Paper wallets best practices

[Walley303]

Hi all. What are considered "best practices" to ensure a paper wallet is as secure as can be for cold storage? I realize the paper itself is vulnerable to fire, water etc. And to be sure to guard your private key from view of people and cameras. But I've also heard about needing a special printer because most modern printers have memory in them that saves what you print and that can be compromised. Also an "air gapped" computer using something called "iceberg protocol" or something like that. Can someone tell me what is the best way to set up a paper wallet?

[jackg]

The best practices for paper wallets IMO would be:
1. Put the paper in a fireproof safe if your bitcoins are worth enough for them to be protected (this can also be helpful for dumping the airgapped laptop also so no one tries to check their social media through it)...
2. Air gapped computers are extremely secure on their own (with a password) and are probably better than a paper wallet. But if you're wanting to use a paper wallet (i.e to not put all your eggs in one basket) then air gapping the computer and the printer is the best option.
If you can avoid printing entirely, then try writing out the address or using a QR code (you should encrypt the information you are printing anyway).
A better alternative to writing down your key or printing it off is to use some software like electrum which generates seeds for you to use and these are 12-24 words depending on the security you are after and are much easier to write down and store as you don't have to question "if that's a 5 or an S?".
3. Try finding a way to verify that what you have downloaded to make a seed has given you an accurate address and private keys by putting it into two devices not connected to the internet (or the same device with different operating systems).

Some alternatives to paper wallets:
1. Buy a cheap android phone/tablet for a maximum of $100 (preferably an old one that's still sold) and install electrum on it. Then take it completely offline and put it in a safe and secure place.
2. If you can go a bit higher, you can buy a phone and a trezor (or another hardware wallet) and try using that to store your funds (or use the hardware with a computer instead of a phone, this can also be done in an airgapped way once all firmware is installed).

[Walley303]

So an air-gapped computer+printer is best, and then protect the paper + computer from access and fire/water etc. No special stuff beyond that?

I ask because I want to store some keys that don't use BIP39/HD seeds to generate them.

[TryNinja]

So an air-gapped computer+printer is best, and then protect the paper + computer from access and fire/water etc. No special stuff beyond that?

I ask because I want to store some keys that don't use BIP39/HD seeds to generate them.

You can also encrypt your paper wallet private-key with a BIP38 password, so anyone getting your paper wallet will also need a password to unlock it.

Bitaddress.org does that (check the 'Wallet Details' page).

What really matters is WHERE you're generating the paper wallet (so you need a trusted air gapped PC) and how you're printing this information (does your print save a history of what you print?, are you using a trusted address generator?). These are the main things you should focus.

[jackg]

So an air-gapped computer+printer is best, and then protect the paper + computer from access and fire/water etc. No special stuff beyond that?

I ask because I want to store some keys that don't use BIP39/HD seeds to generate them.

You could probably do with coming up with something seedlike for the private keys in case you have a misspelling. Alternatively, you could write down the seed in a number base with few overlaps (base 8 or 10 might be good ideas). And make a checksum at the end just in case you mess it up...

As said, you can also use a bip38 password for enhanced security.

[trapatalce]

Hi all. What are considered "best practices" to ensure a paper wallet is as secure as can be for cold storage? I realize the paper itself is vulnerable to fire, water etc. And to be sure to guard your private key from view of people and cameras. But I've also heard about needing a special printer because most modern printers have memory in them that saves what you print and that can be compromised. Also an "air gapped" computer using something called "iceberg protocol" or something like that. Can someone tell me what is the best way to set up a paper wallet?

I actually wouldn't use a paper wallet. I'd get a small USB stick and create a text file. Then add the private keys to the text file and put the text file on the USB stick.

Throw the USB stick in the safest place you can imagine and you've got yourself secure holding.

[Walley303]

What really matters is WHERE you're generating the paper wallet (so you need a trusted air gapped PC) and how you're printing this information (does your print save a history of what you print?, are you using a trusted address generator?). These are the main things you should focus.

That is what I mean. Can I just buy an old PC and use it as an air-gap? Or should DIY one? How do I know what printer saves my print jobs vs. one that doesn't? Are there recommended products? Protocols? What is the preferred "set up?"

[jackg]

I actually wouldn't use a paper wallet. I'd get a small USB stick and create a text file. Then add the private keys to the text file and put the text file on the USB stick.

