Hi all
Trying to figure out something,
Have a certain amount in a paper wallet and i want to withdraw half of it.
Using an HD wallet on my mobile and i scan the private code of the paper wallet.
at this stage the private code has been scanned and it's on my device so its not really private anymore.
Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?
thanks
Mark
You are right, as soon as your private key touches a device that's been online, you should consider your paper wallet to be compromised.
If you have multiple unspent outputs funding the address on your paper wallet, you should use them all...
Make a new paper wallet, import the private key of your paper wallet into electrum (for example, do check electrum's signature before using it, download only from the official site), create a new transaction spending all unspent outputs, pay whoever you have to pay and send the change to the NEW paper wallet.
If you're really security-contious you can even use an airgapped setup: create a watch-only online wallet where you import the ADDRESS, create the transaction spending all unspent outputs funding this address (change going to a NEW paper wallet that was created in a SECURE fashion), then install electrum on an offline machine where you import your private key, transport the unsigned tx from the online machine to the offline machine for signing, and back to the online machine for broadcasting.
I'm having a meeting right now, i'll try to answer any extra questions in ~0.5-1 hr.