How would you say is the most secure way to create and maintain a paper wallet?

[pooya87]

Like Coinbase?

Coinbase is not a wallet, it is an account where you have zero control over your keys.

Sorry. I'm not sure I understand the core function of this tool in relation to Bitcoin. Is it a tool where you enter your btc key and it would convert it to a code and then you can use that code to retrieve your key? If so, then when does the password come into play?

Or does it also generate a password so now you'd have to enter the password AND the code to retrieve your key?

If it's the later, then what's the point of the code? Why not only a password to retrieve your key instead of (what basically seems to me as) two sets of passwords; the code and the actual password?
If it's for extra security then wouldn't you be able to create the same level of security with combining both the code and the password to make one password. What am I missing here?

practically you only have your password and the encrypted result. the rest is the "under the hood details", and under the hood the password you give the application could be extended to make any brute forcing attempts even more impossible. if you want to know more about the details look at BIP-38, what i explained above is very similar. there are some examples at the bottom under Test vectors too.

In Electrum I see .tar.gz and Appimage. Which one to use?

the first one.

1) What exactly is the benefit of mnemonic over private key?
2) What exactly is the benefit of mnemonic over private key when using an encryption tool?

with a mnemonic you can generate as many keys as you want, which makes reusing the paper wallet possible (eg. you use the first key of the wallet then move to next). you can't do it with a single private key paper wallet, you must throw it away after using it and send the remainder to a newly generated paper wallet which is a tedious task.
when encryption is involved there is a standard for encrypting private keys (BIP-38) but there aren't any for mnemonincs.

Is there any risk of doing this on a public computer?

most probably yes.

[1715408420]

1715408420

[1715408420]

1715408420

[1715408420]

1715408420

[9thsky]

OK. I'm not getting much luck Googeling "private key vs mnemonic vs mneminics BIP39".

Could you please help me out? What's the difference between the three in the way they are and function in as layman's termish as possible?

Mnemonics or mnemonic phrases are a series of words (usually 12 or 24) which can be used to recover your bitcoin wallet and all the addresses it contains. They are also known as seed phrases. (Indeed, "mnemonic" is a bit of a misnomer since these phrases are supposed to be backed up on paper, not memorized).

There are different ways that these phrases can be generated. Most wallets use a method known as BIP39, which is a standardized method. You can read more about it here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki (a little bit technical). Electrum, on the other hand, uses their own system which is not compatible with BIP39.

Private keys are numbers which relate to individual addresses. Each address in your wallet has a different private key which can be used to spend any coins on that address. All the private keys in your BIP39 or your Electrum wallet are derived from the mnemonic phrase. So to answer your other question further down your post, if you back up the mnemonic phrase, then you are effectively backing up every private key in your wallet and therefore your entire wallet. If you were to back up a single private key, then you are only backing up a single address.

OK thanks for that explanation.

Do i get a new mnemonics phrase for every address I create?

[9thsky]

Is there any risk of doing this on a public computer?

most probably yes.

What would be the risk if I'm booting from a DVD?

[pooya87]

Do i get a new mnemonics phrase for every address I create?

it is called deterministic key generation. you have a single entropy (your mnemonic) that all your subsequent keys (and addresses) are derived from.

What would be the risk if I'm booting from a DVD?

well for starters someone might be looking over your shoulder!

[9thsky]

What would be the risk if I'm booting from a DVD?

well for starters someone might be looking over your shoulder!

Haha I get that. I meant risks from within the computer itself. Let's say I borrowed laptop for instance.

[NotATether]

Haha I get that. I meant risks from within the computer itself. Let's say a borrowed laptop for instance.

In the extreme case, it might have malware installed in the BIOS, and that stuff can’t be deleted.

[9thsky]

In Electrum I see .tar.gz and Appimage. Which one to use?

the first one.

Wouldn't Appimage be better since it doesn't leave anything behind? https://itsfoss.com/use-appimage-linux

2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.

Can anyone post an example tool? I'm having a hard time finding one to get an idea what it is.

[NotATether]

In Electrum I see .tar.gz and Appimage. Which one to use?

the first one.