Throw the USB stick in the safest place you can imagine and you've got yourself secure holding.

USB sticks aren't very reliable, especially for repeated use.

If you must use them, I'd suggest at least 5 USB sticks and you can normally get small ones in packs of 20...



Hard drives also demagnetise themselves after 3 years (or begin to) if you don't rewrite the entire data.

[pooya87]

lets split the whole process into 3 groups/steps:
1. creation
the first thing to do is to create the paper wallet correctly so that you are not leaking anything in this step. for that you should start by choosing a good tool and for that you first have to decide whether you want to store a single key or a seed.
if it is a single key (the most common form of paper wallet) then you can use any trusted wallet that allows you to export the private keys. you can also use specialized tools such as bitaddress.
if it is seed then your choice is limited to the HD wallets such as Electrum.

then you have to download this "tool" and verify its authenticity. this is usually done with a PGP signature.

and the final step is to run it and generate your key(s). in this case you want to choose a clean environment to do that. the best way to do it is using a live linux with network physically disabled.

2. printing
using seed words helps in this case since you wouldn't need a printer, in case you don't own one or are worried about printer memory. you can write down phrases on paper easier than random characters of a private key.
using encryption in this case is encouraged. it prevents someone from physically stealing your coins since they would need the password but then you will have to create a back up of that password too. using encryption also solves the problem with printers if the password was strong and the encryption was a good one (such as BIP38 or simply using AES-256).

3. storage
you choose paper wallets when you want to store a key for long term so you have to store it in a way that it is not damaged in long term and stays safe. choosing the material to "print" the key on is important in this case.
for very long periods, metal is the best choice because of its durability. there are projects that sell ready to use metallic letters designed to be used for bitcoin paper wallets. or you can use an old fashioned chisel an a plate.
paper is the most common and cheapest option. but its durability is limited, it can however be increased by using good material and laminating it. (encryption helps in this case if you don't want to buy a laminating machine).
digitally storing a paper wallet (storing on a USB disk) is discouraged because digital storage is always at risk of being hacked and leaking your key and also for "storage" they are not durable.

[optional]4. testing
i always suggest that when you create something like a paper wallet, you test it. for example you can do all of the above and send a small amount to the wallet you created. then after confirmation sweep that key and spend that amount.
this way you will eliminate any possible mistakes that you might have made in any of the above steps and it can give you a good idea of how things should work. then throw away this test key and create a new one for real usage.

[Walley303]

1. creation
the first thing to do is to create the paper wallet correctly so that you are not leaking anything in this step. for that you should start by choosing a good tool and for that you first have to decide whether you want to store a single key or a seed.
if it is a single key (the most common form of paper wallet) then you can use any trusted wallet that allows you to export the private keys. you can also use specialized tools such as bitaddress.
if it is seed then your choice is limited to the HD wallets such as Electrum.

then you have to download this "tool" and verify its authenticity. this is usually done with a PGP signature.

and the final step is to run it and generate your key(s). in this case you want to choose a clean environment to do that. the best way to do it is using a live linux with network physically disabled.

I am considering only a single key, seeds are not an option for my application. My wallet generates them and allows me to export private keys as a text string. I then want copy-paste these into a QR code generator to make QR codes and print the codes + text strings as public/private key pairs. Is this simply too compromised? What can I do to improve this short of abandoning this approach entirely?

then you have to download this "tool" and verify its authenticity. this is usually done with a PGP signature.

and the final step is to run it and generate your key(s). in this case you want to choose a clean environment to do that. the best way to do it is using a live linux with network physically disabled.

The generator of my keys is a wallet, so while it can be temporarily physically disconnected, it cannot be permanently so to broadcast tx's to the world. Ideally internet-facing elements have only public read-only keys and private keys are kept back in paper wallets (the purpose of this thread). Since my goal is to input keys into this wallet via QR codes, including private keys, there will have to be a camera which is a source of compromise at some point. Should the wallet be air gapped completely and the tx text be transmitted somehow to a node for broadcast? This is where it gets tricky for me.

2. printing
using seed words helps in this case since you wouldn't need a printer, in case you don't own one or are worried about printer memory. you can write down phrases on paper easier than random characters of a private key.
using encryption in this case is encouraged. it prevents someone from physically stealing your coins since they would need the password but then you will have to create a back up of that password too. using encryption also solves the problem with printers if the password was strong and the encryption was a good one (such as BIP38 or simply using AES-256).

