Bitcoin Forum

Hi, I have electrum and seems easy enough to send/receive.

Electrum website says: Cold Storage: You can have secure offline wallets and still safely spend from an online computer.

What are the steps to do this?

thanks!

Jonald

https://electrum.org/tutorials.html#offline-mpk

Thanks!  Wow this looks pretty darn secure.  Is there any way coins could be stolen if this approach was used? 

Malware could get to the offline PC via the USB stick. It would have to be malware that runs when you put the USB stick into the computer i.e. malware that exploits an OS vulnerability. Otherwise you are not really running any executable files off the USB stick. All you'll be doing is opening, closing and saving text files.

Are you saying malware on the offline PC could cause it to change the recipient while you are signing it?  Cause  I don't see how any other way malware would be a prob on the offline PC here....and if so, Wouldn't that be able to be detected visually?

You really can't be sure - that's why I only access my cold storage Electrum from a Tails USB drive.  I've installed Electrum on a persistent drive within the Tails system.  

https://tails.boum.org

I use my usual computer.  Unplug the ethernet cable.  Reboot into Tails and voila...

Malware could encrypt (with the malware author's password) and embed the offline wallet's seed within the transaction so that when you broadcast the transaction you would also be broadcasting the encrypted seed. The malware author could then read the seed from the blockchain, decrypt it and steal your bitcoins.

 :o

LOL don't worry! It's highly unlikely we will see such sophisticated malware in the wild anytime soon. You asked the question so I thought I'd show you one extreme scenario.

Is there any slight possibly that a wallet would FAIL to regenerate from a correctly stored/typed seed?
If not, is there any reason to keep the wallet file on the offline computer at all?  (It seems safest
to delete electrum entirely if the coins are going into deep cold storage, and just have a watch-only
wallet from online computer along with the seed memorized/stored safely.

Not to be rude to the great dev team here, but this happened to me TODAY.  It turned out to be a bug in 1.9.6, when I loaded the unsigned transaction on my offline Tails Electrum - it couldn't find the address and failed silently. 

 :o

Fixed by an update - but it was a little scary!  ;D

hmmmm well thats good it was fixed..i wasnt talking about loading transactions, just restoring the wallet itself from a seed.

Yes you can do that. Write down the seed on a piece of paper. Delete the wallet. Practice restoring it. Once you are confident you have it down pat you can delete the wallet permanently.

In older versions you had to nudge electrum to generate addresses beyond the gap limit. I can understand how it might be scary, though.

very cool.  Thank you Abdussamad. 

This is a great feeling, knowing my coins are secure in cold storage now.

Are you part of Electrum dev team?

No, I'm not.

I exaggerate a bit, but being offline so I can't look up how to increase the gap limit in the console was problematic.  I also, had made a big deal in my mind of it being the first time I'd restored my seed entirely from memory, so there were a few 'aw...'. 

In any case, Electrum truly is a very impressive system. 

How to make offline transactions using your Master Public Key:

Get an offline computer. This can be a physical device or a separate installation on your current computer. I would advice a Debian installation with encrypted home folder for extra security.

    [Offline PC] Install Electrum via a USB-Key.
    [Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a lockbox.
    [Offline PC] Go to Settings -> Import/Export and copy your "Master Public Key" and put it in a text file on your USB-Key.
    [Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the "Master Public Key".
    [Online PC, existing Electrum installation] See below how to make Electrum to restore or open alternative, non-default, wallet.

You now have an online wallet where you can check your balances and give out new addresses, but you can't however spend the coins. So if an attacker would be able take over your online computer your coins can't be lost.

To make a transaction do the following:

    [Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.
    [Offline PC] Go to Settings -> Import/Export -> "Load raw transaction". Select your transaction from the USB-Key. It will detect it's not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.
    [Online PC] Go to Settings -> Import/Export -> "Load raw transaction". Select the signed transaction and it will ask you if you want to broadcast it.

Is it possible to sign the 'seedless' transaction via a QR code, without breaching the air gap with a USB drive ?

You know I couldn't understand this raw transaction, watch wallet etc mumbo jumbo, so here is what I did, installed electrum on an offline machine, which never ever comes online, it doesn't even knows what google looks like. I created bunch of addresses. got their keys and saved them on that computer itself and on other usbs (they also never go online).

Send my coins to one of those addresses and they're secure and when I feel the need to perform a transaction, install electrum on an online computer, let it sync, import the key to the address who has the bitcoins. send to whomever I need to send. for ex. I have 1 Btc and I need to send someone 0.1 Btc. I send 0.1 to him and the rest of coins I send to myself to the other address which again hasn't seen the lights of the day. And never ever use the old address again.

And I feel it's pretty secure.

... something way more complicated imo. Not to mention dangerous.

As long as you don't ever copy your Master Public Key from your offline computer you should be safe with your method.

Why?

Because if I have a master public key and any one of the private keys of an individual address derived from that master public key, I can calculate the master private key.

To make it easy to understand: Master Public Key + Private Key of any address from it = I now know your seed.



So I hope you never touched the Master Public Key button on your offline wallet... because you've got private keys all over the place, and the one's you've used up, you're probably not too careful with anymore now that they have no balance...

But, if your Master Public Key has never touched an online computer, you're fine.

I thought we have to copy the master public key to online computer to set up watching only wallet.

???

Wow, ok thanks for warning me, I am pretty sure my master public key never went online but is it really that easy, if someone finds out my master public key and private key of any of my addresses it will discover my seed?

So then how is it when one uses a master public key on an online client to send some coins, doesn't at any point the private key is inserted to sign off the transaction for it to go through?

Yes.

But you keep your seed offline, so it is OK. No one can know your seed if you keep it, and ALL PRIVATE KEYS OFFLINE.

ie. DO NOT export a single private key from your seed and bring it online to import into some service.

As soon as you do this, anyone who knows that the private key belongs to one of the addresses generated by the master public key, they can combine them to create your master private key (which is what your seed is used to make)

Remember: When you click "Export Private Key" a huge warning message appears. Please read the warning messages and do not ignore them.

Thanks for clarifying Debura.  You da man.

The inference I get is:

Don't use the same wallet as a watch only device and also for use importing some address into another wallet because then you've exposed both the MPK and private key of single address to an online system.

Yes, it is very easy. But no, they will not discover your SEED, but they will discover your MASTER PRIVATE KEY. Using this, you can generate all private keys in the wallet, just like seed, but it is not exactly the seed.

If you use the master public key on an online client, your seed and private keys are on an offline computer. This is safe.

If you are talking about a normal online wallet (with seed on the online computer) then your seed will get stolen directly if someone has enough control of your PC to see your RAM, no need to steal your master public key, they just take your seed... so Master Public Key is not an added risk.


btw, this vulnerability also affects BIP32, so be careful.

Ok. Thank you for this lesson man! I learnt a lot!!

And my Master public key never came online, I can confirm that, also my pc is very secure so I think I'll be ok for now.

What's BIP32?

BIP32 is basically Electrum's Deterministic Wallet version 2.0

Thomas, the lead dev for Electrum, helped design the BIP32 protocol and it was inspired and based on the Electrum deterministic model.

http://bip32.org/
This website allows you to mess around with BIP32 and switch around the branches and whatnot to see what kind of addresses are made.

Many wallets are now supporting BIP32, in fact Electrum 2.0 will support BIP32 and on top of that supports 2of2 and 2of3 Multisig addresses generated deterministically

A little off-topic but what are your views on paper wallets like one you get from offlineaddress.com, if a user creates a paper wallet offline using the html they provide, do they use some sort of Master Private/Public key, can the people who created this offline paper wallet creation tool know what addresses and private keys were generated by users?

I have not personally verified offlineaddress.com so I can't speak for them.

However, I assume it is similar to bitaddress.org.

With bitaddress.org, all calculations are performed on your computer, on the browser. When you generate the paper wallets, you are generating a new private key from a random number generator every time you generate them, so nothing is deterministic.

If you save the html file of the website on to an offline computer and then open the html file in a browser, generate a paper wallet and print it up, there is no way that anyone can know your private key.

If your printer is super smart and connects to the internet and caches everything ever printed on it for some reason, you might be slightly vulnerable, but if you're super paranoid, disconnect the printer from the internet, connect to the offline computer via USB, and after printing up, look up a way to clear the printer's spool. Google "secure home printing" for tips.

Thanks, I guess I am just going to opt for paper wallets from now on-wards, print them offline, keep them offline and only bring them to light when and if to perform a transaction and send the reaming to the next one.

Paper wallets have their uses... but their main usefulness is that you can physically protect them and they don't rely on hardware (like hard disks and computer operating systems) that can fail.

If you are going to keep the paper wallets only on your offline computer, you are no more safe than using Electrum offline. And Electrum offline wallet is easier to use.

Yeah but the main reason I am going to do this is because I don't have to worry about so many things with them, I don't have to worry about master public key and where to input them or not. I would make a bunch of them, keep them offline and also print them offline as well and still continue doing what I do, which is keep my keys secure and when I perform a transaction, transfer my rest of the funds to the next one and not worry about my other keys being revealed because someone was able to find out my Master Private Key by getting hold of my Master public key and a Private key.

OK, as long as you actually PRINT your paper wallets and are using secure printing procedures you're fine. Paper wallets are a very powerful tool.

Your Master Private Key will never be found out if you do one thing:
1. Don't ever export a single private key from your Electrum wallet.

It's not hard to be safe with Electrum. Just don't export private keys, and don't let your seed online.

Paper Wallets are better for individual key management, physical security, and long term storage.
Electrum is better for frequent re-use. Aka, I have a cold wallet, but I want to use it to top up my hot wallet occasionally, etc.

Stay calm, and learn about each method, and how to use it safely. If you are paranoid and scared about everything you hear, you will get nervous and make a big mistake that loses all your bitcoins. So stay calm, learn about your options, and remember to BACK UP EVERYTHING. If it doesn't exist in two or more physical locations, one fire in your house can wipe out all your bitcoin holdings.