Wouldn't Appimage be better since it doesn't leave anything behind? https://itsfoss.com/use-appimage-linux

AppImage is just a compressed file that needs to be extracted to run the program and then is automatically deleted when the program is closed. In fact the link you posted says that. You could delete the folders extracted from a .tar.gz to erase the traces it leaves too.

2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.

Can anyone post an example tool? I'm having a hard time finding one to get an idea what it is.

Save whatever you’re trying to encrypt in a text file and then run in a terminal:

Code:

gpg --cipher-algo AES256  --no-symkey-cache -c filename.txt

And then type a password for it and delete the original file. No PGP key required. --no-symkey-cache is necessary to prevent the password from being cached. It is only available in GPG >= 2.2.7 so you need to use Ubuntu 20.04 for your live distro. Older distros package an older version of GPG without this feature.

To decrypt:

Code:

gpg -o filename.txt -d filename.txt.gpg

And type the password you set.


Source: https://askubuntu.com/a/449647

[o_e_l_e_o]

Do i get a new mnemonics phrase for every address I create?

No. The mnemonic phrase is unique to the wallet, but the wallet can contain a near endless number of addresses. Every single one of those addresses is ultimately derived from the same mnemonic phrase.

More technically, the phrase is hashed to produce what is called a "seed number", and that seed number is hashed again to create a "master private key". That master private key can create billions of child private keys, which can each create billions of their own child privates keys, which can each create billions of their own child private keys, and so on. Each one of those private keys can be turned in to a unique public key and therefore a unique address.

If you back up your one 12 or 24 word mnemonic phrase, then you have backed up every single one of those billions upon billions of unique addresses.

Search google for paper wallet, grab any result, or an Ad is even better. Print it and put in your sock drawer. Put all your money on it before getting comfortable with spending (don't worry about change address, WTF are those anyway). Back up on dropbox, or post it here.

Instructions unclear, uploaded my socks to Dropbox.

[9thsky]

Do i get a new mnemonics phrase for every address I create?

No. The mnemonic phrase is unique to the wallet, but the wallet can contain a near endless number of addresses. Every single one of those addresses is ultimately derived from the same mnemonic phrase.

More technically, the phrase is hashed to produce what is called a "seed number", and that seed number is hashed again to create a "master private key". That master private key can create billions of child private keys, which can each create billions of their own child privates keys, which can each create billions of their own child private keys, and so on. Each one of those private keys can be turned in to a unique public key and therefore a unique address.

If you back up your one 12 or 24 word mnemonic phrase, then you have backed up every single one of those billions upon billions of unique addresses.

Any beginners tutorial of this (preferably visual) so I can see what you're talking about and get a clearing understanding?

[o_e_l_e_o]

Any beginners tutorial of this (preferably visual) so I can see what you're talking about and get a clearing understanding?

I'm a big fan of the book "Mastering Bitcoin" by Andreas Antonopoulos for explaining a whole bunch of technical bitcoin concepts in easy to understand ways. It also includes some nice diagrams. The book is available for free on GitHub here: https://github.com/bitcoinbook/bitcoinbook. Chapter 5 deals with the structure of wallets and seed phrases, but see particularly the following sections:

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#hd-wallets-bip-32bip-44
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#mnemonic-code-words-bip-39

Another great resource is the site https://learnmeabitcoin.com/. Again, lots of easy to understand explanations, and even less technical than the Mastering Bitcoin book if you are finding that a difficult read. See particularly these pages:

https://learnmeabitcoin.com/technical/hd-wallets
https://learnmeabitcoin.com/technical/mnemonic

[9thsky]

In Electrum I see .tar.gz and Appimage. Which one to use?

the first one.

Wouldn't Appimage be better since it doesn't leave anything behind? https://itsfoss.com/use-appimage-linux

AppImage is just a compressed file that needs to be extracted to run the program and then is automatically deleted when the program is closed. In fact the link you posted says that. You could delete the folders extracted from a .tar.gz to erase the traces it leaves too.

So why exactly are we choosing .tar.gz over appimage?

[bob123]

So why exactly are we choosing .tar.gz over appimage?

"We" aren't choosing one over the other.