As I said, seeds are out, full stop. I fully appreciate the value of seeds, but not this time. I see walletgenerator.net allows BIP38 and ASC256 encryption of keys but I don't see any means to decrypt them later. Again I am using keys generated from my wallet and not walletgenerator.net or elsewhere. I am trying to secure these keys beyond them just sitting on a HD pretty much in the clear.

I concur on everything in sections 3 and 4. I am trying to find a way to properly secure keys not using seeds or a hardware wallet. If those are off the table, what are my "best practices?"

[pooya87]

I am considering only a single key, seeds are not an option for my application. My wallet generates them and allows me to export private keys as a text string. I then want copy-paste these into a QR code generator to make QR codes and print the codes + text strings as public/private key pairs. Is this simply too compromised? What can I do to improve this short of abandoning this approach entirely?

unless the tool you are using already offers QR code generation, using third party tools to generate that QR code requires extra care. and again you should be doing all of this offline. for example you could download https://github.com/pointbiz/bitaddress.org and run it offline, after generating the key you can store the QR image it generates. other wallets usually support QR codes too. for instance Electrum lets you see your private keys as QR (but not seed)

The generator of my keys is a wallet, so while it can be temporarily physically disconnected, it cannot be permanently so to broadcast tx's to the world. Ideally internet-facing elements have only public read-only keys and private keys are kept back in paper wallets (the purpose of this thread). Since my goal is to input keys into this wallet via QR codes, including private keys, there will have to be a camera which is a source of compromise at some point. Should the wallet be air gapped completely and the tx text be transmitted somehow to a node for broadcast? This is where it gets tricky for me.

paper wallet is meant for long term storage not for what you are trying to do. what you want is called "cold storage" and you don't need to enter your private keys. you just need 2 pairs of wallets. one called watch only wallet containing your "addresses" and the other the cold storage containing your "private keys".
here is the process (you need 2 machines, offline and online):
1. offline: create the wallet. back up the seed/key,... and copy the public key (or extended public key if it is HD). this wallets acts as a holder of your keys responsible for signing.
2. online: transfer the public key to this wallet. this wallets acts as communicator that receives transaction history and creates unsigned transactions and broadcasts signed ones.
3. online: sync! create a transaction, copy it.
4. offline: transfer the unsigned tx here and sign it
5. online: transfer the signed tx here and broadcast it

this way your private keys don't exit the cold storage (offline computer) and remain safe. your online computer only has your public keys which don't reveal anything sensitive.

https://docs.electrum.org/en/latest/coldstorage.html

As I said, seeds are out, full stop. I fully appreciate the value of seeds, but not this time. I see walletgenerator.net allows BIP38 and ASC256 encryption of keys but I don't see any means to decrypt them later. Again I am using keys generated from my wallet and not walletgenerator.net or elsewhere. I am trying to secure these keys beyond them just sitting on a HD pretty much in the clear.

i haven't used walletgenerator ever so i don't know. bitaddress however has a BIP38 encrypt, decrypt option. for example you can open the website and check this as a test (i created a random key for testing, don't use it for anything else)
encrypted key:

Code:

6PYUDooqhmWv2ckea8VpiE1L3QPxLJkccL9zwvzR5xokoSX22erzTxvxDj

go to wallet details tab and enter the key in first box and click wallet detail and enter the password in second box:

Code:

123

you'll see the decrypted key

Code:

L3rpBTskKNtZHf9UHV4v1MSAfbZYNyRr75wKFnia4nZn5sigqe9p

encryption is the same, enter the key (L3rp...) check the passphrase checkbox and enter a strong password (123 here for testing only) the encrypted key is going to be at the bottom.

[Walley303]

bitaddress.org and walletgenerator.net don't support my coin. my wallet will make QR's for public addresses, but not private keys.

between steps 3-5: is copying the tx through these steps a possible compromising vector?

is the private-key part of steps 1-5 an air-gapped computer vs. the public-key/internet-connected part a node?

how do they communicate? QR codes? usb drives?

I can see how you'd do all that with electrum but there isn't an electrum version for my coin.

I see the BIP38 encryption thing at bitaddress, but that works only for BTC addr's.

