MyEtherWallet Cold Storage Question

[adaseb]

I am trying to figure out a way to display the private key or anyway to get some type of BIP38 encryption on my private key with a wallet I create using the Seed method.

I can create a 12 or 24 word seed and it gives me access to my wallet but how do I securely secure the seeds. It doesn’t give me the option of saving a backup file or even shows me my private key. And even if I got the private key, how do I encrypt it because using Bitcoins BIP38 doesn’t seem to work.

Anyone got any tips. Rather not rely on my own memory to remember 24 words or write it down somewhere locally unencrypted.

[ABCbits]

What you're looking is BIP39, which is about mnemonic words generation which support passphrase/password. Ethereum does support BIP39, but the downside is, if you enter wrong passphrase during recovery, you'll get different address.
I don't know if MEW have option to use passphrase when generate mnemonic words, but you always could use https://iancoleman.io/bip39/

[Chikito]

And even if I got the private key, how do I encrypt it because using Bitcoins BIP38 doesn’t seem to work.

as I know BIP38 is for Bitcoin only. Other ways to encrypt your Ethereum private key is saved in a text file then encrypt it. Or encoding it to hex.

[khaled0111]

Or encoding it to hex.

Converting the seed/private key to HEX is, as you said, encoding not encrypting. It's not safe since any one can decode it using any online tool or a few lines of code.

OP, since you used a seed to create the wallet then it's adviced to backup the seed not the private keys it generates. You can use any reputable encryption software to encrypt the 12/24 words or the file they are saved in, but you will have to save the passphrase/password needed for decryption in a totally different place.

[OmegaStarScream]

You can create the wallet using Coinbase wallet (Formerly Toshi[1]) and it'll automatically save your private keys/seed to your Google Drive account. Just make sure to use a strong password. See this[2].

[1] https://blog.coinbase.com/goodbye-toshi-hello-coinbase-wallet-the-easiest-and-most-secure-crypto-wallet-and-browser-4ba6e52e4913
[2] https://blog.coinbase.com/backup-your-private-keys-on-google-drive-and-icloud-with-coinbase-wallet-3c3f3fdc86dc

[Chikito]

Or encoding it to hex.

Converting the seed/private key to HEX is, as you said, encoding not encrypting. It's not safe since any one can decode it using any online tool or a few lines of code.

yes, I know, at least it makes it invisible to common people what the meaning of the number is.

[adaseb]

Thank you all that replied. I am doing this on an offline cold storage computer so the google drive is not an option. I also rather not have to download another piece of software to encrypt the seeds. I think I will just use the regular method and use the keystore method which uses a password and just back that up to multiple devices. Just surprised this isn't an option in MEW since most bitcoin wallets allow you to save your backup if it was created using the mnemonic seed.

Anyone know how secure the keystore password is ? Looking inside the file is some CipherText and it doesn't look like a private key, so I am assuming this is the encrypted private key using the password that I created? Anyone want to confirm?

[pooya87]

And even if I got the private key, how do I encrypt it because using Bitcoins BIP38 doesn’t seem to work.

as I know BIP38 is for Bitcoin only. Other ways to encrypt your Ethereum private key is saved in a text file then encrypt it. Or encoding it to hex.

It doesn't have to be. From the user perspective they are giving the application a 256-bit input (ie. private key of any altcoin copied from bitcoin) and receive a 256-bit output (the encrypted key). Internally the code doesn't care what the key is used for, it creates some sort of checksum by computing the (bitcoin) public key and (bitcoin) address which user doesn't have to be concerned about at all since these are all "under the hood" and is used for scrypt salt which is then included in the end result.
It is "some sort of checksum" because when you decrypt you would derive the same pubkey/address and compute the salt and see if it is the same as what the encrypted input had, again all under the hood so it won't matter what altcoin the key belongs to.

[adaseb]

Anyone know if GPG is included in the Live CD of the Ubuntu OS? Was going to switch over to a keystore however did some searching for linux based encryption software and GPG is included as a standalone app in certain Ubuntu releases?

From what I can tell all you do is type "gpg -c SEED.txt" and enter a strong password. To decrypt just type "gpg SEED.txt.gpg" and should ask for password before it decrypt. Wondering if anyone had any issues using gpg in the past to encrypt their documents and seeds. Are failure points I can run into? Is there an encryption option I can select such as 128bit vs. 256bit? or is it just some standard ?

[pooya87]

Anyone know if GPG is included in the Live CD of the Ubuntu OS?

All popular Linux distributions include GPG by default, specifically Ubuntu (also I have used 14, 16 and 20 and they all had it).

From what I can tell all you do is type "gpg -c SEED.txt" and enter a strong password. To decrypt just type "gpg SEED.txt.gpg" and should ask for password before it decrypt. Wondering if anyone had any issues using gpg in the past to encrypt their documents and seeds. Are failure points I can run into? Is there an encryption option I can select such as 128bit vs. 256bit? or is it just some standard ?

You can use the -symmetric command and defined an algorithm to be used in the encryption

Code:

gpg --symmetric --cipher-algo AES256 SEED.txt

You will be asked to enter your passphrase and confirm it again.
The algorithms you can use are: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
For more info: https://tutonics.com/2012/11/gpg-encryption-guide-part-4-symmetric.html