encrypted private key with the whole world and it doesn't matter.

Announcing the holiday design of this wallet. Enjoy!

https://bitcoinpaperwallet.com/holiday-design/

https://i.imgur.com/PssH4xj.jpg

Hey, Canton.

May I ask approximately how many wallets can fit in one bag (the ones in your website)?

Just curious as I might colour-code the wallets by sticker colour.

The BIP 38 wallet design above is great, especially the matching, numbered private key for a safe deposit box etc.

An option for the "old" design, with a sealed encrypted key would be good too. Anyone with physical access to the wallet might have a better than random chance at guessing the owner's password, or could just snap a picture of it and run a dictionary attack at their convenience.

The xmas themed wallet is very nice!
 

Hello, canton, on which version of bitaddress is the current bitcoinpaperwallet site based?? THank you very much

I have 10 of them in my bag (the free one that came with the stickers) and there's heaps of spare room. I think you could probably get 50 in there, maybe even more.

Are you fairly secure about the paper wallets not being hacked?  Did you deposit only one time per paper or did you do a sample amount first before every paper?

I have not looked at the source code. However, I ran the generator offline on an airgapped computer and printer (has never been connected to the Internet, and never will be even in the future). So unless there is an obvious exploit in the code I trust that it's secure.

I didn't do sample deposits. My reason for having 10 wallets rather than one big one is that in the incredibly small chance that someone has an address collision with me (yeah I've seen all the graphs showing how small the odds are), I'd rather they only take 10% of my money rather than 100%.

Hi there,

As of today, the latest version of bitcoinpaperwallet.com is December 3, and it folds in some of the changes apparent in the very latest bitaddress.org (v2.6.5) -- however there are two significant differences:

1) For simplicity, I don't include many of extra features of bitaddress.org (brain wallets, bulk wallets, BIP38)

2) I do include a potentially stronger random number generator, provided you are using a modern enough browser. (Mostly anything but IE.) bitaddress will likely fold this RNG into their code soon, there's already a change request in place.

Canton/all, is there a list of settings for various printers? I love the wallets, but the calibration process is quite slow on the printer I am using (Brother 4040). As soon as I get it tweaked in, I will offer the Zoom/Horizontal that worked.

I think BIP38 is the last thing I need. I don't have access to a printer at home so I need to print it out at work. Even though I'm fairly confident no one will suddenly find ONE PDF of the thousands of pages that get printed a day with my private key, it's still better if it's encrypted. Plus, this way I feel better about having multiple backups, such as storing a PDF version.

Canton, I justed wanted to give you a heads up that I'm mentioning your website and wallet in the CSL refresh coming out next week. You might get a really big spike in traffic (we have almost 15,000 students).

Hi,

Just this week I adjusted the software so that it starts to automatically set the zoom/shift for known combinations of browsers and operating systems. Unfortunately, I can't auto-detect printers, so that's always going to be up to you. If I get enough feedback from folks, I'll definitely put together a searchable database.

Thanks both for the mention and the heads up. BTW you might contact me privately to stay on top of what's brewing this week: a live-boot ubuntu CD with the bitcoinpaperwallet.com software pre-installed on the desktop. Should substantially simplify printing safe paper wallets, even for people who aren't used to linux.