In the end, it really doesn't matter which you choose and only comes down to your own preference.

Do you want to install the wallet properly without giving up more space than necessary? Go for .tar.gz
Do you want it to be just a single file you need to run and don't care that libraries are included you already got installed which take up a few more MB while guaranteeing better compatibility between all systems? Go for .AppImage


Security-wise it doesn't matter as long as you verify the signature.

[btc123thatthere]

What about getting a second hand laptop for something like fifty to one hundred dollars, with a cd/dvd burner drive, disconnect its wifi /bluetooth hardware (preferably get one without bluetooth for less work), keep it as a dedicated bitcoin cold wallet machine, and perhaps make burn a few dvds (get good quality blank dvds) each with copies of the encrypted wallet file (filling up nearly all the space on each dvd with lots of copies of the same wallet file since its purpose is a backup after all.)

[o_e_l_e_o]

Writing private keys on paper can get damaged by natural disasters like water and fire

Obviously, as you say, engraving on metal plates is going to be more durable than writing on paper, but metal plates can also be damaged by natural disasters. You should make sure you are choosing stainless steel, titanium, or a similarly durable metal, as metals like aluminum (which many of the marketed back up devices are made out of) are malleable, do not resist corrosion, and have low melting points. Even then, a stainless steel plate is not indestructible. And even if it were, what if you can no longer access it? What if there is fire or explosion, and you can't find it in among all the rubble? What if there is a flood or tornado and it gets carried a few kilometers away?

What matters more than whether you choose paper or metal is having multiple copies in separate physical locations. I use paper wallets (on actual paper) and I use paper for writing down seeds. I am not concerned about them being damaged or destroyed even though they are just everyday paper, because I have multiple back ups. If one is destroyed, then I'll use one of the others to replace it. It's all about redundancy and not having a single point of failure.

[9thsky]

In Electrum I see .tar.gz and Appimage. Which one to use?

the first one.

Wouldn't Appimage be better since it doesn't leave anything behind? https://itsfoss.com/use-appimage-linux

AppImage is just a compressed file that needs to be extracted to run the program and then is automatically deleted when the program is closed. In fact the link you posted says that. You could delete the folders extracted from a .tar.gz to erase the traces it leaves too.

2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.

Can anyone post an example tool? I'm having a hard time finding one to get an idea what it is.

Save whatever you’re trying to encrypt in a text file and then run in a terminal:

Code:

gpg --cipher-algo AES256  --no-symkey-cache -c filename.txt

And then type a password for it and delete the original file. No PGP key required. --no-symkey-cache is necessary to prevent the password from being cached. It is only available in GPG >= 2.2.7 so you need to use Ubuntu 20.04 for your live distro. Older distros package an older version of GPG without this feature.

To decrypt:

Code:

gpg -o filename.txt -d filename.txt.gpg

And type the password you set.


Source: https://askubuntu.com/a/449647

Wouldn't saving a file make copies of it at various places that could be recovered later, regardless of whether you encrypt the file or not because the encryption would be after the file was saved without encryption?
And deleting the original unencrypted file doesn't really permenantly delete it. How do you get around this?

Writing private keys on paper can get damaged by natural disasters like water and fire

Obviously, as you say, engraving on metal plates is going to be more durable than writing on paper, but metal plates can also be damaged by natural disasters. You should make sure you are choosing stainless steel, titanium, or a similarly durable metal, as metals like aluminum (which many of the marketed back up devices are made out of) are malleable, do not resist corrosion, and have low melting points. Even then, a stainless steel plate is not indestructible. And even if it were, what if you can no longer access it? What if there is fire or explosion, and you can't find it in among all the rubble? What if there is a flood or tornado and it gets carried a few kilometers away?

What matters more than whether you choose paper or metal is having multiple copies in separate physical locations. I use paper wallets (on actual paper) and I use paper for writing down seeds. I am not concerned about them being damaged or destroyed even though they are just everyday paper, because I have multiple back ups. If one is destroyed, then I'll use one of the others to replace it. It's all about redundancy and not having a single point of failure.

Hand written or printed?

