Hardware wallets, missing information in every explanation. Help me understand!

[rpuls]

Hi, Since my (tiny amount) of bitcoin and other crypto's are starting to gain some relevant value I have been considering moving the ones of them that I see as an long term investment to a safer place. I'm pretty sure they are in good hands now, but I would like to put them in a bullet proof wallet. Which is why I have been considering buying a hardware wallet. But.... Due to the level of technical understanding among the average buyer, it seems to me that the retailers/manufactures lack technical explanation of how they actually work. And I have some questions I need answered before I would ever buy one.

(I'm talking about stuff like trezor, ledger etc.)

1.  Where does the private keys come from? Are they preloaded on the device when you buy it? In that case. How on earth could you be sure that your device is the ONLY place that exact private key exists?

2. Is it possible to "swipe" the hardware wallet and load your own private keys? And if so, is this easily done?

3. If I can put the hardware wallet in my laptop and send crypto currency stored on it to other address, what would keep a malicious piece of software on my computer from changing the address as I confirm the transaction?

4. Is it possible to; from a totally offline computer holding the private keys. Make an transaction, move the transaction to a usb key, plug that key in a online machine, publish the transaction to the blockchain, so that the private keys never "touches" a machine with internet access.


What I actually want.
My plan is to restore an old laptop without internet hardware, install a version of windows that I have from before bitcoins existence. Write my own code that will generate private keys. In my opinion, that is the only way you can be 100% sure that the private key I generate is not existing somewhere else as well. From this computer I can plug in my usb printer and print paper backups of the private keys, put them in the safe at my local bank. But I also need to be able to transfer the coins to other address if necessary without compromising my private keys.

I feel that the info text and video explanations on trezor and legder, bitbox is just showing some little usb thing and showing that "when you plug it out your money is safe" but they never explain the technical background that makes that possible. There is no explanation on why your private keys was not duplicated the moment you plugged it in to your computer, or before you even got the device. And there is no noob safe guide to load your own pks to the hardware wallet. Still it seems that every damn person is 100% sure that these are totally safe, so can someone please explain what I am missing. Thanks, just want to fully understand every little piece of security here, so I can keep my own money safe, and most important of all, so I don't advice my friends to secure their money with a system I don't fully understand.

Stay safe  Rasmus P

[1715506514]

1715506514

[1715506514]

1715506514

[cellard]

1.  Where does the private keys come from? Are they preloaded on the device when you buy it? In that case. How on earth could you be sure that your device is the ONLY place that exact private key exists?

1) They are generated randomly by the "magic" of ECDSA:

https://en.bitcoin.it/wiki/Private_key#Range_of_valid_ECDSA_private_keys


Im not sure about how a Trezor works because I never used one so im not replying to the other questions.

4. Is it possible to; from a totally offline computer holding the private keys. Make an transaction, move the transaction to a usb key, plug that key in a online machine, publish the transaction to the blockchain, so that the private keys never "touches" a machine with internet access.

Yes, indeed you can, and to follow the rest of your post, you should not use windows, even if the computer will never touch the internet, there's nothing to lose if you put a Linux distro on there. You could get an old laptop and install Lubuntu on it which doesn't consume barely any resources.

I don't see why you would need to write your own program? You could just use Bitcoin Core or Armory to manage offline keys, you generate keys as usual with the GUI, what's tricky is moving the transaction from offline to online computer because there's no GUI support for this. Im trying to learn how to do this with Core as we speak:

https://bitcointalk.org/index.php?topic=2491747.0

The idea is to make the transaction as a raw transaction, and then pass this data on the online computer. I've heard that some people don't use USB, but QR scanner (an USB could be infected, a QR scanner.. I don't see how). They convert the raw transaction into QR code, then read it in the online computer and enter the the raw data into the node and there you have your transaction without your private keys ever touching the internet. I don't really trust devices that were designed to do this (like Trezor), some say im too paranoid, but that's just me, I would rather resort to some old general purpose Linux laptop. Now I just need to learn how to do the whole raw transaction from offline to online computer thing, notice that you can screw up badly if you put the wrong numbers (for example, sending an huge fee by mistake) so I got to learn this like abc before I attempt to do it.

[rpuls]

1) They are generated randomly by the "magic" of ECDSA:

When are they generated, when I decide one to be generated? Or before I get the device?
How can I confirm that? can I review the source code on ledger, bitbox (not trezor) etc?

To be honest, if people seriously buy a piece of hardware with a preloaded pk and uses that..... oh my. For me that would be like security 101, NOT TO.
Even if I decide to trust the manufacture/company... which I dont. How could i know the ratailer didn't duplicate that key, how could I know that the post mail main who delivered the device didn't unpack my package and duplicated the key? How could I know that some intern in the production factory didn't duplicate the keys etc. 

I don't see why you would need to write your own program? You could just use Bitcoin Core or Armory to manage offline keys, you generate keys as usual with the GUI, what's tricky is moving the transaction from offline to online computer because there's no GUI support for this. Im trying to learn how to do this with Core as we speak:

Yeah, some would say I would be paranoid with this aswell. Reviewing an opensource code to be legit or writing my own. I mean. potato potato... It's not gonna be that big of a deal writing my own.

you should not use windows, ..... there's nothing to lose if you put a Linux distro on there.

Yep, I was waiting for this comment

[unholycactus]

If you load your private keys on a hardware wallet, it defeat its purpose.
The point of a hardware wallet is that the keys never leave the device, only the signed transactions.

Your current private keys are already less secured because they have been used on other devices.

[achow101]

When are they generated, when I decide one to be generated? Or before I get the device?
How can I confirm that? can I review the source code on ledger, bitbox (not trezor) etc?