Send me your contact details:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsFNBFJugc0BEACv91Xph3RKSGfx4n0ESfGWBNOnafhRE+jhwd4lnDM4XYmO
30syetB6QMx/35fPpfLHMPa0NjhhMrU8KLz4VC1RZvtoDSmvocMFLxmcJD2W
/iT/1lXp9jv9L67ALovDUdn2QgRCSbDaXaeCutbFcLQxQ8UtrG+FBCSmst7O
qX9XfaWgD2OdficDENS3GFpNtoK1YT403s7EG3PgjD/+PoqY9WMjlWoDOuic
WLzSkW82NgfET5T8RsA2pYuf/Eu2GMF24Y6vrD1OTtH7kXDU5pswEoCblItA
DtCbbMAUJhGnHFtYIHDxLbCcL2eHIrGXcMgQ20y3dAEoDFAe34D5ERxfe7jy
I07xPLO99FeWz4hX7lE4tJ5Yz8F90IKGnAFQpC5+s2zeXJcrFyughPPwSLKj
J8AiXTCib8TbpSt+55pBGP5iXFE+5Nd7nz51mJ28th/4Ce5cgp0MRHXoNxSu
puuQOO8wNk4kcZIen8pMFypQdR6mHKkAyASCxGsDwfSv1KOdKSpabIxT7lla
RV2K7CILMwmRsi7jcF6mvq9nie+3SKNzBDmXaMmmwOiGko4V+dYWdh24rnBO
LsBFnGA8AzZbRNpqAKYv6EbPpVgcwk2c58ECCx6EUsLSinDc1us0klYYTRin
SO2csYjtd7tgBi6NbNn5iOH8YHBzRts+N4d9QwARAQABzS9DaGFybGVzIEhv
c2tpbnNvbiA8Y2hhcmxlcy5ob3NraW5zb25AZ21haWwuY29tPsLBXAQQAQgA
EAUCUm6B7QkQIePjdxPhVYYAAFn+D/4i8XkURnz5pRLw6yt/982B7D5vjqfW
1Qe7h372PfkQ0Tb0LJHmQ0Jywa/V1lhHl2aKaHVAmDFi1pjIsDwnvxZji/ff
4tla69vkw9k7UVfZueEYR2D471b2VOKgXyojOjUqgGYymQ+ogA+ZcM5VLyac
FsbYCwdeQGJZEvkFTzw5UsEFJPAPrLSt7z5c66aWs3Pph8dHXPK9HmAUfclG
NR5/A/UK9aFiPHB8xf74JZeypCLwVg01LA8xvEOgCOayt5KzJO+oUzinMDFS
EXfiT6h6yzQevNYiIVmOpeUg0ZiAgHC9UsvVP9cjkP+DLiO1yQ9/EH85CMuZ
14Lg3IB6t09nB9M9VYoAZVp9ooRvWP4wX/G0FENvab+Y/R64Gq8Za2BXKYwx
U1rDgvA2ITat6MU1MbDe+Vzc25FBziz4FZHnWpfJHZUuN2rGQDeMTPah1Zzp
Cg6e80cLi2jP9zU08tBPs98jL8cw6ugvSYsyCQKqTPykRJ6ZG4t1OQKJj0+p
BHN1hi7BewxYkvGaSUqs/fa4YusYbdDyLPQUhnbDhRiRAX/byrQWeKRrbFij
CGNjbmMNMLPmV2GUdks4fSapxu6SFNF6AVWP03NsaM4QxKzI7TX8vPWwgyQ4
y6J8KvTHXNF0oFSaQYjUygmjdlwFExiTRW+b12nPO1i3YvwXc4Bt1A==
=gQFQ
-----END PGP PUBLIC KEY BLOCK-----

Hi Charles. My email, PGP public key etc. are all at http://cantonbecker.com

Sent an email

WOW. Now if my last question is stupid, forgive me - so what if all of us printed, moved our mouse and generated addresses OFFLINE, is there any chance that this webapp generate an identical address keypair that already exists out there? How will it countercheck the newly gen. address with an existing one?

Thank you very much and more prosperity may come your way.

Hello,

It is nearly inconceivable that any address you generated using bitcoinpaperwallet.org (or bitaddress.org) will ever collide with another address, whether generated online or offline. Each time you generate an address, it's like taking a 16-sided die and rolling it 16 times. For a duplicate address to be generated (a "collision") someone else would have to roll the exact same 16 numbers in the exact same order.

Meanwhile, the bitaddress.org random number generator is continually being improved to add more "entropy" to guarantee more and more random results since generating truly random numbers is tricky on a computer, and the authors want to circumvent any weaknesses inherent to either the web browser or the operating system.

Also on the other side of the paper too, behind the actual private key.

Possible, but not automatic. You can print two wallets per page, either with the same keys or different keys, your choice. See "Can I print two per page" at: https://bitcoinpaperwallet.com/printing-and-paper-tips/

This weekend I had a couple days off for Father's day, so I finally implemented some features I've had on the back-burner for a few months. Here's what's new:

• The background pattern ("guilloche") is algorithmically determined by the first 8 chars of the public key. This way each and every paper wallet looks a little different. I like how this reflects the significance of every public key (your wallet) being unique. Good teaching point when you're giving these away. If you don't like the pattern you get, just hit the "generate new key" button a few times, or roll your own with dice, etc.
• By popular demand: BIP38 encrypted wallets now have a different color (blue stripe) so you can tell at a glance which wallets are encrypted and which aren't.
  
