It is generally recommended to use a paper wallet like a piggy bank. i.e. you may put funds as many times as you want, but when you spend, withdraw all the funds in the paper wallet and transfer them to another bitcoin address you own. As I understand, this is because importing the private key of the paper wallet introduces a security hole, where the key may be retained on the device used for withdrawing funds and anybody who gains access to it will be in a position to steal any funds at the corresponding address.
If the following procedure is adopted, will it be safe to spend from the paper wallet address multiple times, just like spending from any ordinary address stored in a regular desktop wallet ? I would like to know the views of others.
Procedure
(1) Prepare a paper wallet in a secure way and receive BTC to the address given on it
(2) Have a dedicated PC to use for spending. This can be any old PC with at least 2GB of RAM and capable of booting from a CD or DVD. Ensure that all internal storage media are disconnected from the motherboard except a single CD/DVD drive. Do not connect any external peripherals except the mouse, keyboard, monitor and router/modem
(3) Download and burn to a CD/DVD the latest version of TAILS
(4) Boot the machine with the TAILS live CD and connect to the internet. Use a direct connection to the internet and do not connect via a LAN.
(5) Start Electrum (it comes with TAILS) and use the recovery option with the private key of the paper wallet to create a new wallet, enter a password and confirm when prompted and allow synchronization. This will only have the paper wallet address. (The wallet data will be saved only in the RAM since this is a live session. For added security we use a password so that even this is in encrypted form)
(6) Do any transactions you want and shutdown the computer. Do not save any data for future sessions using another media such as a USB drive. (Electrum will take care that change is returned to your own address, but always check before signing and broadcating)
(7) Repeat the above procedure whenever you need to spend from your paper wallet
The only inconvenience that I notice is that the private key will have to be typed every time the computing is started up. Are there any security risks in the above procedure ?
As soon as you take a paper wallet key to an online machine, you can consider it compromised, this is why it is recommended to use a paper wallet only once and transfer the rest of the balance to the next unused one, if you still persist on using just one cold wallet then you need to make transactions online and sign them offline, which would require you to run a watch only wallet and that requires a master public key.
As for the typing the private key every-time, you could use a third party QR code scanner with a webcam but ONLY the one which can be installed off-line.
Why bother with paper wallets when you can run an offline electrum for cold storage on a different machine or air gapped OS and its watch only version on an online machine, your private key(s) always remain off-line and your coins are safe forever, only thing you have to do is keep back-up(s) of your seed.