[o_e_l_e_o]

Wouldn't saving a file make copies of it at various places that could be recovered later, regardless of whether you encrypt the file or not because the encryption would be after the file was saved without encryption?
And deleting the original unencrypted file doesn't really permenantly delete it. How do you get around this?

I can't speak for NotATether, but whenever I am dealing with sensitive information like this I am doing so on my permanently airgapped device which uses whole disk encryption. Anything left behind after I am finished is encrypted along with the rest of the contents of the hard drive.

Hand written or printed?

Hand written. Using a printer just adds yet another attack vector, as almost all modern printers can be hacked, can run malware, have WiFi and Bluetooth capabilities, have internal memory which will store recently printed files, etc. The paper wallets I use are not "classical" paper wallets in the sense of a QR code and a single private key, but rather a full seed phrase - easier to work with, easier to write down, harder to make a mistake, reusable multiple times, no worries about change addresses.

[NotATether]

Wouldn't saving a file make copies of it at various places that could be recovered later, regardless of whether you encrypt the file or not because the encryption would be after the file was saved without encryption?
And deleting the original unencrypted file doesn't really permenantly delete it. How do you get around this?

You are correct, the only way to encrypt a file without leaving temporary copies behind is if it’s done in-memory and then the memory is overwritten with random data, and the sensitive info is read from some kind of text box used for passwords (how much privacy it provides depends on the text box implementation). Personally I like the text box GPG uses, it uses something called pinentry and it disables all of the editor shortcuts like Ctrl-C/V, and locks the input focus on the password dialogue.

Granted all of this requires you write your own encryption program, but because GPG is open source you can easily write a simple C program using libgcrypt and pinentry that somewhat replicates what GPG does except it reads from memory and not a file.

[9thsky]

Wouldn't saving a file make copies of it at various places that could be recovered later, regardless of whether you encrypt the file or not because the encryption would be after the file was saved without encryption?
And deleting the original unencrypted file doesn't really permenantly delete it. How do you get around this?

I can't speak for NotATether, but whenever I am dealing with sensitive information like this I am doing so on my permanently airgapped device which uses whole disk encryption. Anything left behind after I am finished is encrypted along with the rest of the contents of the hard drive.

Hand written or printed?

Hand written. Using a printer just adds yet another attack vector, as almost all modern printers can be hacked, can run malware, have WiFi and Bluetooth capabilities, have internal memory which will store recently printed files, etc. The paper wallets I use are not "classical" paper wallets in the sense of a QR code and a single private key, but rather a full seed phrase - easier to work with, easier to write down, harder to make a mistake, reusable multiple times, no worries about change addresses.

Are you using Windows or Linux, or Mac? So you're using mnemonic phrases? When using Electrum, don't you have to be connected to the internet when creating a wallet?

[o_e_l_e_o]

Are you using Windows or Linux, or Mac? So you're using mnemonic phrases? When using Electrum, don't you have to be connected to the internet when creating a wallet?

My airgapped device runs Linux. I use LUKS for whole disk encryption.
Yes, I predominantly use seed phrases rather than individual private keys, unless for very specific purposes.
No, you can create wallets offline with Electrum (or pretty much any good wallet or software). The wallet will not be able to update your balances without an internet connection or some other means of receiving blockchain data, but it is entirely possible to create a seed phrase and derive all the relevant private keys, public keys, and addresses without an internet connection.


Note that creating a wallet offline is exactly how cold storage is supposed to work. I can use Electrum on an airgapped device to create a new wallet from scratch. That wallet will contain all my private keys, but it will not show any balances. I then export the master public key from that airgapped wallet and move the master public key to an internet enabled device and import it in to a new Electrum wallet. This new wallet will only be able to generate the matching public keys and addresses only, and not the private keys. This is called a "watch only wallet" for that reason. It does not have the private keys, so it cannot sign any transactions (and therefore cannot be hacked), but it has an internet connection so can see incoming transactions and update balances.

When I want to make a transaction, I use the live watch only wallet to create the transaction. I then transfer it to the airgapped device which has the wallet containing the private keys (either via USB drive or scanning QR codes). The airgapped wallet can then sign the transaction, and I then transfer it back to the live watch only wallet, which can broadcast it to the network.