Bitcoin Forum
March 19, 2024, 03:21:18 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Offline signing your paper wallet using air gapped phone via Electrum  (Read 914 times)
krogothmanhattan (OP)
Cypher Hodl LLC
Legendary
*
Offline Offline

Activity: 2464
Merit: 3167


The Stone the masons rejected was the cornerstone.


View Profile WWW
December 26, 2020, 06:38:43 PM
Last edit: June 12, 2023, 06:51:22 PM by krogothmanhattan
 #1

 One of my most favorite ways of storing bitcoin is on a paper wallet. Paper wallets if done right are one of the most secure ways of storing bitcoin especially if done on an air gapped computer which in my opinion is a must.

     The tricky part is when the time comes to sweep the wallet and that is where screwups can happen. If your computer or phone has a malware or virus infecting it, then chances are you can lose your bitcoin.

     One way to prevent this from happening is to never expose your private key to a hot wallet or the internet, but rather have it signed using an airgapped device with a wallet on it.

     We will be using Electrum and to make sure you have the right Electrum, you can read about it on this thread I wrote on another way of siging a BTC transaction where people brought up ways to make sure your electrum download is not tainted in anyway. https://bitcointalk.org/index.php?topic=5106013.0   www.electrum.org

     I will use cell air gapped cold wallet to cell hot wallet

     So in this setup we will have a cellphone and a computer both installed with the latest version of Electrum.

     These are the steps I took....
   

      Wipe out all data on cellphone and have it reboot with factory reset, thus cleaning it of any malware or viruses.

     Install Electrum and then place it in Airplane mode, disable wifi, disable bluetooth, remove sim card and also remove the antenna thus making it air gapped.

     
      Creating new wallet as follows.....

   


       Click NEXT then name your wallet
     

      Next create new password
     

      The select type of wallet you are creating..in our case we are importing a public or private key.
      So up to this point you can use for both the air gapped and live hot phone electrums.
      Click on the camera tab to scan the qr code.

       

       Here I will be importing the private key for the air gapped wallet phone

       

       You can do the same for the HOT LIVE Cell phone wallet, BUT, ONLY IMPORT THE PUBLIC KEY!

     

       
       On the air gapped phone the OFFLINE will show as there is no connection with any internet signal. Thats exaclty what we want to see.

       
       


        When clicking receive on both phones, and then request, the public address matching THAT particular private key will show.
         The Air gapped and the Hot phone Public addresses should both match!

         
         

       
           On the HOW LIVE phone, click click scan and scan qr code of public address you want to send the paper wallet funds to
         Then Click amount and send MAX. Always sweep a paper wallet fully!

         
         

         You can set the mining fees on the app,
         Change the method to "Static", you will be able to set the transaction fee to lower amounts.
         Look at the image below. The fee is only 1 sat/byte.



         Next click PAY and the following information will show. Here you can check amount of BTC sent, mining fee and most importantly BTC address where bitcoin is being sent
         to.
         
         



         Next click on QR tab and the following RAW UNISGNED TRANSACTION QR code comes up.

         

          Now with your air gapped phone click on SCAN and scan the QR code from your live phone.
          This will take your raw unsigned transaction into your cold air gapped phone with the private key to be able to be signed!

          This is what will show on your air gapped phone after scanning the QR code from the LIVE HOT phone wallet.

         

          Next click on the sign TAB and the following will come up confirming you want to sign the unsigned transaction.

           

           Once you click on yes, the new window coming up will show you a signed BTC transaction with the address the btc is going to also the amount!
           This way you can be sure the btc is going to the BTC address you want it to goto and not some malware altered BTC address!! Also the TX data is also present and
           showing.

           

           Now for the final steps of transferring this to your hot phone by clicking on the QR tab on the air gapped phone which will produce a QR code.
           Take your live HOT Wallet phone and click on Scan, then scan the QR code from the Air gapped wallet.

            The following will show up, and again you can confirm and the information. Once you are satisfied, click on Broadcast and the raw transaction will be broadcast on blockchain and the bitcoin will be transferred from your paper wallet to the BTC addy of your choice.

