How to Generate a signed BTC transaction using Electrum and Trezor

[madnessteat]

Thanks for the great guide. Now I know a safe way to keep BTC in my mobile and are not afraid to lose them. I think this method is little known.

[1713574722]

1713574722

[1713574722]

1713574722

[1713574722]

1713574722

[HCP]

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?)

[cellard]

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?)

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

[krogothmanhattan]

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?)

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

That's not exactly full answer, cellard. Transaction  could be even signed by the correct key but  destination address in that Tx might be compromised at the time of signature   occurs.  The cracker is then able to get all fund  regardless of how transaction  was broadcasted.

So the rule of a thumb  [PC] =   air-gapped (and never "snorted" Internet) => (Forged Tx = safe). It means that TX is truly safe when it is forged by "cold" wallet ( in case under discussion by cold Electrum) sitting on air-gapped PC. All other "ways" are trying to trick us.

And, yes, your "airgapped linux computer" (that has  never "snorted" Internet)  is indeed the best scenario one could imagine to construct the safe transaction (arguably only "error-free paper+pencil"  could be safer but that is too time consuming).

     For arguments sake, IF electrum was infected with malware or a virus...

     a) Then you still need to confirm on the Trezor screen the sending amount and Bitcoin address where the Bitcoin is being sent to.

     b) The Trezor is signing or forging the Bitcoin transaction not electrum.

     c) I added step 19 and 20. You can decode the data and see where your Bitcoin is going to.

     d) Your private keys are never exposed to Electrum at all.

        SO  not only do you have Trezor signing to the correct address that you as a user will be confirming BUT you can also check it on the decoder page.

        That will put my mind at ease.

    Edit: I emailed Trezor about infected computers and here is their response..

      Trezor is designed so it won't reveal your private keys even when used with an infected computer. The transaction is signed by the device and this needs to be confirmed by the user (physical on-device confirmation). Therefore, even if  malware is present it cannot trick you into signing a different transaction if the address is correct and confirmed on the device's display  -

        

[HCP]

b) & d) IMO wrong assumption. Trezor is nothing more than a box that keeps public-private keys pairs.  On its own it doesn't matter in the end. External soft is needed to sign and forge tx. When Electrum officials say "private keys are never exposed to Electrum" they mean to Electrum servers but not client. Client needs it.

Your assumption is wrong. Trezor is more than a box that keeps public/private key pairs. The transactions are signed within the hardware wallet itself... the private keys NEVER leave the device. They are never exposed to Electrum... server OR client. They are not even exposed to the Trezor wallet software.

You create an unsigned transaction within your wallet software (electrum, mycelium, hardware wallet software in browser or on desktop etc)... The unsigned hex is then passed to the hardware wallet and the hardware wallet signs the transaction internally and returns the signed transaction hex.

Again, the private keys NEVER, EVER leave the hardware wallet.

However no matter who sign and forge tx the fake destination is a real menace for safety and this is my main point.

This is why you cannot be "in a harry[sic] or/and inattentive"...

I still stand by my story.

You might want to reconsider your position.

[HCP]

So, only air-gapped PC with cold wallet that sign tx  would bring true safety

I don't see why... air-gapped PC with cold wallet == hardware wallet, with slightly different workflows... all they do is hold private keys and sign transactions.

In both cases, you still need the online computer to generate the unsigned transaction... this is the point where the "fake destination" will be injected. Regardless of whether or not you use airgapped PC or Hardware wallet, you still need to take your time and verify the destination address.

Essentially... an air-gapped PC and a hardware wallet are the same thing and achieve the same goal... Separation of private keys from the online world. The only real differences are probably cost, convenience and workflow.

[cellard]

Why would the forged TX be unsafe in the case of a "PC&Electrum"?

Once a transaction has been constructed and signed, you cannot modify it in any meaningful way... or are you implying that there is a possibility for the transaction to be constructed improperly? (ie. wrong address/amount due to malware interference etc?)

Because I assume PC&Electrum means that the keys are sitting on an online computer, which means the keys are compromised by default, specially if you are using Windows.

Even with Trezor, I wouldn't trust that thing due you trusting some RNG you don't know, also google "Trezord.exe calls home"

So the way I see it is that airgapped linux computer + online linux node in which you move the tx into to broadcast it is the best possible scenario.

