Nervous about migrating from Qt to Armory cold storage

[brancao]

Questions:

(1) When I import a private key from Qt to Armory - the key (along with its funds) still also technically exists in Qt wallet.dat, right?

This way, if I make some mistake on the import to Armory, then my funds are still ok in Qt, assuming I don't lose my Qt wallet.dat file?

(2) I want to avoid "sweeping" - which I can't figure out how to do fully offline.

So I want to do as follows:

(a) Import private key from Qt to a "temp" Armory wallet "TempWallet" (offline of course).

(b) Create another, separate "permanent" Armory wallet "PermWallet" (also offline).

(c) Import private key from Qt wallet.dat to Armory wallet "TempWallet".

(d) Offline-sign & online-broadcast a transaction (using the normal procedure) sending funds from Armory "TempWallet" to Armory "PermWallet".

Would this work?

Remark:

I know the above approach would take slightly more steps, but at least I'm comfortable with it, since "import" + "offline send" seems like it could be done totally offline, versus "sweep" which seems like it combines an "import" and an "online send".

Apparently, I wouldn't have control over how the "send" part of the "sweep" is performed - ie, I couldn't do the "send" part of the "sweep" offline.

So I want to do this slightly longer approach, so I can avoid putting wallet.dat back online now even briefly in Qt, and so I can do the import from Qt to Armory offline, and do the send in Armory also offline.

So everything would be completely offline now.

Does this approach make sense?

Thanks for any help!

PS - I did also post the same question a few weeks ago - but I think my post was too long (and confusing), and also I didn't really understand the answers - sorry!

https://bitcointalk.org/index.php?topic=1251427.0

[1714881790]

1714881790

[1714881790]

1714881790

[1714881790]

1714881790

[achow101]

Questions:

(1) When I import a private key from Qt to Armory - the key (along with its funds) still also technically exists in Qt wallet.dat, right?

This way, if I make some mistake on the import to Armory, then my funds are still ok in Qt, assuming I don't lose my Qt wallet.dat file?

Yes

(2) I want to avoid "sweeping" - which I can't figure out how to do fully offline.

Actually, sweeping is recommended since when you export the private keys, you are at more risk of them being stolen. Sweeping makes sure that even if someone steals your private keys, there won't be any Bitcoin for them to steal. It won't work if you are offline.

So I want to do as follows:

(a) Import private key from Qt to a "temp" Armory wallet "TempWallet" (offline of course).

(b) Create another, separate "permanent" Armory wallet "PermWallet" (also offline).

(c) Import private key from Qt wallet.dat to Armory wallet "TempWallet".

(d) Offline-sign & online-broadcast a transaction (using the normal procedure) sending funds from Armory "TempWallet" to Armory "PermWallet".

Would this work?

It would, but it is a lot more work than necessary.

Now I know that you don't want to put the qt-wallet online again, but that may actually be the only way to get the funds from your qt wallet to armory. The problem is that bitcoin core uses compressed keys now and armory only supports uncompressed keys, so the keys from Bitcoin core won't be able to be swept or imported.

[brancao]

Thank you for these answers. So I'm encouraged that basically you're saying it's doable, at least in concept. I don't mind a few extra steps.

Some clarifications:

Actually, sweeping is recommended since when you export the private keys, you are at more risk of them being stolen. Sweeping makes sure that even if someone steals your private keys, there won't be any Bitcoin for them to steal. It won't work if you are offline.

I don't see there could be more risk of them being stolen.

I'm planning on exporting the keys from Qt and importing the keys to Armory as follows:

(1) Copy the Qt wallet.dat into the offline machine, fire up Qt, and use the command-line interface in Qt to export the private keys.

(2) Import the private keys to Armory - also on this same offline machine.

So... How could anything get stolen in this scenario?

