Most secure way of moving coins from cold storage to hot

[xabbix]

Let's say I have some coins on an Armory client on an offline computer.

Now I want to keep that computer offline, but would like to spend some of the coins.

What is the most secure way of doing that? I could print a paper wallet of my cold wallet but that will include ALL coins and I would like to use just a fraction of it.

Thanks

[TierNolan]

Let's say I have some coins on an Armory client on an offline computer.

Now I want to keep that computer offline, but would like to spend some of the coins.

What is the most secure way of doing that? I could print a paper wallet of my cold wallet but that will include ALL coins and I would like to use just a fraction of it.

Thanks

Armory supports a watching-only wallet.

Boot up your offline computer and get it to create a watching-only wallet.

You need to get that wallet from your offline computer to your online computer (normally via usb ... don't copy the offline wallet).

If you import that wallet into your online computer, then it can produce transactions for your offline wallet.  However, it can't sign them.

Once you have setup the online watching-only wallet, spending the money is (relatively) easy.

Create a transaction and save it to usb.

Load the transaction into your offline computer and sign it.  This updates the file on the usb.

Return the usb to your online computer and it will broadcast the transaction.

[xabbix]

Great! Thanks!

[bitpop]

I would also sweep to new key just in case
Android rng exploit exposed private key just signing. Better safe than sorry.

[behindtext]

Let's say I have some coins on an Armory client on an offline computer.

Now I want to keep that computer offline, but would like to spend some of the coins.

What is the most secure way of doing that? I could print a paper wallet of my cold wallet but that will include ALL coins and I would like to use just a fraction of it.

Thanks

Armory supports a watching-only wallet.

Boot up your offline computer and get it to create a watching-only wallet.

You need to get that wallet from your offline computer to your online computer (normally via usb ... don't copy the offline wallet).

If you import that wallet into your online computer, then it can produce transactions for your offline wallet.  However, it can't sign them.

Once you have setup the online watching-only wallet, spending the money is (relatively) easy.

Create a transaction and save it to usb.

Load the transaction into your offline computer and sign it.  This updates the file on the usb.

Return the usb to your online computer and it will broadcast the transaction.

do keep in mind that usb does have firmware and that firmware can propagate malware.

[LiteCoinGuy]

and if you hold a large amount of coins you could buy a cheap laptop on which you only handle your coins.

[Flanagan]

For further assurance regarding this, I want to add this question:

I did create wallet in OFFLINE computer, made a Watch only copy, transferred with a USB pendrive that Watch only copy to ONLINE computer.

Now, my question concerning the USB malware possibility: Is there any chance that the USB could have carried the paper wallet (that I created within armory in the offline computer) or keys of the original wallet from the offline computer to the online computer?

[TierNolan]

Now, my question concerning the USB malware possibility: Is there any chance that the USB could have carried the paper wallet (that I created within armory in the offline computer) or keys of the original wallet from the offline computer to the online computer?

If you assume an unlimitedly powerful hacker then yes.

However, the security assumption is that your offline computer is safe.  In theory, the OS could have been corrupted when you downloaded it.

The advantage of the offline computer is that there is only one moment that it can be compromised (at creation).  After that, it is safe.

However, if the offline computer auto-runs usbs, then there is a risk every time you plug in the usb.

Ideally, an "Armory" version of linux would have auto-run guaranteed to be disabled.

There are also suggestions for doing things like using the speakers to transmit data via sound signals.