[pakhitheboss]

A paper wallet is considered a primitive way of storing your Bitcoin in 2019. 10 years back technology was not so advanced as it is now.

If you want to store any cryptocurrency safely and securely then the best option available in the market is a Hardware wallet. A good wallet like Ledger Nano X can cost up to $100. They do have other models that cost you less than $100.

It would be wise to spend some money to store your assets than using a paper wallet by a third party website. A paper wallet is not a secure way of storing Bitcoin wallet seeds.

[pooya87]

between steps 3-5: is copying the tx through these steps a possible compromising vector?

there is no compromising information inside a raw transaction (unless your wallet is broken and does something that is not normally done in a crazy scenario, and since you are apparently talking about an altcoin you might want to double check this) so transferring it will not have any risk.
although if you are doing the transfer using something like USB disk and connecting that disk to the online computer, then it can be infected there and then "infection" can be transferred to the cold storage.
a way to mitigate is is using QR codes for transactions!

if your wallet doesn't support it, then your only option is finding another application on the internet (hopefully an open source one) and generate the QR code using that tool and using a phone you can scan that and do the transfer back and forth.

is the private-key part of steps 1-5 an air-gapped computer vs. the public-key/internet-connected part a node?

yes the private key is kept on the air-gaped offline computer never connecting to the internet.
the public keys are kept on the online computer connected to the internet and the P2P network one way or another.

how do they communicate? QR codes? usb drives?

it can be anything as i explained above. QR codes being the safer option.

I can see how you'd do all that with electrum but there isn't an electrum version for my coin.

usually other wallets offer some sort of command line tool that has additional "expert" lever options. you might have to look into that.
usually these user friendly options are added since there is a demand for it. but if nobody wants it for some altcoin, obviously nobody creates them.

I see the BIP38 encryption thing at bitaddress, but that works only for BTC addr's.

your wallet must offer some sort of encryption (they all do), see if there is an option to encrypt/decrypt private keys using that. if not there are popular tools for encrypting messages (raw data) you can simply use one of them, convert your private key to hexadecimal (base-16) format and encrypt it using one of those tools and AES-256 encryption technique which they must support.

[bright4mech]

For my own understanding and experience so far, paper wallet is more risk usage, because anytime your device clash or lost from the owner, paper wallet is more difficult to recover, than blockchain wallet.

[TryNinja]

For my own understanding and experience so far, paper wallet is more risk usage, because anytime your device clash or lost from the owner, paper wallet is more difficult to recover, than blockchain wallet.

That's the price you gotta pay if you want to be the true owner of your coins. What happens if Blockchain wallet vanishes? Don't be dependent to other people/services.

[jademaxsuy]

There are many paper wallets online that are free to download. But, it could be difficult to trust since many online platforms now had integrated to the system by daby assisting groups m

[Kiefner]

Another way to encrypt your wallet is to come up with a specific algorithm. For example, increase each digit in the wallet address by one and record the result. Thus, even if it is stolen, the scammers will still not be able to steal your funds.

[Reid]

If you really think you are at a lot of risk  at paper wallet then try another kind of storage.

I used electrum and I have the seeds in a small paper. (3 copies) One I always bring and another at my stash which is secured from fire and water.
Oh I literally used a paper and a pen. Just so you know.

Another is just the private keys. Wrote it down in a piece of paper again.
If you want security, go old school. Remember, we have more of privacy before than now. Android, IP's, computers, sim cards, all of them can be used to trace you but not with a pen.

[Vaskiy]

If you really think you are at a lot of risk  at paper wallet then try another kind of storage.

I used electrum and I have the seeds in a small paper. (3 copies) One I always bring and another at my stash which is secured from fire and water.
Oh I literally used a paper and a pen. Just so you know.

Another is just the private keys. Wrote it down in a piece of paper again.
If you want security, go old school. Remember, we have more of privacy before than now. Android, IP's, computers, sim cards, all of them can be used to trace you but not with a pen.

When we find our holdings to be much worth, then we should take the necessary steps to keep it secure. As suggested having few copies of the paper wallet and keeping them secure on different places will ensure the holdings to be more secure.

Another thing is to have a ledger wallet. When you have $1500 worth cryptocurrency holdings, spending 10% value to keep the holdings more secure buying a ledger wallet is the best choice along with having paper wallets.