How to spend from cold storage?

[yenom]

I'm testing my cold storage solution, here's what I've done.

Booted into Ubuntu 13.10 Live CD. Went to bitaddress.org and loaded the page. Pulled out my network cable. Created three wallets BIP38 encrypted with a 30 char passphrase which was generated from LastPass. The paper wallets were printed to pdf and stored in a truecrypt volume.

I've sent 0.01 BTC to one of the addresses as a test, and it seemed to work OK. I now want to test that I can spend that by sending it back. How can I spend a bitaddress.org address securely?

Thanks for any tips.

[1715135288]

1715135288

[DannyHamilton]

How can I spend a bitaddress.org address securely?

Import the private key into Armory running on a secure offline computer?

or

createrawtransaction & signrawtransaction
in Bitcoin-Qt running on a secure offline computer?

[cbeast]

You can sweep the paper wallet with the Mycelium app. It only uses the private key in ram and then deletes it.

[yenom]

Import the private key into Armory running on a secure offline computer?

How does the transaction get into the blockchain if it's offline? I want to send the bitcoin from my offline wallet to an online wallet to test that I can actually get my bitcoin out of cold storage before I put more in.

createrawtransaction & signrawtransaction
in Bitcoin-Qt running on a secure offline computer?

I have no idea what that means. 

[yenom]

You can sweep the paper wallet with the Mycelium app. It only uses the private key in ram and then deletes it.

I don't have an Android device, does it run on anything else? I have an iPhone but am thinking of ditching it soon...

[DannyHamilton]

Import the private key into Armory running on a secure offline computer?

How does the transaction get into the blockchain if it's offline? I want to send the bitcoin from my offline wallet to an online wallet to test that I can actually get my bitcoin out of cold storage before I put more in.

createrawtransaction & signrawtransaction
in Bitcoin-Qt running on a secure offline computer?

I have no idea what that means. 

Armory offline allows you to create a transaction, and then save that transaction to a USB drive.

You can then connect the USB drive to a computer running Armory online and use it to broadcast the transaction without every having your private key on an online computer.  It is essentially automating the process of using createrawtransaction & signrawtransaction for you.

[nobbynobbynoob]

createrawtransaction & signrawtransaction
in Bitcoin-Qt running on a secure offline computer?

I have no idea what that means. 

Yeah, definitely don't attempt this method if you don't know what you're doing. I kind of understand the bitcoind createrawtransaction and signrawtransaction commands, but wouldn't mess with them myself.

[gsingh]

You can sweep the paper wallet with the Mycelium app. It only uses the private key in ram and then deletes it.

How secure is this method? Is there any chance of being hacked if device is infected?

[cbeast]

Until there is a Trezor style Armory, security will be an issue for most.

[kellrobinson]

yenom, to use Armory or QT, you would probably have to download the entire blockchain; at least that's my understanding of Armory and QT, though I've never used either.  If you have the bandwidth, then go ahead.
Or you could import your private key into a light client of your choice, based on the balance of convenience and security you desire, what operating system you use etc.
You could also do it without using a wallet at all.
Like you, I did a little experimenting with bitaddress.org, generating and funding a brainwallet address with a nominal amount of btc.  To spend from that address, I used brainwallet.org.
I did it the quick easy way by going to the transactions page and entering my private key. This obviously involved some risk, because I was online when I entered the private key.
If you're willing to go to a little effort, you can do the whole thing without ever exposing your private key.  It's called an offline transaction.  You can do offline transactions from some wallets.   I'm pretty sure you can do an offline transaction using brainwallet.org too, but I haven't done it yet, so I won't presume to give you instructions.
If you go the brainwallet.org route, I would suggest spending the entire contents of the address.   See this thread:
https://bitcointalk.org/index.php?topic=388977.0

[empoweoqwj]

You can sweep the paper wallet with the Mycelium app. It only uses the private key in ram and then deletes it.

I don't have an Android device, does it run on anything else? I have an iPhone but am thinking of ditching it soon...

Definitely ditch an iphone if you want any bitcoin functionality

[yenom]

Today I tried to spend the money, no success.

I installed Electrum on my Ubuntu VM and disconnected the network. In Electrum I did Wallet->Private Keys->Import. I typed in my private key from bitaddress.org and got this screen. I double checked it and it is correct. What am I doing wrong?

[nobbynobbynoob]

Maybe you need to decrypt the wallet first? This is how it works in Qt, don't know about Electrum though.

[yenom]

Maybe you need to decrypt the wallet first? This is how it works in Qt, don't know about Electrum though.

How do I do that?

[Abdussamad]

Maybe you need to decrypt the wallet first? This is how it works in Qt, don't know about Electrum though.

How do I do that?

Using bitaddress.org wallet details tab. Enter the encrypted private key there and then the password to decrypt it.

[Abdussamad]

The best way to spend from a paper wallet is to

-  Use armory's sweep key function on an online computer to sweep the funds to an existing address: https://bitcoinarmory.com/about/features/

- create a temporary blockchain.info (bci) mywallet for the express purpose of importing the private key and then send ALL the coins to an address in your main wallet.

If you do it any other way you risk getting caught by change flowing to different addresses that you had no idea you had to preserve.

Needless to say once you've spent the coins in a private key via any of the above two methods you should make it a point to never use the private key again.

Finally if all of this sounds too much work for you then that's because it is. It is wrong to advice newbies to go the paper wallet route. If you are that worried about your coins use offline electrum. Very easy and you get unlimited addresses.