Bitcoin Core can do this too but it's harder since there isn't a nice GUI this too for some reason.

That's not exactly full answer, cellard. Transaction  could be even signed by the correct key but  destination address in that Tx might be compromised at the time of signature   occurs.  The cracker is then able to get all fund  regardless of how transaction  was broadcasted.

So the rule of a thumb  [PC] =   air-gapped (and never "snorted" Internet) => (Forged Tx = safe). It means that TX is truly safe when it is forged by "cold" wallet ( in case under discussion by cold Electrum) sitting on air-gapped PC. All other "ways" are trying to trick us.

And, yes, your "airgapped linux computer" (that has  never "snorted" Internet)  is indeed the best scenario one could imagine to construct the safe transaction (arguably only "error-free paper+pencil"  could be safer but that is too time consuming).

What do you mean by forged? I meant sending the raw tx hash into the online wallet, ideally via a QR code, not an USB since that could be compromised (unlikely.. but still worth considering). What other way would you do it?

So it would be best to have a QR code reader, I don't see how that can be hacked? I have not tried this, but if anyone wants to try, let us know.

For the airgap, there's old thinkpads sold with librebooted bios. You need to change some hardware, but if you don't want to, you can buy one of the smaller ones, the x60 I think didn't need any hardware changes to flash the bios. Be sure to follow a tutorial or you may brick the bios.

[buwaytress]

Great "last-ditch" technique actually but in response to Pooya, I would actually use it as a "in case I lose my access to everything or it's stolen" step. Soon as I think it's in danger of being accessed, just broadcast the tx and it's out of your wallet before it can be accessed. I'd only just make sure the fee is very high!

And as such, it's not very useful for a p2p transfer, unless, as OP says, you fix the BTC price before the meet. Might work for small purchases or very big transactions paid with BTC, but that's not usually how it works though for BTC buy/sell trades.

And yes, definitely not "forge". I clicked on this thread thinking it was a forgery tutorial.

[krogothmanhattan]

And yes, definitely not "forge". I clicked on this thread thinking it was a forgery tutorial.

  Damn I cannot believe the word forge is being thought about as forgery!

  That being said I have changed the word with GENERATE. I have also added the word signed

   Thus the new heading is  How to Generate a signed BTC transaction using Electrum and Trezor

     I hope that helps. Cheers  


  

[Tamilson]

Hi Krog, just want to ask if this can't be done using mobile phone specifically in their app? I navigate the electrum app and don't see those images on OP.

Thanks for the great guide. Now I know a safe way to keep BTC in my mobile and are not afraid to lose them.

This confuse the hell out of me, so I looked at my electrum app and don't see those.

Trezor is designed so it won't reveal your private keys even when used with an infected computer. The transaction is signed by the device and this needs to be confirmed by the user (physical on-device confirmation). Therefore, even if  malware is present it cannot trick you into signing a different transaction if the address is correct and confirmed on the device's display  -

I wonder if ledger has also this kind of security, well maybe, since their both hardware wallet. Maybe I should email them too and confirm this or else.

[Rath_]

I wonder if ledger has also this kind of security, well maybe, since their both hardware wallet. Maybe I should email them too and confirm this or else.

It does have this kind of security. Ledger and Trezor are a bit different. Trezor hardware and software is fully open-soure so that anyone can build it up from the scratch while Ledger believes in security through obscurity. Ledger has a limited amount of space because of built-in Secure Element. Ledger wrote a good article on why they decided to use it. You can find it here.

[krogothmanhattan]

Hi Krog, just want to ask if this can't be done using mobile phone specifically in their app? I navigate the electrum app and don't see those images on OP.

  Never tried it on the phone app so I cannot really say.

Thanks for the great guide. Now I know a safe way to keep BTC in my mobile and are not afraid to lose them.

This confuse the hell out of me, so I looked at my electrum app and don't see those .

  What the guy meant is he could carry the raw data on an email that could send any amount of btc to the address it was genereated to send to and thus if ever hacked or cell phone lost he would never lose any BTC.

  Example, you generated raw data to send 100 BTC to a particular address and are carrying the raw data. If a hacker or other person ever grabs that data and then transmits on Blockchain, then the BTC will go to that address that you had in mind and NOWHERE ELSE.