I want to create a paperwallet, and think that TAILS (
https://tails.boum.org/) could be a good choice for doing so securely. Ideally, I'm thinking of the following workflow:
1) Disable WiFi on my laptop using the hardware switch and boot into TAILS.
2) Create a private key and address, encrypt the private key with a strong passphrase (using GPG), and save it to a flash drive.
3) Shutdown TAILS without ever enabling network access, boot into the main system, and print the encrypted private key.
This ensures that, even if my main system is compromised (I hope not), the passphrase used to encrypt the private key is never accessible to malware; assuming that the TAILS image itself is not already compromised, TAILS is written to not leak any data on persistent storage, and furthermore the system on which the private key is accessible in clear text will never be connected to the internet.
Does this sound like a reasonably good way to create a (long-term storage) address? The problem I now have is the question, which tools to use to generate the address. TAILS unfortunately does not include any Bitcoin tools and also doesn't come with gcc (although it can probably be installed using pre-downloaded apt-packages if I try hard enough). I see the following options:
1) Use the bitcoind binary download. I tried this, but it seems to not start up when not connected to the internet and no blockchain data is present. Unfortunately, TAILS doesn't give me enough storage to keep a full blockchain. Is it possible to start up bitcoind and use it to create a wallet and export a private key without ever connecting to the internet and ever downloading a single block?
2) Vanitygen: Here I would also need a 32-bit binary, which I would have to try to find (not sure whether one is provided, usually I use the sources - but I would have to cross-compile them to 32-bit from my main system which uses amd64). Is this a secure method to generate addresses, considering entropy? I think it allows to seed the random-number generator with some arbitrary file, which could be generated from /dev/random earlier.
3) Using a downloaded version of bitaddress.org. This works, but I'm hesitant to use that because I'm not sure about the security of the generated data. Is the entropy good enough? Of course, I could also generate a file from /dev/random, hash it, and use the resulting hash as passphrase to a brain wallet. Do you think this is a secure enough method that I can trust? Is the used crypto in JS code stable enough to trust it with generating a long-term storage key?
What would you suggest?
