Bitcoin Forum

First, apologies if this is the wrong place or this has been requested before - but we really need an easy way to import a private key from the ever growing in popularity paper wallets.

No messing about with RPC, please.... Just a nice menu choice.

You might know this and probably won't be completely happy with it, but: the latest clients have a "Debug window" where RPC commands can be entered.  So it is as easy as Help -> Debug window -> Console -> Enter "importprivkey 5kj2..."

Most of the core devs seem to be against making this easy, see: https://github.com/bitcoin/bitcoin/pull/2050 .

Wow. Ok whatya gonna do... It's the hard way then....

Importing/exporting individual keys is dangerous, and will never be supported in a friendly way as there's just too many ways to shoot yourself in the foot with it. It breaks the wallet abstraction as it allows private keys to exist in multiple places at once.

What would be acceptable is a "sweep" feature, that either once or regularly sweeps the incoming coins from a specified private key to the user's wallet using a transaction.

So if importing private keys is dangerous then what is the right way to spend money that is stored in a paper wallet?  I imagined you were supposed to import the private key of the paper wallet.

you're supposed to spend the input immediately, so there will be no funds left over in the paper wallet. this can be done by using a separate wallet to send to your main wallet, or by using coin control to make sure the paper wallet's inputs are spent.

I thought a paper wallet was for safe long term storage. That's what I've been doing with it.

Yeah paper wallets are a great idea ... if your wallet software explicitly supports them. Which today none do. If your wallet app doesn't have explicit support for paper wallets then you are very, very likely to lose money with them. It's already happened.

Really why?  My understanding is that the paper wallet has a private key on it so as long as the private key is safe the coins cannot be lost.  Isn't that the whole point of having a paper wallet?

Yes it is for long term savings but in the event you want to spend it, it needs to get to an online wallet somehow.  Why is using the import private key function a bad idea?  And what is the better way?

it's bad because people can trick you into importing a private key. your client will show that you have BTC. but if it's not sweeped to one of your addresses, both you and the other party has access to the coins.

Of course, the other piece that needs to be in a client that imports private keys is the ability to spend from a specific address. If you believe that the act of importing a private key has potentially compromised the security of that key then all funds, once imported, need to be moved to a clean address. This also would address the "change" issue that I believe is being referenced when someone says "paper wallet imports make people lose their coins"

Yes, exactly. People don't understand how the protocol works and how wallets work, then they lose their money. It's not hard to have a wallet app that understands paper wallets and guides users through the process, it's just that today none do it. It'd be a  good contribution.

I heard Armory supports paper/offline wallets natively. Haven't tried, but may be worth taking a look.

The right way to do it is with deterministic wallets. Then you can have a paper wallet that doesn't have all the complicated issues with change addresses and privacy. But it would still need some nodes to index the UTXO set to make import fast, otherwise you have to rescan the chain from the birthday onwards, which is very slow. Fine for restoring from backups when you're not expecting to ever have to do it, less fine for other things. Some people want to use paper wallets not only for backups but to very frequently import, spend and delete the wallet. This use case is much more complicated to support.

In other words, to work well paper wallets need both changes in the protocol and upgrades of the clients.