Oh, I think I get what you're saying the risk could be: someone else could have a copy of those private keys from the Qt wallet. But it's been under my exclusive control this whole time, and besides, those private keys are only going to be used for a short time (in the new Armory "temp" wallet). Their funds will be immediately sent to the Armory "permanent" wallet, in step (2)(d) of my original post.

The problem is that bitcoin core uses compressed keys now and armory only supports uncompressed keys, so the keys from Bitcoin core won't be able to be swept or imported.

This is actually a really old wallet - I think it's about 3 years old. So I think it doesn't use compressed keys.

Possible alternative:

I guess I could also simply sign a raw transaction from Qt itself and then broadcast it to my new Armory offline "permanent" wallet, from a site like blockchain.info/rawtx. This would obviate the initial step of importing to Armory, into a "temp" wallet, as mentioned in my step (2)(a).

However, since I'm going to have to learn anyway how to offline-sign and broadcast transactions in the future using Armory, and since I haven't learned how to do that yet using Qt, I figured I might as well just get the private keys into Armory, and then have an all-Armory all-offline solution for getting the funds from Qt to Armory, without having to learn how to offline-sign raw transactions from Qt.

I would only do this alternative (offline-sign a raw txn from Qt, and broadcast from blockchain.info/rawtx) if the keys from Qt actually do turn out to be compressed. But this wallet is really old, so I think they're non-compressed.

[achow101]

Thank you for these answers. So I'm encouraged that basically you're saying it's doable, at least in concept. I don't mind a few extra steps.

Some clarifications:

Actually, sweeping is recommended since when you export the private keys, you are at more risk of them being stolen. Sweeping makes sure that even if someone steals your private keys, there won't be any Bitcoin for them to steal. It won't work if you are offline.

I don't see there could be more risk of them being stolen.

I'm planning on exporting the keys from Qt and importing the keys to Armory as follows:

(1) Copy the Qt wallet.dat into the offline machine, fire up Qt, and use the command-line interface in Qt to export the private keys.

(2) Import the private keys to Armory - also on this same offline machine.

So... How could anything get stolen in this scenario?

It is the fact that you have decrypted private keys available. In reality it is really unlikely that they will be stolen, but you should still be careful when handling exposed private keys. An extreme example (not likely to happen at all):
You have a virus on that offline machine. The virus recognizes when you have a Bitcoin private key in the clipboard and that you happen to have a USB flashdrive plugged in. It copies itself onto your flashdrive such that it automatically runs and installs itself on your online machine. It also copies over a file that contains your private key. When you remove that flashdrive after you are done and go to the online machine to broadcast, the virus installs itself on your online computer and sends to the hacker the file with the private key. Someone has just stolen your private key.

The problem is that bitcoin core uses compressed keys now and armory only supports uncompressed keys, so the keys from Bitcoin core won't be able to be swept or imported.

This is actually a really old wallet - I think it's about 3 years old. So I think it doesn't use compressed keys.

Possible alternative:

I guess I could also simply sign a raw transaction from Qt itself and then broadcast it to my new Armory offline "permanent" wallet, from a site like blockchain.info/rawtx. This would obviate the initial step of importing to Armory, into a "temp" wallet, as mentioned in my step (2)(a).

However, since I'm going to have to learn anyway how to offline-sign and broadcast transactions in the future using Armory, and since I haven't learned how to do that yet using Qt, I figured I might as well just get the private keys into Armory, and then have an all-Armory all-offline solution for getting the funds from Qt to Armory, without having to learn how to offline-sign raw transactions from Qt.

I would only do this alternative (offline-sign a raw txn from Qt, and broadcast from blockchain.info/rawtx) if the keys from Qt actually do turn out to be compressed. But this wallet is really old, so I think they're non-compressed.

You will find out when you export. If you export the private keys and they start with a '5' then you are fine. Those would be uncompressed keys. However if they start with 'K' or 'L', then you can't use those and since those are compressed keys. In that case, you would need to offline sign with Bitcoin Core.