Creating a paper wallet to store my BTC. I have 3 important questions...

[Amberite]

So I've decided that the safest way to store my BTC is in a paper wallet which is then going into a safety deposit box. I'm going to use bitcoinpaperwallet.com to create it. However, I am a little unsure of three things:

1. I'm reading that if I ever want to move some money from the paper wallet, I should instead MOVE all my money for the risk that the original address will become empty. However, I'm reading that only some clients do this. I'm planning on using the Blockchain.info app to monitor and move money if need be from the paper wallet (as described here: https://blockchain.info/wallet/paper-tutorial ). Using Blockchain's app, does the rule of having to move ALL the money in the paper wallet apply?

2. In the same token, will I be safe if I: a) Generate the paper wallet; b) Make it a watch-only wallet in Blockchain's app; c) Move a very small amount to it; d) Move that small amount OUT of it to test; e) Move the rest of my BTC into the paper wallet; f) If all is good so far, can I move small amounts of money from the paper wallet in the future, without risking losing the original wallet address?

3. What exactly is BIP38 encryption? Does it encrypt my private key with a passphrase I choose? So, for example, can I encrypt the paper wallet's private key with something only I know, then place it in a safety deposit box, and the private key will then be useless if someone breaks into the safety deposit box, because they don't have my passphrase?

Thanks for any help!

[dominicwin]

Generate the paper wallet, add it as a watch only address, move bitcoins to the address. And if the private key you ever need to use for some reason online, do your transaction or whatever, just generate a new paperwallet after your done and back to cold storage they go.
If you use the paper wallet's private key to test, then its officially not really a true paper wallet anymore because the private key has been transmitted.

[jojo69]

If you use the paper wallet's private key to test, then its officially not really a true paper wallet anymore because the private key has been transmitted.

you sure about this?  I didn't think signing a transaction offline was = transmitting the private key

[Amberite]

If you use the paper wallet's private key to test, then its officially not really a true paper wallet anymore because the private key has been transmitted.

This scares me, because I'm very nervous that the private key that is generated would for some reason not work. I don't want to transfer all my BTC in there without knowing first that the private key really does work for that public address. Is there a way to test the private key? Maybe in an offline fashion so that it never gets transmitted outside my computer?

[dominicwin]

If you use the paper wallet's private key to test, then its officially not really a true paper wallet anymore because the private key has been transmitted.

you sure about this?  I didn't think signing a transaction offline was = transmitting the private key

With how easy paper wallets are to generate and what not and with spyware, hacks, etc. all out there targeted at bitcoin, just a suggestion.

[Amberite]

With how easy paper wallets are to generate and what not and with spyware, hacks, etc. all out there targeted at bitcoin, just a suggestion.

I am generating the paper wallet on a freshly formatted laptop that has the network card disabled, so it has no access to the internet. After generating the wallets, I plan to reformat it again. I have the HTML for generating the wallet saved on a USB key (which admittedly could be infected with something), but again, since the laptop is not accessing the internet, even if it is infected, noone could get that info?

Is there any way to test the private key on the (offline) laptop?

[odolvlobo]

The principle behind a paper wallet is that you (and others) only have physical access to the private key. You could send a small amount to the address and then send it from the address as a test, but to do that you need to import the private key to a wallet with online access.

A safer test would be use the private key to sign a message and then verify that it was signed correctly and that the public key matches. Do this on a offline computer and remove any traces of the private key when you are done.

This issue behind sending all the bitcoins at an address is complicated. Basically, you should assume that all the bitcoins at an address might be sent somewhere regardless of how much you actually try to send. The extra will be sent as "change" to a new address or back to the sending address, depending on the wallet software.

[xephyr]

Why not just use a proven, state of the art bitcoin wallet like Armory, make a paper backup and store that securely? If you like the idea of cold storage Armory has always supported cold storage - https://bitcoinarmory.com/about/using-our-wallet/

By using cold storage with Armory your private keys are kept on an offline computer and your paper backup protects you forever against losing your bitcoin to theft or a computer crash.

