Bitcoin Forum

I just need a user-friendly way to sweep bitcoins from a offline paper wallet onto the Blockchain, without having to expose your private key, whilst you are online. People can screen grab the private key or they can use key capturing or clipboard highjacking in Malware to steal your private key. ^grrrrrr^

Give us a offline method to scan the QR code for the private key and then to copy & paste that onto a application, linked to the Bitcoin address you want to sweep it to and then encrypt that before you go online. The moment you go online the app connects to the Blockchain and it decrypts the information and sweep the key.

The source code should be OpenSource and posted on Github with a signed message from the developer. No logs must be kept or information redirected.

Can this be done?

technically impossible.
The process of sweeping private keys involves a transaction in the blockchain.

I think what you meant was "importing" private keys.

But all in all, one time exposure of your paper wallet's private key means that you intended to spend its balance,
so there is no need for such security measure unless the wallet you're using is unsecured too.

OP said that he wants to automatically sweep it as soon as he goes online, while having all the data encrypted, and I think the following program should work.

First, we need a digital camera to take a photo of QR code, then you connect it via USB to an offline machine, and decode the QR code from a photo to get the private key. Then you insert the address you want to sweep to, and the app creates a signed transaction with paper wallet's address as an input. Then you can transfer this signed transaction via USB or by scanning it's QR code on your phone, check that it is correct by some other software (Core, Electrum, etc.) and broadcast it.

But I'm not sure if this app is needed - it can be useful if someone is dealing with huge amounts of paper wallets, but if it's one-time only, then it's not a problem to do everything I've described step-by-step. Maybe it can be implemented as a feature in some wallet that already has a good cold storage functionality, like Electrum or Armory.

No it is not impossible. The scanning and encryption of the private key is done offline, to protect it from the above mentioned dangers. Nobody can visually record or snoop  your session, if this is done offline. <If they found some way to remotely connect to your desktop>

The App will have to contain some software to convert the QR Code to text <which is basically impossible to find at the moment> and also a method to encrypt&decrypt the text, before it is validated on the Blockchain, when you go online again.


The App will reduce the risk in doing this ONLINE. You cannot have a situation where you stored coins securely for years in a paper wallet and the moment you go online to sweep it, then it is gone.

Every time I have to sweep paper wallets, I get that tightness in my ass, because you never know who is looking over your shoulder.

My long-term strategy for cold storage require me to have multiple paper wallets with small quantities. I do not want to store all my eggs in one paper wallet and every time I want to sell, I have to sweep all my coins and expose my whole hoard/private key. It just make sense to have multiple paper wallets, if you want to store bitcoins for a long time, but sometimes you have a need to use some and then you only have to sweep 1 or 2.   

What you could do is to try to use tool such as: https://coinb.in/

I've been using it for quite some time and so far my keys are safe with me. What is coinb.in anyways? It is a website open-source that have basic functionality of signing an address and creating and managing transactions in general.

I use LIVE OS installed on my USB for this because every time I use this USB it is only existent in my RAM. Basically you want to boot up your live OS, download coinb.in pull the information about available inputs via some available block explorers out here and simply go offline after you get your inputs. Plugin other usb with your priv key or you can install software that can read QR from your camera codes before you even go offline and can read your private key this way. Sign a message with that private key and simply save your hex encoded bitcoin transaction either on your hard drive or plugin another USB so you can simply broadcast that hex later on.

I found this to be effective thing to do for me, might be a bit complicated but so far it have served me well.

I don't really see an other offline solution as you will still have to pull unspent inputs from somewhere.

technically impossible.

Of course your keys can be stolen even if you are offline- malware that exploits bugs like Meltdown and Spectre will just steal them from your memory as soon as they touch your system and then will send your keys and other valuable data to remote server as soon as you will go online. The only way to mitigate the possibility of this attack is to get a real cold storage - a separate machine that has never touched the Internet and will never touch.
Also, there's another point of failure with paper wallets - if you have generated them on some web page, their randomness might be weak, because Javascript can't generate cryptographically secure random numbers.

The bitcoins in the paper wallet are already on the blockchain. What you are asking is about moving the private key from a paper wallet to some kind of wallet that can be used for transactions.


You can create a transaction off line. Hence it is possible to never expose a private key to an online wallet.

https://bitcointalk.org/index.php?topic=944915.0

It only makes sense to me that a Paper wallet is meant to be created offline <Air-gapped computer> to increase the security and therefore it makes further sense that the Sweep/Import option should also be done offline first and then encrypted before you go online again.

The automated Encryption and Decryption of the Private key <from text> to import/sweep the wallet, would reduce the risk of the private key being compromised during the process to sweep/import these wallets, when you go online.

Offline
Step 1 - Scan QR code on Paper wallet and retrieve the Private key
Step 2 - Insert Private key into App
Step 3 - App Encrypt Private key <not recognised as text>
Step 4 - Insert Bitcoin Address where coins will be swept to

Online
Step 5 - Go online <Enable Wifi or plug in data cable>
Step 6 - App still running, Click on "Sweep Paper Wallet"
Step 7 - Application automatically decrypt the Private key and sweep the coins from the paper wallet onto the Address specified in Step 4

Done

If you look at a site such as https://walletgenerator.net/, then the tab entitled "Paper Wallet" you will see the BIP38 Encrypt option.

That allows storing paper wallets encrypted. At the moment I don't have time to do testing but if I recall correctly some wallets, at the moment of sweeping such a QR code, will ask for the decryption password.

