I just use the private keys to upload the coins online. Am I correct
The term you're looking for is "import" the private keys, or
swipe them.
So how do I move the coins to paper wallet absolutely risk-free?
1. Generate BTC addresses using bitaddress.org while computer is offline (is there a safer site to generate the addresses?)
2. Save the BTC addresses in a txt file and write down private keys on a paper. Don't want to risk using a printer. (Do I really need the QR code?)
3. Send coins to those addresses.
4. Relax with the satisfaction that no one can hack my coins now.
1. Is a good option, but it's even better to do this from a Linux LIVE CD.
2. Writing down private keys makes it likely to make a mistake. I prefer to use a cheap laserprinter with thick (160g) paper. A cheap printer doesn't store data after you turn it off.
The QR-code is very easy if you decide to swipe the paper wallet from a mobile phone.
3. Of course
4. Some things to think about though: Can someone access your piece of paper? Can you lose it (fire/theft)? Do you have an extra copy? Do you want to use BIP38 encryption, and if so, are you absolutely sure you won't forget the password?
My concern is step 1 and I think that's the most vulnerable step too. What if my coins are compromised when I generate the private key? What if my computer has malware? Can I really trust these Bitcoin address generators? Just a bit paranoid about this process.
I consider being paranoid a good thing when it comes to Bitcoin security!
I've used bitaddress.org, and it has my trust. Don't trust your normal operating system, being offline is not enough if you go back online when you're done. Malware is patient! Try an Ubuntu LIVE CD, install your printer, and get the hang of how it works.
I can also recommend to make a paper wallet with a small amount first, test it and learn how to use it first. Once you're comfortable with the whole procedure you can do it again for real.