• Also by popular demand: when printing a wallet, you have an option to add a denomination that shows on the front, e.g. 1 BTC, 250 mBTC, etc. Nice for gifts. You can also turn off the back side instructions and deposit notes if you prefer to have that space for writing a personal message or password hint.
• Additional languages: Hebrew, Japanese, and Swedish for a total of 13 languages. Also, languages are dynamically rendered in HTML now instead of using huge JPG images, so the github download size will shrink considerably.
• Minor changes to graphic design. On the whole, a bit more elegant and currency-like. After all, the more valuable these look, the less likely they are to be thrown away by the person going through your personal affairs when you die...

You can try out the beta here: https://bitcoinpaperwallet.com/beta/generate-wallet.html

Thanks in advance for any feedback. Contact me directly if you'd like to submit additional translations.

https://i.imgur.com/qIWViIE.jpg

https://i.imgur.com/sJWXwNL.png

https://i.imgur.com/TxWNwph.jpg

https://i.imgur.com/sGvHk2P.jpg

https://i.imgur.com/kOkw87C.jpg

You can try out the beta here: https://bitcoinpaperwallet.com/beta/generate-wallet.html

Nice work.

I notice you changed the pattern on the private key obfuscation panel - any particular reason?

As a matter of fact, yes!

* On the front side, the obfuscation is now truly random, unique for every wallet. Important for defeating someone smart enough to be doing candling and looking for a "difference pattern" with the old predictable

* On the rear edge, the obfuscation is now simply more attractive. I use a flowery guilloche pattern instead of those colored dots. It's placed so that its most dense ink areas go right over the QR codes.

Tip: Especially if you're using Firefox, you can use the "Validate" tab to scan your old wallet's private QR code with your webcam. Once scanned, there's a button to load in the address as a wallet, whereupon you can add BIP38 if you like, change the design, and print a new one.

Also, last night I updated the beta to allow you to type in your own message on the back if you don't care for the instructions. You might use this to record a hint for your BIP38 password, etc.

This note is to announce that the bitcoinpaperwallet.com generator has been updated as of June 25, 2014. Both the GitHub ZIP and the Ubuntu CD have been updated.

Images: http://imgur.com/a/a2BDz
Github: https://github.com/cantonbecker/bitcoinpaperwallet
Ubuntu CD: https://bitcoinpaperwallet.com/ubuntu-linux-live-bootable-cd/

In addition to the improvements mentioned last week (dynamic background "guilloche" patterns, more translations, ability to have denominations on wallet fronts, different coloration for BIP38, etc.) these last-minute features were added:

* Ability to type in your own message to be printed on the reverse

* Option for typing in your own denomination (e.g. 1337 mBTC)

https://i.imgur.com/qIWViIE.jpg

What do I do if my deposited BTC (moved to paper wallet for use later on) is instantly forwarded to a differ address. I used a completely offline pc to generate and print the paper wallet and deposited .02xxxx BTC only to find minutes later on blockchain.info that my BTC was sent to a different address. Clicked on it and from there it was forwarded two more times until it reached an account with (current as of 12/22/14 22:35 cst) over $78,000 in BTC.   This makes me feel as if I have been scammed, please someone help me. I know .02xxx BYC is nothing, but after 3 months of mining it was all I had.....

Creative Paper wallet Designs on the thread at LetsTalkBitcoin

https://letstalkbitcoin.com/forum/post/paper-wallets

it's only my problem ? after creating a new paperwallet and entering the password bip38 , when I go to print , do not see the qr code , the space remains white .... someone could help me ?

I printed a couple paper wallets a couple of months ago and everything was fine.  I am trying to print a new one today and I am having the same problem as you.  The QR codes show up find on the screen, but when I print the wallet, the spaces where the qr codes should be are blank.

I am using Google Chrome v 43.0.2357.81 m if that matters.

EDIT:  I also just tried with Firefox v 25.0.1.  The qr codes still did not print.

EDIT again:  I tried with a different printer and it worked fine.  So I guess it's something in my printer settings.  I'll be checking into that later.

ok, good to here that i'm not the only one, i've used 2 different printer, but always the same white square instead of the qr code, let me know if u find an error on printer's setting..

I found this in the mailbox ...


http://oi64.tinypic.com/2nu5bu0.jpg

http://oi66.tinypic.com/rhrfqu.jpg

http://oi64.tinypic.com/281bvwo.jpg

http://oi67.tinypic.com/2cwpglu.jpg

http://oi65.tinypic.com/dll5bq.jpg

http://oi64.tinypic.com/9gbvig.jpg

http://oi68.tinypic.com/m9ag7n.jpg

http://oi64.tinypic.com/do5207.jpg

http://oi65.tinypic.com/29e3lmb.jpg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

bitcoinpaperwallet.com is under new ownership

First of all, thanks to everyone who supported this project and helped with its
development since I started it back in 2013.