[nobbynobbynoob]

Maybe you need to decrypt the wallet first? This is how it works in Qt, don't know about Electrum though.

How do I do that?

Electrum? No idea, sorry.
Bitcoin-QT? Access the Debug console from the Help menu and type:

Code:

walletpassphrase <passphrase, enclosed in quotes if it contains spaces> <duration in seconds to keep the wallet unlocked>
importprivkey <private key, compressed format?>

[empoweoqwj]

Today I tried to spend the money, no success.

I installed Electrum on my Ubuntu VM and disconnected the network. In Electrum I did Wallet->Private Keys->Import. I typed in my private key from bitaddress.org and got this screen. I double checked it and it is correct. What am I doing wrong?

Ask about Electrum on the dedicate Electrum sub-forum

[yenom]

Using bitaddress.org wallet details tab. Enter the encrypted private key there and then the password to decrypt it.

Thanks that worked fine, got my coins back.

Finally if all of this sounds too much work for you then that's because it is. It is wrong to advice newbies to go the paper wallet route. If you are that worried about your coins use offline electrum. Very easy and you get unlimited addresses.

Thanks, I'm looking into using offline Electrum in an Ubuntu virtual machine hosted on ESXi 5.5. I've now got to think about how I back it up! Is saving the electrum seed for my cold storage wallet enough? Do I need to save the wallet files?

I consider myself an advanced PC user and using bitcoin in a relatively secure way is not straight forward!

[Abdussamad]

Thanks, I'm looking into using offline Electrum in an Ubuntu virtual machine hosted on ESXi 5.5. I've now got to think about how I back it up! Is saving the electrum seed for my cold storage wallet enough? Do I need to save the wallet files?

I consider myself an advanced PC user and using bitcoin in a relatively secure way is not straight forward!

The seed is enough as a backup. Backing up the wallet file presents additional advantages such as a backup of address labels. But, yeah, when push comes to shove the seed is all you really need.

I am not sure what you mean by a virtual machine. Are you running electrum in a virtual machine that is on an online computer? That is not an offline electrum setup. Installing it in a virtual machine does not afford you any additional security. An offline setup is electrum installed on the bare metal OS on a computer that rarely goes online. Finally you can also install electrum on Windows. I wouldn't recommend it but it can be done if you don't like or are unfamiliar with Linux.

[yenom]

Thanks, I'm looking into using offline Electrum in an Ubuntu virtual machine hosted on ESXi 5.5. I've now got to think about how I back it up! Is saving the electrum seed for my cold storage wallet enough? Do I need to save the wallet files?

I consider myself an advanced PC user and using bitcoin in a relatively secure way is not straight forward!

The seed is enough as a backup. Backing up the wallet file presents additional advantages such as a backup of address labels. But, yeah, when push comes to shove the seed is all you really need.

I am not sure what you mean by a virtual machine. Are you running electrum in a virtual machine that is on an online computer? That is not an offline electrum setup. Installing it in a virtual machine does not afford you any additional security. An offline setup is electrum installed on the bare metal OS on a computer that rarely goes online. Finally you can also install electrum on Windows. I wouldn't recommend it but it can be done if you don't like or are unfamiliar with Linux.

I don't have any "spare" bare metal machines. I have ESXi running on bare metal and hosts a lot of VMs for my work. I have created an Ubuntu machine here with whole disk encryption and home encryption. I have updated Ubuntu, installed Electrum and saved the seed words to a piece of paper and I'm also going to put them in a truecrypt volume somewhere in a text file in case I lose the piece of paper. The Ubuntu VM has the vNIC completely removed so it's as if it is offline. The ESXi host cannot communicate with the Ubuntu OS and the disk is encrypted.

For me, this is "good enough". I don't have millions of $ worth of BTC. If my BTC stash was of much higher value then I would invest in something over-the-top paranoid. But this is good enough to me.

I'm going to call my solution Bitcoin Cool Storage, or the Bitcoin fridge because it's not cold, as in frozen, but cool enough for me.

Oh, and thanks for the help!

[empoweoqwj]

Thanks, I'm looking into using offline Electrum in an Ubuntu virtual machine hosted on ESXi 5.5. I've now got to think about how I back it up! Is saving the electrum seed for my cold storage wallet enough? Do I need to save the wallet files?

I consider myself an advanced PC user and using bitcoin in a relatively secure way is not straight forward!

The seed is enough as a backup. Backing up the wallet file presents additional advantages such as a backup of address labels. But, yeah, when push comes to shove the seed is all you really need.

I am not sure what you mean by a virtual machine. Are you running electrum in a virtual machine that is on an online computer? That is not an offline electrum setup. Installing it in a virtual machine does not afford you any additional security. An offline setup is electrum installed on the bare metal OS on a computer that rarely goes online. Finally you can also install electrum on Windows. I wouldn't recommend it but it can be done if you don't like or are unfamiliar with Linux.

As an addendum, if you import any keys into Electrum you need to back up the wallet file as well as these are *not* restored from the seed. please correct me if I'm wrong on that.

[yenom]

As an addendum, if you import any keys into Electrum you need to back up the wallet file as well as these are *not* restored from the seed. please correct me if I'm wrong on that.

I think you are correct on that. I am sending my bitcoin from my old wallet to my offline wallet instead of importing the keys. I can live with the 0.1 mBTC transaction fee.