Thanks for the URL, it does not address the issue of securely "sweeping or importing" the Private key, but it looks better than Bitaddress.org <It supports 194 other Alt coins, which is nice>

Can anyone validate if this site is as safe as Bitaddress.org? Both have links to the Github repositories for the Source code, but I do not know if the code for this wallet generator was checked.  ???

The site only tells you the standard answer, when you want to spend the coins from the paper wallet :

You will need to import your private key in a real client, that you can download from the currency website. The exact method to do that will depend on the client. If there is no integrated method, you can usually fall back to the debug console and use the command “importprivkey [yourprivatekey]“.

I am still looking for a secure way to do offline sweeping/importing of private keys as discussed.

 

Electrum can do this if you have an online computer and an offline (air gapped) computer.

Setup the online Electrum in watch only mode with the address in which you have funds. Attempt to send the funds as desired. This will create an unsigned transaction which can be saved in a file that you can place on a USB stick. Setup the offline Electrum with your private key. Move the USB stick to the offline computer, load the transaction into Electrum, sign it, and saved the signed transaction back onto the USB. Move the USB to the online computer, load it into Electrum, and broadcast it to the world. (I've not done this, so I don't know all the user interface choices that will be needed...)

The signed transaction is secure. You can take your time broadcasting it from the USB. No malware can take it and change it.

Both options should indeed work, and Electrum is the easier option. If you go for Coinb.in, make sure you Verify the transaction before broadcasting (also check how much fee you're paying)!
If you use Electrum, it still doesn't hurt to Verify the transaction before broadcasting.

I have the same strategy, but it becomes increasingly annoying to claim all the forks.

yes, mycelium (android) will ask for the passphrase when sweeping a bip38 paper wallet. ive done it many times.

Thanks. Although it wasn't Mycelium which I was thinking of. So there are more than one that do this (the BIP38 repository may have a list)

However, this essentially answers the question posed in the thread.

Before you want to close the thread, you should consider why I opened it :

1. I want a offline method to do this. <with encryption when you go online>
2. I want a easier method for newbies to do this. <Nice GUI interface>
3. I want to sweep everything, not just move a percentage of the coins.

These days, with all the free coins that needs to be claimed from the forks, we need a fast and easy and safe way to do this. I use a lot of paper wallets and this is becoming a issue with all of these forks. ^grrrrr^

Previously Codewrench explained standard accepted practice of air-gapped offline computer, where private keys are never exposed to the Internet.

Are you referring to the risk when private keys are placed in new-coin-wallets for purposes of retrieval of those coins? Because this is a process of importing the private keys, such that they stay the same. "Sweep" usually refers to the reading of key into a new key in a wallet.

Since every new fork is unique I doubt there is every going to be any GUI interface that makes all cases easier for newbies.

you need app that grabs private key in offline and after that in online it launch

latter may work just with detached console

My standard practice with forked coins and paper wallets is the following.

1. Importing Paper wallets to a new Bitcoin address <moving them away to keep them safe>
2. Taking old Paper wallet and using whatever forked wallet to extract the FREE coins.

So yes, even if every fork is unique, you still have to move those coins to safety, before you risk using that paper wallet on some new fork wallet.


This is too complicated for the average Joe out there. We need to hide that in a nice GUI for granny to be able to do this.
Even technical people struggle with this : https://bitcointalk.org/index.php?topic=2838191.0

can make it for windows
0.07 BCH
pqq52yey3rawhgzwghu05acg5p63kyajmyhrf8v8tj

It seems to me that you are conflating "offline" with "air-gapped". An air-gapped system is a system that is never online and/or lacks the ability to even connect. The idea of using an air-gapped system is that that system contains your private keys and no other system does, ever. So, there is simply no way for a hacker, no matter how clever, to siphon away your private keys(1).

It doesn't matter very much if you disconnect a non-airgapped computer while you perform sensitive operations because a hacker may have installed some malicious code that is recording your session whether you are online or not. The moment you re-connect, the malicious code begins "relaying" its session recordings back to home base.

For reference, here's the wiki on cold storage (https://en.bitcoin.it/wiki/Cold_storage).

(1) - There are still risks. A Windows system with autoplay can launch code from a dirty USB key, for example.

Yeah, that's the correct way to do it. You can easily do it with Bitcoin Core or Armory. Armory has a GUI to do so, IIRC.
Did you literally just grabbed some random post and just said that it's related to the topic? It's not. The mistake as said in that post could happen to anyone who doesn't have a deep understanding of the crypto. If you really fancy a GUI, go for Electrum. Bitcoin Core isn't for you.

Paper wallets aren't really all that great. Its a huge pain in the ass to spend them safely, as compared to something like Electrum.

I assume you mean "Sweeping" instead of "Importing", right? It's probably a typo, but for others who read this it can be a crucial difference.

These words have specific meaning, and confusing them can easily lead to loss of funds, in certain conditions.

I understand you are being polite in saying "typo," but this is important.

I think there is some misconception here - on the onehand side it is asked to make a process "granny" proof, but on the otherhand side it is already a complex 7 step process, with online wallet, offline or cold storage wallet ideas, paperwallets, QR code scanning, encryption and the complex topic of sweeping or scanning. If people here in the forum mix this up, how shall this be granny proof?

No, I don't think that it shall be granny proof, it can't be - too complex. It looks more like looking for an easy method that saves time for the annoying complexity of handling paper wallets (and insisting to use them going forward). If this is the case, then the right question is: what is the willingness to spend/contribute some funds, so that this particular feature is realized?

alexeyneu provided an answer to this, which I think is a really fair offer. It can then be put on github as open source, and further developped. And who knows, even one day it might get a high level of user acceptance, that is desired also by others?