             


              I hope this helps people understanding how a paper wallet can be swept without ever having to expose the private keys to a HOT wallet.

              Again test with a very small amount of BTC until you have it nailed down and feel comfortable in doing this.


Made another visual aid to make it even easier to understand.



                   or full version here















█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
"You Asked For Change, We Gave You Coins" -- casascius
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710818478
Hero Member
*
Offline Offline

Posts: 1710818478

View Profile Personal Message (Offline)

Ignore
1710818478
Reply with quote  #2

1710818478
Report to moderator
krogothmanhattan (OP)
Cypher Hodl LLC
Legendary
*
Offline Offline

Activity: 2464
Merit: 3167


The Stone the masons rejected was the cornerstone.


View Profile WWW
December 26, 2020, 06:39:01 PM
Last edit: June 12, 2023, 06:51:45 PM by krogothmanhattan
Merited by Dabs (1)
 #2

THIS OFFLINE WALLET SWEEP WILL BE USING AN AIR GAPPED PHONE AND A PC ELECTRUM.

   Again create the same steps you did with the air gapped wallet as we did in the example above.

   Next for the hot wallet on the PC, install Electrum....

   

    STEP 1   NAME YOUR WALLET
   STEP 2    CREATE NEW WALLET...SELECT IMPORT BITCOIN ADDRESS
                           On the hot live PC wallet, we will be importing the public address ONLY
   STEP 3    Click on camera tab and scan in front of pc camera
                           the Public address part of your  paper wallet. HIDE THE PRIVATE WALLET, MAKE SURE NOT TO EXPOSE IT TO CAMERA!!
                           As you notice, if bitcoin word is in front of the address then you need to delete the word otherwise the next button will be greyed out.
   STEP 4    Once the public address is on their click on next, a password option is given, if you want to add  you can otherwise hit next.

     
   

    STEP 5  Watch only wallet created meaning the paper wallet public address is on the electrum with no private key which is EXACTLY WHAT YOU WANT! Click OK and the click on the send tab
     STEP 6  Click on camera tab on the pay to box, this will activate your computer camera. SCAN the QR code for the public address you want to send all the funds from your paper wallet to. Then click on MAX on the amount line. You should see the full amount of the balance minus miner fees in this box. Then click PAY
      STEP 7  You can see you have an unsigned transaction in the highlighted box top left. Also I adjusted the miners fee down to 2 sats in the middle highlighted box.
                  In the outputs boxe, you can find the public address where the funds will be sent to. SO double check to confirm it is correct, with the amount to be sent as well.
                  Click FINALIZE
      STEP 8  You now have an UNSIGNED transaction ready to be signed on your air gapped phone. Click on export and then show as QR code.
                   Once the QR raw transaction pops up, scan with you are gapped wallet and the following will come on the screen...

                   

      STEP 9  The unsigned transaction scanned into your air gapped phone will be shown. Click SIGN
      STEP 10  Confirm signing transaction...Click OK
      STEP 11  You can now see on top it says signed and also the transaction ID is shown as well. This is ready to be broadcast as the button is available as well, but since this is an air gapped phone you cannot, so we need to click on the QR code and take back to the live wallet on the PC. Also you can double check amount and pub address where the funds are to be sent to to confirm nothing has changed!!

                     

      STEP 12    On laptop Electrum, On top where the tools tab is click on load transaction and then select QR code. This will activate camera, the scan the QR code raw transaction from your air gapped phone.
      STEP 13    You will see the identical information you have in your air gapped phone come up. Again double check to confirm all is correct! Once ready, click broadcast and your raw transaction has been sent to the blockchain! The payment sent TX id will pop up as well!

                 Hope this helped you all, any questions ask!!


                 To recap...