To be honest, if people seriously buy a piece of hardware with a preloaded pk and uses that..... oh my. For me that would be like security 101, NOT TO.
Even if I decide to trust the manufacture/company... which I dont. How could i know the ratailer didn't duplicate that key, how could I know that the post mail main who delivered the device didn't unpack my package and duplicated the key? How could I know that some intern in the production factory didn't duplicate the keys etc. 

The keys are generated when you initialize the device. The devices come uninitialized. You can also reinitialize an already initialized device. This will wipe the existing private keys from the device and have it generate new ones.

2. Is it possible to "swipe" the hardware wallet and load your own private keys? And if so, is this easily done?

It depends. If your private keys are part of a BIP 32 HD wallet and you have a BIP 39 mnemonic for that wallet, then yes. You can load the BIP 39 mnemonic onto the device and it will generate the proper keys. If you just have a bunch of private keys that were randomly generated (or you don't have the BIP 39 mnemonic), then no, you cannot.

3. If I can put the hardware wallet in my laptop and send crypto currency stored on it to other address, what would keep a malicious piece of software on my computer from changing the address as I confirm the transaction?

You have to confirm on your device before it signs the transaction. If the outputs are changed after signing, the transaction will be invalid. If they are changed before signing, then you will see the changed address on your device and can tell it to not sign the transaction.

4. Is it possible to; from a totally offline computer holding the private keys. Make an transaction, move the transaction to a usb key, plug that key in a online machine, publish the transaction to the blockchain, so that the private keys never "touches" a machine with internet access.

Yes.

I feel that the info text and video explanations on trezor and legder, bitbox is just showing some little usb thing and showing that "when you plug it out your money is safe" but they never explain the technical background that makes that possible. There is no explanation on why your private keys was not duplicated the moment you plugged it in to your computer, or before you even got the device. And there is no noob safe guide to load your own pks to the hardware wallet.

It is impossible to duplicate the private keys when the device is plugged in as they keys cannot leave the hardware (well they could if you have malicious firmware installed). The firmware for all of the devices are open source and publicly viewable and auditable. If you don't trust the firmware that came with the device, you can install your own self-compiled version. The only firmware that is not open source is the firmware for Ledger's Secure Enclave. The Secure Enclave is where the private keys are stored. However things to and from the Secure Enclave must pass through the rest of the Ledger's open source firmware sop you would be able to see whether the Secure Enclave is leaking your private keys.

[rpuls]

If you load your private keys on a hardware wallet, it defeat its purpose.
The point of a hardware wallet is that the keys never leave the device, only the signed transactions.

Your current private keys are already less secured because they have been used on other devices.

I have to disagree. If the purpose of a hardware wallet is that the PK never leaves the hardware, and therefore also should not be loaded on to it. Then there is no option for backing up your PK which means you must be very careful where you put the hardware wallet, that you don't lose it, that is is not stolen, that it doesn't break, etc.

Which I would say is way more likely to happen than my own PKs should be compromised as long as I have followed protocol and generated them myself from a pc that was never connected anywhere else.

.
.

Thanks, that was exactly what I needed to know.

[HCP]

I have to disagree. If the purpose of a hardware wallet is that the PK never leaves the hardware, and therefore also should not be loaded on to it. Then there is no option for backing up your PK which means you must be very careful where you put the hardware wallet, that you don't lose it, that is is not stolen, that it doesn't break, etc.

Which I would say is way more likely to happen than my own PKs should be compromised as long as I have followed protocol and generated them myself from a pc that was never connected anywhere else.

More correctly... the PK's (or in the case of hardware wallets, the "seed") should never be on an "online" device. Of course you should backup your hardware wallet "seed mnemonic"... but this should be "offline"... ie. on paper... or, in your case, the "air-gapped" laptop.

The problem with your proposal of generating your own PK's, as highlighted by achow101, is that you can't import individual private keys into a hardware wallet. So, you would need to generate a seed, and convert that to a 24 word BIP39 compatible "seed mnemonic"... you could then import that seed mnemonic onto your hardware wallet. Obviously, this would all need to be done on non-networked offline hardware. The methodology for going from a seed to a seed mnemonic is outlined in BIP39 (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic)... basically generate 256 bit random number + "8 bit checksum" = 264 bits... split your 264 bits into 24 groups of 11 bits... each 11 bits = number between 0 to 2047 = index into word list of 2048 words (https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt)

In either case, paper backups of your seed and/or mnemonic are still a good idea in case of hardware failure killing your offline laptop.

[rpuls]

More correctly... the PK's (or in the case of hardware wallets, the "seed") should never be on an "online" device. Of course you should backup your hardware wallet "seed mnemonic"... but this should be "offline"... ie. on paper... or, in your case, the "air-gapped" laptop.

The problem with your proposal of generating your own PK's, as highlighted by achow101, is that you can't import individual private keys into a hardware wallet. So, you would need to generate a seed, and convert that to a 24 word BIP39 compatible "seed mnemonic"... you could then import that seed mnemonic onto your hardware wallet. Obviously, this would all need to be done on non-networked offline hardware. The methodology for going from a seed to a seed mnemonic is outlined in BIP39 (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic)... basically generate 256 bit random number + "8 bit checksum" = 264 bits... split your 264 bits into 24 groups of 11 bits... each 11 bits = number between 0 to 2047 = index into word list of 2048 words (https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt)

In either case, paper backups of your seed and/or mnemonic are still a good idea in case of hardware failure killing your offline laptop.

Thanks, that was a lot more clear. I think I now understand the pieces I was missing when I opened this thread.