Please Verify These CoinBase to First Paper Wallet Steps... Are They Correct?

[patrickonb]

Hello All,

I have spent most of today reading and trying to figure out how to get my BitCoins
into paper wallets for secure storage and safe keeping, and to be honest, I have
pulled most of my hair out today. But I think it might be sinking in at last, so I wanted
to post the steps I think I need to take, and have you nice folks verify if I am doing
this correctly.

OK first off, I purchased my BitCoins in/from CoinBase, so I understand that this was
probably not the most secure way to go about it, but it is done and over with, so can't
do anything about it now. It was recommended via a couple of "how-to" videos for beginners,
so that's what I went with.

OK, so to transfer my BitCoins into a paper wallet, I think I am suppose to do the following:

1) I create a paper wallet at bitaddress.org.
2) I then click on the "Send/Request" link in CoinBase to get to the "Send Funds" form
3) In the "Recipient" field, I paste the "BitCoin Address" that is on the bitaddress.org generated paper wallet image.
4) Enter the amount of BitCoin I want to send to that address, then click the "Send" button in CoinBase.
5) After clicking send, then my BitCoin should be available on the paper wallet.

Does this sound correct or is there something else I am missing?

Any help/input/suggestions would be greatly appreciated.

Thanks for all and any help you can offer, I apologize for asking such newb questions,
but my head is spinning from everything I have read today, and I want to make sure I
am doing this correctly, and not end up losing my BitCoins.

Thanks a bunch,
Patrick

[AgentofCoin]

...

Yes, everything you said is basically correct (I have never used Coinbase or know its "sending" form).

The only thing I would point out is that:

1. You should generate your paper wallet offline by saving the webpage as a html and opening it
in a browser when you are not connected to the internet. In theory, it is a more safer way.
2. After you have generated that paper wallet, print it out and save that copy, before sending your tx.
3. Maybe send a small sum out of Coinbase first (like 0.001 btc) to test it, before you send your full amount.
4. And always, confirm that the btc address and amount you enter is the one you want, before hitting send.

[patrickonb]

OK, thanks AgentofCoin, that is great info.

So I will go to the paper wallet address, then disconnect from the internet,
then have it generate a new paper wallet address, print it out, close the
window, then go back online and transfer from CoinBase to the wallet address.

Also, great idea about sending a very small amount to make sure I don't totally
newb myself to death! 

Patrick

[AgentofCoin]

OK, thanks AgentofCoin, that is great info.

So I will go to the paper wallet address, then disconnect from the internet,
then have it generate a new paper wallet address, print it out, close the
window, then go back online and transfer from CoinBase to the wallet address.

Also, great idea about sending a very small amount to make sure I don't totally
newb myself to death! 

Patrick

What you would actually do is:
1. go to bitaddress.org
2. in your browser, go to File, and find "save page as" or something to that effect.
3. it should be called something like bitaddress.org.html, save that to your desktop.
4. close your browsers, disconnect from internet (for extra security)
5. open the file called bitaddress.org.html on your desktop with your browser.
6. in this "offline-html version" now generate your paper wallet.
7. print that paper wallet, and save it very carefully, you lose that, you lose your coins.
8. close your browser again, connect back to the internet
9. go to Coinbase, place that newly generated bitcoin address into their send form
10. and it should be in your paper wallet shortly thereafter (I don't know exactly how fast Coinbase works with withdrawals).

[7788bitcoin]

Perhaps you should also laminate your paper wallet to protect from water damage. Consider BIP38 encryption for additional protection.

[patrickonb]

OK, got it. So I can just use that html file to generate
a wallet whenever I need one, just make sure I'm offline,
and always start with a fresh browser window before and after.
That sounds easy enough.

OK, I will go through the steps using a very small amount, and test it out.
I will post back after I verify I am leaving newb central and advancing to
the next step of my BitCoin evolution.

I really appreciate your help and input, thanks
Patrick

[tobacco123]

You may also want to consider clearing the memory of your printer in case it is a shared network printer.

[ranochigo]

I'm not sure how advanced malwares are, but you need to consider to use a fully offline and clean computer instead. Malwares can have the potential of recording your screen and BIP38 password and uploading them when you're online again. Hence, your address would be fully exposed to an attacker. For more security, consider using the html on an offline linux computer. A liveusb would do the job well enough.

[patrickonb]

Perhaps you should also laminate your paper wallet to protect from water damage. Consider BIP38 encryption for additional protection.

You know, I was wondering about that. I do have a laminating machine, so that would be another great idea.
I was going to place them in one of those small ziplock baggies like they show in the beginners images,
but I really like the lamination idea better. I will also go read up on the BIP38 encryption and how to go about
doing that.

Thanks for the added suggestions, I love it!
Patrick

[AliceWonderMiscreations]

This is what I do -

https://github.com/AliceWonderMiscreations/ColdAddress

It's not for everyone. However it works well for me.