               
 


█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
iBitcoinHongKong8
Copper Member
Full Member
***
Offline Offline

Activity: 438
Merit: 175


View Profile
December 26, 2020, 07:13:27 PM
 #3

Fantastic thread Krogoth! Absolutely amazing to get this amount of detailed step by step instructions all while remaining as secure and safe as possible. I'd have given more merit but all I had was 1 to send. If I had 50 I would have happily sent you 50! I'm still getting used to Windows and Android so it will take me a while to learn and play around with super small amounts to get comfortable but I want to learn all ways of doing it. I understand how to use Electrum with a MacBook and that's been good, but I want to learn as much as possible and it's threads like these that gift our community with such valuable information and help! Cheers all and thanks again Krogoth. You the man!

iBHK8
Kakmakr
Legendary
*
Offline Offline

Activity: 3388
Merit: 1940

This space is availlable for advertising


View Profile
December 26, 2020, 07:30:34 PM
 #4

Is there any way for someone to hijack the transaction when you go online to sweep the wallet? I have been asking for a method where you do this whole process "Offline" and that the "Private Key" get encrypted, before you go "online" again to finalize the process.

So you would be doing this offline and it only finalizes the process on the Blockchain the moment when you go "online" again. (Difference being that the "Private Key" would be encrypted already, before you go online. (If the packet gets hijacked, the hacker will have an encrypted version of your "Private Key and the "Private Key" will not be in it's raw format on the Internet.)  Wink

Signature space availlable -Just DM me if you need some advertising.
hosseinimr93
Legendary
*
Offline Offline

Activity: 2338
Merit: 5098



View Profile
December 26, 2020, 07:33:23 PM
Last edit: December 26, 2020, 08:24:51 PM by hosseinimr93
Merited by krogothmanhattan (2), vapourminer (1), Steamtyme (1)
 #5

        You can set the mining fees on the app, but IMO they are still too high. With the PC version I can adjust down to 5 Sats but I cannot see that available on the app.
If you change the method to "Static", you will be able to set the transaction fee to lower amounts.
Look at the image below. The fee is only 1 sat/byte.





Is there any way for someone to hijack the transaction when you go online to sweep the wallet? I have been asking for a method where you do this whole process "Offline" and that the "Private Key" get encrypted, before you go "online" again to finalize the process.
The raw transaction doesn't include your private key.

You may ask how nodes validate the transaction without the private key.
When you sign a transaction, you generate a hash and a signature using your private key. For validating the transaction, nodes calculate the hash using your public key and your signature without any need to your private key.
If the hash calculated by nodes matches the hash already generated by you, your transaction is validated.  

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
krogoth
Full Member
***
Offline Offline

Activity: 1204
Merit: 135


Krogothmanhattan alt account


View Profile WWW
December 26, 2020, 07:57:34 PM
 #6

        You can set the mining fees on the app, but IMO they are still too high. With the PC version I can adjust down to 5 Sats but I cannot see that available on the app.
If you change the method to "Static", you will able to set the transaction fee to lower amounts.
Look at the image below. The fee is only 1 sat/byte.





    Awesome to know! Thankyou...it was driving me crazy paying those fees! Will add a new pic once i go back on my main computer...cheers!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>CIPHER BILLS-CIPHER BONDS-CIPHER STAMPS * www.CYPHERHODL.com * COLD STORAGE BITCOIN CERTIFICATES <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Sanglotslongs2
Full Member
***
Offline Offline

Activity: 260
Merit: 129



View Profile
December 26, 2020, 09:01:15 PM
 #7

Nice setup ! As phones are cheaper and cheaper, they are a lot of useless phone, this give them a second life !
But be carefull with the antenna, must be removed to be sure.

Also, QR code transfert are really good, because there is few information, so you will be 100% sure it's legit way to communicate between devices. If you use USB on a computer there is a lot more "memory" available so a virus can possibily steal your coins... QR code ftw Smiley
NotATether
Legendary
*
Offline Offline

Activity: 1540
Merit: 6495


bitcoincleanup.com / bitmixlist.org


View Profile WWW
December 26, 2020, 10:28:43 PM
 #8

     (I tried this but my PC electrum s]crashed everytime I attempted to place the signed transaction back into the PC, so I had no choice but to use 2 Cell phones, one air gapped and the other hot.) The PC electrum allows much better control of mining fees compared to the cell app.

I'm curious to know if Electrum ever displayed a stack trace or at least an error message before exiting. I'm tempted to run it in a Python debugger to see exactly what's going on if it doesn't involve connecting a hardware wallet. I don't have any handy.

