How to pass raw transaction from cold storage upon hot node?

[cellard]

The setup:

2 laptops. One is airgapped, has no wifi card, no ethernet card, no camera, no nothing. A nice Linux distro installed on it with Bitcoin Core, my wallet.dat and all my addresses. This installation has no blockchain files.

The second laptop is an online Bitcoin Core node with the full synced blockchain. Contains watch-only pubkeys from the offline wallet.

Can you please explain, how do I safely make a transaction with this setup?

I figure you must use a raw transaction has seen here:

https://www.youtube.com/watch?v=jWKuqP-zTFk

But how does it work in the context of the cold storage 2-laptop setup? I can't seem to find any tutorial on this. It would be cool if bitcoin.org had a section on this. I think everyone should learn how to do this, if you are going to use Bitcoin Core as a wallet.

What I definitely don't understand is, how to properly set the fee? Given that I can't use the GUI for this, I can't use the automatic fee calculator that Bitcoin Core uses.

I think Bitcoin devs should spend some time creating a nice GUI layout for those of us that want to use Bitcoin Core as a cold storage setup to manage and sign keys offline. I don't really trust Armory to do this or anything else.

[DarkStar_]

What I definitely don't understand is, how to properly set the fee? Given that I can't use the GUI for this, I can't use the automatic fee calculator that Bitcoin Core uses.

I think Bitcoin devs should spend some time creating a nice GUI layout for those of us that want to use Bitcoin Core as a cold storage setup to manage and sign keys offline. I don't really trust Armory to do this or anything else.

I believe that whatever amount of BTC that isn't spent becomes the fee. If I have a transaction that looks like this:
                                     Address B (0.01 BTC)
Address A (0.02 BTC) ->    Address C (0.005 BTC)

The fee would be 0.005BTC. The auto fee calculator wouldn't work, but it's not very hard to calculate the needed fee yourself. You can get very close to the transaction size (assuming non segwit) by adding 180 bytes for each input that you are spending, 34 bytes for each output, and 10 bytes as a fixed amount. You can get the rough transaction size (comes very close to the actual), and then use a site like https://bitcoinfees.earn.com/ to see how many satoshis/byte you should pay for a fast confirmation.

[RGBKey]

Armory is actually an excellent wallet to do cold storage transactions, however I've always had problems with it not being able to sync/get set up correctly. DarkStar_ is correct, and basically the fee is whatever amount is left over from total_inputs - total_outputs, so make sure you send a change transaction back to yourself.

[BillyBobZorton]

Achow101 replied this on another thread when I asked the same thing:

But the question to move the coins from cold wallet to hot wallet still remains (i mean the transaction), it is very complicated to deal with the rawtransaction specially due fee not calculated automatically as celard posted (I watched the video). Do you have any work arounds achow101? and also hope for gui support for this too in the future, not everyone here is a command line wizard.

Instead of creating the entire transaction by hand, use the fundrawtransaction command. What you do is first use createrawtransaction to create a transaction with 0 inputs and the outputs that you want to have. Then you pass that into fundrawtransaction with the other parameters it takes. It will then choose the inputs to use, calculate the fee, and create a change output if necessary. Then you can take the transaction from that and sign it on your offline machine.

Looks like you must use these 2 commands and this second command will automatically choose the correct fee for you? Can't say I fully understood it.. I will have to practice with an VM.. too scared to do it live to be honest. I have never used the testnet, maybe I could try this in testnet? When you open the green icon, I will get the same coins I have on my real wallet.dat but these coins don't have value? Well I don't want to derrail the thread asking about testnet, but the thing is, is too risky to calculate this things by hand, one mistake in one 0 and you are sending at on of money you didn't want to send. Please work on GUI for this devs.

[achow101]

Looks like you must use these 2 commands and this second command will automatically choose the correct fee for you?

Yes.

When you open the green icon, I will get the same coins I have on my real wallet.dat but these coins don't have value?

No. Testnet is an entirely separate network. Think of it as an altcoin that has no value. You have to get testnet coins, and there are several testnet faucets. Just google "Testnet faucet" and you will find one that will give you coins to test with.

[aplistir]

Can you please explain, how do I safely make a transaction with this setup?

Just wanted to add, that the most secure way to transfer your transaction from your airgapped laptop to your hot-laptop is by using a QR-code. If you move it using a USB-stick it is not as safe. Some malware can use USB-sticks as a medium.

In linux creating QR-codes is really easy. Just install "qrencode" and use it like this:

Code:

qrencode -o qrcodeimage.png 'This text will be in the created QR-code'

It will make an image file which will contain a QR-code that has for example your transaction in it...

[aplistir]

BTW.
My understanding of using airgapped computer is that you create the transaction in your watch only hot machine, then transmit it to your airgapped machine and sign it with your private keys and then transmit it back to your hot watch only wallet and send your signed transaction to the network.

This way your watch only wallet that is connected to the net can create the transaction, calculate the fees etc.

And as I said above, the safest way to transfer the transaction between your machines is by using QR codes and the cameras of your machines.

Sounds hard, but after you have done it a couple of times, it is not.

[BillyBobZorton]

Can you please explain, how do I safely make a transaction with this setup?

Just wanted to add, that the most secure way to transfer your transaction from your airgapped laptop to your hot-laptop is by using a QR-code. If you move it using a USB-stick it is not as safe. Some malware can use USB-sticks as a medium.

In linux creating QR-codes is really easy. Just install "qrencode" and use it like this:

Code:

qrencode -o qrcodeimage.png 'This text will be in the created QR-code'

It will make an image file which will contain a QR-code that has for example your transaction in it...

Yep I have seen some people mention QR code use and not USB because USB could be compromised... thanks for the qrencode tip, yes I definitely plan to do this all under linux.

BTW.
My understanding of using airgapped computer is that you create the transaction in your watch only hot machine, then transmit it to your airgapped machine and sign it with your private keys and then transmit it back to your hot watch only wallet and send your signed transaction to the network.

This way your watch only wallet that is connected to the net can create the transaction, calculate the fees etc.

And as I said above, the safest way to transfer the transaction between your machines is by using QR codes and the cameras of your machines.

Sounds hard, but after you have done it a couple of times, it is not.

But when you are creating the transaction in your watch only hot machine, couldn't this part be compromised? imagine a hacker enters the wrong stuff there, you sign it and do the whole thing, then you realize you sent it to another sending address that the hacker owned or something? isn't this a possibility or not? how to mitigate this risk?

[LoyceV]

But when you are creating the transaction in your watch only hot machine, couldn't this part be compromised? imagine a hacker enters the wrong stuff there, you sign it and do the whole thing, then you realize you sent it to another sending address that the hacker owned or something? isn't this a possibility or not? how to mitigate this risk?

You can (and should!) decode the transaction on your offline machine (in a closed basement without windows).
https://blockchain.info/decode-tx and many other sites can do this, you'll need one that works offline.
It also doesn't hurt to doublecheck the fees you're using.

[cellard]

Wait wasn't it possible to do this through the GUI?

I mean, you make the sending transaction through the GUI with your watch-only wallet that has funds, since you are on the online wallet, the automatic-fee calculator on Core works. Then you dump what you did in raw format and pass it on the offline node to actually sign the transaction, then pass this raw signed transaction back into the online node.

I think I read someone mention something like this. And if there isn't a way, there should be a way to do this through the GUI already, it's almost 2018 and this is a pretty basic feature that's missing GUI wise.