[patrickonb]

I'm not sure how advanced malwares are, but you need to consider to use a fully offline and clean computer instead. Malwares can have the potential of recording your screen and BIP38 password and uploading them when you're online again. Hence, your address would be fully exposed to an attacker. For more security, consider using the html on an offline linux computer. A liveusb would do the job well enough.

Wow, more great info. You guys are a well of information here, I love it.

I received a tablet for Christmas last year that I never use, that would be OK
to use wouldn't it? Just keep it as an offline device?

Thanks,
Patrick

[patrickonb]

This is what I do -

https://github.com/AliceWonderMiscreations/ColdAddress

It's not for everyone. However it works well for me.

OK thanks, I will go check this out.

[Chris!]

Here's how I create my paper wallets...

1. Get a fresh new USB. One you know doesn't have any malware on it. You can also use a CD. You know, one of those old things that played music back in the day.
2. Download Ubuntu onto the USB/Cd from http://www.ubuntu.com/download/desktop
*note you will also need software to create a liveUSB. I use LiLi. http://www.linuxliveusb.com/
3. Download Bitaddress.org into the USB
4. Shut down and boot up with the live USB. (press F12, choose USB.
5. Click try Ubuntu.
6. Open a Firefox private browser (right-click Firefox)
7. Go to file:///
8. Click cdrom
9. Open bitaddress and create a paper wallet. Use BIP38 encryption if you so choose.
10. Print it. Keep it safe.

Once you've done it a couple times it's very easy and straightforward.

I also have these steps if you want the same security but you need a vanity wallet such as 1Chris4GEoLLjdh4juFXGwY7snaazuxvKb

1. Go on bitaddress.org offline, on a Ubuntu live USB
2. Generate as many single addresses as you want
3. Convert Pub key to Hex (wallet details on bitaddress.org)
4. Make a list of hex addresses + private keys and print it out (don't save it on USB. That's going to run on Windows again)
5. Boot up windows
6. Start > Run > Cmd
7. Drag over vanitygen64 to cmd (enter) drag over vanity address again (space) -v -P (hex pub key) 1xxx (whatever you want as your vanity) (enter)
8. Copy partial key down on USB
It will now generate your partial private key
9. Shut down windows - Boot up Ubuntu Live USB
10. Open bitaddress again and go to vanity address and put in the private key (from step 4) and the partial private key. This should give you the vanity address that was calculated on vanitygen.
11. Print out the wallet details page (to have the QR codes)
12. Import the public address into mycelium or your wallet of choice.

Optional: Import the private key. If you don't it's a paper wallet, if you do it's a hot wallet.

It's a little daunting trying to do the vanity paper wallet address. I'd work my way up to that if I were you.

Good luck!

EDIT: I have an old 'dumb' printer that can't connect to wifi and has no internal memory. I would only suggest using these or you just wasted your time haha.

[patrickonb]

Great step by step, I will give this a try, sounds pretty easy.

Thanks Chris!

[Alley]

Why would coinbase not be a secure place to buy coins?  They are my first choice rather then some unregulated offshore exchange.

[ranochigo]

I'm not sure how advanced malwares are, but you need to consider to use a fully offline and clean computer instead. Malwares can have the potential of recording your screen and BIP38 password and uploading them when you're online again. Hence, your address would be fully exposed to an attacker. For more security, consider using the html on an offline linux computer. A liveusb would do the job well enough.

Wow, more great info. You guys are a well of information here, I love it.

I received a tablet for Christmas last year that I never use, that would be OK
to use wouldn't it? Just keep it as an offline device?

Thanks,
Patrick

Tablet would be fine. However, I'm not sure about how legit is the OS used in the tablet. The manufacturer could weaken the RNG and make the private key more predictable. You can always use mycelium to generate an independent address or seed and back it up. For a freshly wiped device, there is next to no danger of getting hacked when the RNG is strong.

[AliceWonderMiscreations]

Why would coinbase not be a secure place to buy coins?  They are my first choice rather then some unregulated offshore exchange.

AFAIK there is nothing risky about buying from them (I do) - but you don't want to keep large amounts there because you don't control the private key associated with the value, they do.

Do they really have the assets needed to cover all the bitcoins customers have with them?

I hope so, but there is no way for you or me to actually know, so after you buy - move the coins out to a secure location where you control the key - like a paper wallet - if long term is your goal. That's all.

[franky1]

This is what I do -

https://github.com/AliceWonderMiscreations/ColdAddress

It's not for everyone. However it works well for me.

OK thanks, I will go check this out.

dont use this unless you know how to code and are going to change the variables before running EG salt

[Kakmakr]

Some things I also picked up over time :

_ Some malware will get between your copy & paste routine, when you send coins to your paper wallet and they would replace whatever you pasted, with their address. So just check the address to make sure it is your paper wallet address, before you click send.

_The safest way to create these paper wallets, is to keep the device you used to create it offline. Nobody can get cached or logged information from a device that does not go online again. <Not always possible, but it is the safest option.

Good luck, it is a step in the right direction.

[DimensionZ]

Wait there is a malware that can interfere when you are sending coins and replace your address with theirs? I haven't heard about this till now.