[jojo69]

Why not just use a proven, state of the art bitcoin wallet like Armory, make a paper backup and store that securely? If you like the idea of cold storage Armory has always supported cold storage - https://bitcoinarmory.com/about/using-our-wallet/

By using cold storage with Armory your private keys are kept on an offline computer and your paper backup protects you forever against losing your bitcoin to theft or a computer crash.

+1

[Amberite]

Why not just use a proven, state of the art bitcoin wallet like Armory, make a paper backup and store that securely? If you like the idea of cold storage Armory has always supported cold storage - https://bitcoinarmory.com/about/using-our-wallet/

By using cold storage with Armory your private keys are kept on an offline computer and your paper backup protects you forever against losing your bitcoin to theft or a computer crash.

This may be a good idea. Some questions:

1. Is the Armory paper wallet's private key encrypted? In other words, if someone finds the paper wallet, can they load it up and use the Bitcoin contained in it?
2. Looking at their site, it seems like there is no problem with sending small amount of BTC through the offline Armory wallet (so in other words, the wallet address remains fixed even when doing transactions). Is this accurate?
3. Armory talks about using USB drives back-and-forth between the online and offline computers. If the online computer has a virus / malware / etc, and it goes on the USB drive, is there any way for a hacker to get access to the offline wallets once the USB drive is plugged back in the online computer?

Thanks!!

[deepceleron]

Why not just use a proven, state of the art bitcoin wallet like Armory, make a paper backup and store that securely? If you like the idea of cold storage Armory has always supported cold storage - https://bitcoinarmory.com/about/using-our-wallet/

By using cold storage with Armory your private keys are kept on an offline computer and your paper backup protects you forever against losing your bitcoin to theft or a computer crash.

+1

A backup is different than an offline (and never has been online) paper wallet.

A cartel breaks into your house and demands you log into your wallet and send them balance. No? BLAM! Bullet through the wife's head, want the kids to be next? The backup now contains 0 bitcoins.

[xephyr]

Why not just use a proven, state of the art bitcoin wallet like Armory, make a paper backup and store that securely? If you like the idea of cold storage Armory has always supported cold storage - https://bitcoinarmory.com/about/using-our-wallet/

By using cold storage with Armory your private keys are kept on an offline computer and your paper backup protects you forever against losing your bitcoin to theft or a computer crash.

This may be a good idea. Some questions:

1. Is the Armory paper wallet's private key encrypted? In other words, if someone finds the paper wallet, can they load it up and use the Bitcoin contained in it?
2. Looking at their site, it seems like there is no problem with sending small amount of BTC through the offline Armory wallet (so in other words, the wallet address remains fixed even when doing transactions). Is this accurate?
3. Armory talks about using USB drives back-and-forth between the online and offline computers. If the online computer has a virus / malware / etc, and it goes on the USB drive, is there any way for a hacker to get access to the offline wallets once the USB drive is plugged back in the online computer?

Thanks!!

Take a look at the Armory board for discussion of your questions: https://bitcointalk.org/index.php?board=97.0

[eiprol]

I have also some basic questions regarding BIP38 encrypted paper wallet from bitaddress.org; the same doubts that OP has, though

Let's supposse that I've checked locally to decrypt the bip38 private key and I get a pair of private plus public correctly; Is there any chance of having an incorrect Private key? I mean, I don't fully get the private key system, and my fear is that it is useless somehow or bad generated... Since I cant check it loading it on a client (it would become exposed), and trying to send small ammounts...
how can I check that my private key is right/valid before sending all my BTC to that paper wallet? Just checking that the public key comes from that private? Is that enough?

I know that armory is great, but for me is pointless having an offline computer just for this; I really prefer having paper wallets... But I'm afraid of a failure on the generation system, which gives to me a non valid private key (I dont even know if that would be possible)

[odolvlobo]

But I'm afraid of a failure on the generation system, which gives to me a non valid private key (I dont even know if that would be possible)

There is very little chance of getting an invalid key and it is very easy to check.

Nearly every 256-bit number is a valid private key. Specifically, any 256-bit number between 0x1 and 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is a valid private key.
The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin.

The real dangers are deriving the wrong public address from the private key and a less-than-random method of generating the key private.