At the end of April 2018, I sold the bitcoinpaperwallet.com website, service, and
associated domain names to a new owner.  This also includes related projects such as
litecoinpaperwallet.com and ethereumpaperwallet.com.  All orders for hologram stickers and
CDs, and any questions relating to the business, should be directed to the new owner at
orders@paperwalletshop.com.  Also, I will no longer be making updates or accepting code
contributions for this project at https://github.com/cantonbecker/bitcoinpaperwallet. The
updates posted in September 2017 are my final contributions to this project.

If you have any questions regarding bitcoinpaperwallet.com, please direct them to the new
owner at orders@paperwalletshop.com.

Canton Becker
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEdh99U9EVkSdKFwuDknetcTbh2bYFAltjU1EACgkQknetcTbh
2bbIEQgAkHJ1Q7KPiRbNqAFZ9rHCpW7I9ap456kf8/f3b/vv4I1B6rqEBPqzejXW
FxH+xaUFwuMbzag2uxPd4xaz3REmt7N3fF9DjXXIb7cH9BhFwv3MwiEQ2apriZf3
NT9/EKh3W8NRoHkXn5j5l7lWM6CcemkcqNqgHJyrgugJGu3q/h2UNuWweyQVtwNE
lspY+zxkHGc8nFZ9AUgkmJgWmmbwSHZzZuNv53eV/tLkorL8cMSSmBIAeQkMvjXj
Q6OJYI8WVEgf3naZLMO7NHWrFxs+qOItc/vpYqFIqm/6KOOKrE6b7gsTrSi7vn/b
bBCpu2/pfco75A7v0MxWvTEzTKhuwA==
=5V72
-----END PGP SIGNATURE-----

@canton

Thank you for all the hard work done on this project all those years and good luck for the new owner!

Would the new owner please make themselves known? Easier to use a service when you know who is behind it.

Thanks.

I've recommended this website to my friend. He just got back to me saying, that the wallet he just generated had previous in and out transactions starting in Jan 2019 and ending last month - March 2020. I spoke with him extensively, and I can't find any reasonable explanation. This is the address he "generated" two days ago: https://www.blockchain.com/btc/address/1PoZHV4rrftuv8YuoDgRqji1syuSw141q8

Any ideas?

WARNING: BitcoinPaperWallet.com is (now) a scam!

Don't do that anymore, this site is now a scam!

@canton: please add a warning to the title. Also: do you know who the current owner is, so victims can add that information to their police reports?

Further reading:
Why has my newly created Bitcoin address already been used? (https://bitcointalk.org/index.php?topic=5247201.0)
24 out of 100 addresses were already used (https://bitcointalk.org/index.php?topic=5247201.msg54451325#msg54451325)
bitcoinpaperwallet[.]com is a scam (https://bitcointalk.org/index.php?topic=5304970.0)

Apparently, it's enough just to sign a message to absolve yourself of all responsibility ... I have no complaints about canton, given that he announced the sale two years earlier, but who knows what kind of loophole he could have left for himself before the sale. I am convinced that the former owner should intervene in this matter.

• Feb 24, 2021 Theft 124.85 BTC: BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests (https://www.coindesk.com/bitcoinpaperwallet-back-door-missing-funds-research)

I have a question about the flag, since on the one hand canton no longer seems to have a relationship with BitcoinPaperWallet, but nevertheless the thread created by him is indexed in the search engine. Maybe you should at least consider creating a level 1 flag?

A Type 1 Flag (https://bitcointalk.org/index.php?action=trust;addflag=39021) has this description:
As much as I'd like to see said warning above this topic, the Flag itself would be incorrect.
It would probably help much more if Google would stop showing the scam site as #1 when you search for "bitcoin paper wallet".

I am aware of the description of the first level flag, I meant that this flag will not cause any damage to canton within the forum, but will protect guests and newcomers who come to the forum from outside. As for the bitcoinpaperwallet site itself, for prevention purposes, I will probably report this to Google support.

I urge everyone who wants to help keep people away from the BitcoinPaperWallet site review my merge for its Bitcoin Wiki page: https://bitcointalk.org/index.php?topic=5322560.msg56522876#msg56522876

Scam is still happening, did anyone do something with that person?

I even contacted him via bitpaperwallet@gmail.com: