Title: How I generated secure paper wallets and transfered them securely (Newbie) Post by: sher_rock on November 12, 2020, 12:51:49 AM This is a guide of how to generate (relative) secure paper wallets
Everyone is invited to suggest improvements, make it easier, more robust, provide alternativers, comment on what they like or not, and also critizice it. Also, this is a disclaimer: I'm new to all of this. First, I didn't buy a hardware wallet because they are not produce in my country and I couldnt' trust they are not tampered. So the other way was to generate it myself. (Not your keys not your money) I've instructed myself several weeks reading various ways of generating wallets (including Glacier). As of now, I think this is THE BEST METHOD for a non-technical person which is high security and low cost and not that much lenghty. FAQs: Why I didn't use Coleman's BIP 39 mnemonic method? Basically, I dont know how to audit the code. As a downside, we will have to really write down accurately our keys having in mind that a mistype is fatal. Also, we should keep in mind that destruction of the key is fatal as well. The user has to secure the key from losing the keys, theft and destruction. Lets start You'll need:
Notes: We will be following https://www.swansontec.com/bitcoin-dice.html guidelines. We will be creating our own random key instead of downloading BitAddress javascript for safety reasons. Following this guideline lets you audit the code that will create the public address and bitcoin address. Its simple, short and you can always test the code by inputting a known private keys to tell if the bitcoin address generated is legit or not. This process is done offline, so your private key never touches the internet. Steps 1. Download the bitcoin-bash-tools and dice2key scripts from Github, latest Ubuntu distribution, and LiLi, A software to install Ubuntu on our flash drive (easier than what is proposed on Swansontec) 2. Install the live environment in a CD or USB, and paste the tools we are going to use inside of it (they are going to be located in file://cdrom) Quote <li>Open up LiLi and insert your flash drive.</li> <li>Make sure you’ve selected the correct drive (click refresh if drive isn’t showing).</li> <li>Choose “ISO/IMG/ZIP” and select the Ubuntu ISO file you’ve downloaded in the previous step.</li> <li>Make sure only “Format the key in FAT32” is selected.</li> <li>Click the lightning bolt to start the format and installation process</li> https://99bitcoins.com/bitcoin-wallet/paper/ 3. Open the Ubuntu environment in a offline computer that will never touch the internet again (there is some malware that infect the BIOS so doing it in your regular computer is not safe to my understanding) Quote Restart your computer. Clicking F12 or F1 during the boot-up process will allow you to choose to run your operating system from your flash drive or CD. After the Ubuntu operating system loads you will choose the “try Ubuntu” option. 4. Roll the dice 100 times and convert into a 32-byte hexadecimal number by using dice2key Quote To generate a Bitcoin private key using normal, run the following command to convert the dice rolls into a 32-byte hexadecimal number: source dice2key (100 six-sided dice rolls) 5. Run newBitcoinKey 0x + your private key and it will give you your: public address, bitcoin address and WIF. Save the Private Key and Bitcoin Address. Check several times that you handwritten it correctly. You can check by re entering the code in the console from your paper. (I recommend writing down the Private Key which is in HEX and not the WIF since this one is key sensitive and you can lose it, or write it wrong. Also, out of the private key you can get the WIF which will let you transfer your funds). If you lose your key, you lose your funds. Be careful. If auditing the code for this is not enough for you, you can also test the code by inputting a known private keys to tell if the bitcoin address generated is legit or not. I recommend you generate several keys and addresses as this process is not super easy to do. Remember that you should never reuse your paper wallets (meaning that you should empty all of the funds from this one adress if you are making a payment). As such, a couple of addresses come handy. Quote At this point, there should be no way for information to leak out of the live CD environment. Now, start the "Terminal" program, and type the following command: source ~/bitcoin.sh This will load the address-calculation script. Now, use the script to find the Bitcoin address for your private key: newBitcoinKey 0x(your dice digits) Replace the part that says "(your dice digits)" with 64 digits found by rolling your pair of hexadecimal dice 32 times. Be sure there is no space between the "0x" and your digits. When all is said and done, your terminal window should look like this: ubuntu@ubuntu:~$ source ~/bitcoin.sh ubuntu@ubuntu:~$ newBitcoinKey 0x8010b1bb119ad37d4b65a1022a314897b1b3614b345974332cb1b9582cf03536 --- secret exponent: 0x8010B1BB119AD37D4B65A1022A314897B1B3614B345974332CB1B9582CF03536 public key: X: 09BA8621AEFD3B6BA4CA6D11A4746E8DF8D35D9B51B383338F627BA7FC732731 Y: 8C3A6EC6ACD33C36328B8FB4349B31671BCD3A192316EA4F6236EE1AE4A7D8C9 compressed: WIF: L1WepftUBemj6H4XQovkiW1ARVjxMqaw4oj2kmkYqdG1xTnBcHfC bitcoin address: 1HV3WWx56qD6U5yWYZoLc7WbJPV3zAL6Hi uncompressed: WIF: 5JngqQmHagNTknnCshzVUysLMWAjT23FWs1TgNU5wyFH5SB3hrP bitcoin address: 113Pfw4sFqN1T5kXUnKbqZHMJHN9oyjtgD ubuntu@ubuntu:~$ The script produces two public addresses from the same private key. The "compressed" address format produces smaller transaction sizes (which means lower transaction fees), but it's newer and not as well-supported as the original "uncompressed" format. Choose which format you like, and write down the "WIF" and "bitcoin address" on a piece of paper. The "WIF" is just the private key, converted to a slightly shorter format that Bitcoin wallet apps prefer. Double-check your paper, and reboot your computer. Aside from the copy on the piece of paper, the reboot should destroy all traces of the private key. Since the paper now holds the only copy of the private key, do not lose it, or you will lose the ability to spend any funds sent to the address! Conclusion With this method you are creating an airgapped environment that will never touch the internet. Also, we are checking that the code we use its not tampered. If this is followed strictly I see virtually no chances of your keys being hacked. How to spend your funds from a securely generated paper wallet. Almost all tutorials seen online, will let you import or sweep you private keys into the desktop wallet or mobile wallet which are hot wallets. In the meantime, you are exposed and all of your work to secure the cold storage is being thrown away. This method will let you sign the transaction offline (you will not expose your private key in an online system). You'll need:
The source of this method is taken from CryptoGuide from Youtube https://www.youtube.com/watch?v=-9kf9LMnJpI&t=86s . Basically you can follow his video as it is foolproof. Please check that Electrum distribution is signed. The summarized steps are: Quote Download Electrum on both devices and check its signed for safey. Disconnect your phone from the internet (flight mode= All connections off) and input your private key in Electrum Generate the transaction in your desktop and export it via QR (never leave unspent BTC or you will lose them) In your phone, open Electrum > Send > QR (this will import the transaction) and scan the desktop exported transaction Sign the transaction in your phone. Export the signed transaction in QR Load the signed transaction in the desktop Electrum and broadcast it to the network. Wait until 3 confirmations to connect your phone to the internet again. Ideas for improvement:
So thats it. I hope someone can find this helpful or help in creating a better method. If you like, you can donate at 1Che7FG93vDsbes6NPBhYuz29wQoW7qFUH Title: Re: How I generated secure paper wallets and transfered them securely (Newbie) Post by: OcTradism on November 12, 2020, 01:03:09 AM How to Install Tails OS on USB flash drive for Wallet Purpose (https://bitcointalk.org/index.php?topic=5228801.0)
[Guide] Secure air-gapped crypto wallet storage method (https://bitcointalk.org/index.php?topic=2828437.0) Two topics have some points you can take from. Title: Re: How I generated secure paper wallets and transfered them securely (Newbie) Post by: sher_rock on November 12, 2020, 01:26:23 AM How to Install Tails OS on USB flash drive for Wallet Purpose (https://bitcointalk.org/index.php?topic=5228801.0) [Guide] Secure air-gapped crypto wallet storage method (https://bitcointalk.org/index.php?topic=2828437.0) Two topics have some points you can take from. Thanks, I will take improvements from this. |