  BTC
.
BTC
.
 BTC
.
BTC
..JAMBLER.io..
██
██
██
██
██
██
██

██

██

██

██
YOUR OPPORTUNITY TO
HAVE BITCOIN BUSINESS

██
██
██
██
██
██
██

██

██

██

██
.
  BTC
. BTC
.
.
 
BTC
  BTC
krogoth
Full Member
***
Offline Offline

Activity: 1204
Merit: 135


Krogothmanhattan alt account


View Profile WWW
December 26, 2020, 10:29:15 PM
 #9

Nice setup ! As phones are cheaper and cheaper, they are a lot of useless phone, this give them a second life !
But be carefull with the antenna, must be removed to be sure.

Also, QR code transfert are really good, because there is few information, so you will be 100% sure it's legit way to communicate between devices. If you use USB on a computer there is a lot more "memory" available so a virus can possibily steal your coins... QR code ftw Smiley

  Yes...not all antennas are easily removed. The first cheap phone lg i bought..even the phone professional didnt want to try.

   Then i found this model.  https://youtu.be/ICV7vPF9mPE

    As soon as you remove the battery...the antenna is there...5 screws and its out!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>CIPHER BILLS-CIPHER BONDS-CIPHER STAMPS * www.CYPHERHODL.com * COLD STORAGE BITCOIN CERTIFICATES <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
krogoth
Full Member
***
Offline Offline

Activity: 1204
Merit: 135


Krogothmanhattan alt account


View Profile WWW
December 26, 2020, 10:30:10 PM
Last edit: December 26, 2020, 11:01:06 PM by krogoth
 #10

     (I tried this but my PC electrum s]crashed everytime I attempted to place the signed transaction back into the PC, so I had no choice but to use 2 Cell phones, one air gapped and the other hot.) The PC electrum allows much better control of mining fees compared to the cell app.

I'm curious to know if Electrum ever displayed a stack trace or at least an error message before exiting. I'm tempted to run it in a Python debugger to see exactly what's going on if it doesn't involve connecting a hardware wallet. I don't have any handy.

    An error window did pop up...i will get a pic tomorrow for you.

    Edit...btw...i installed it using a windows installer and also just downloading it and start via exe file directly.

     Via windows installer startup the electrum vanishes.

      Via the exe file directly...the windows error pops up.

       I did in two different computers!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>CIPHER BILLS-CIPHER BONDS-CIPHER STAMPS * www.CYPHERHODL.com * COLD STORAGE BITCOIN CERTIFICATES <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PrimeNumber7
Copper Member
Legendary
*
Offline Offline

Activity: 1610
Merit: 1899

Amazon Prime Member #7


View Profile
December 26, 2020, 11:42:12 PM
 #11

   
      Wipe out all data on cellphone and have it reboot with factory reset, thus cleaning it of any malware of viruses.
I am not sure this is a valid assumption. In theory, malware could modify what your phone does when you initiate a factory reset. I would rather buy a new phone from a random store in person. There is still the possibility your phone will have malware, but it should remove the possibility you will be specifically targeted.
     Install Electrum and then will place it in Airplane mode, disable wifi, disable bluetooth, remove sim card and also remove the antenna thus making it air gapped.
How are you getting electrum onto your phone? Are you downloading it?
krogoth
Full Member
***
Offline Offline

Activity: 1204
Merit: 135


Krogothmanhattan alt account


View Profile WWW
December 26, 2020, 11:47:51 PM
 #12

   
      Wipe out all data on cellphone and have it reboot with factory reset, thus cleaning it of any malware of viruses.
I am not sure this is a valid assumption. In theory, malware could modify what your phone does when you initiate a factory reset. I would rather buy a new phone from a random store in person. There is still the possibility your phone will have malware, but it should remove the possibility you will be specifically targeted.
     Install Electrum and then will place it in Airplane mode, disable wifi, disable bluetooth, remove sim card and also remove the antenna thus making it air gapped.
How are you getting electrum onto your phone? Are you downloading it?

   Yes downloading it before antenna is removed

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>CIPHER BILLS-CIPHER BONDS-CIPHER STAMPS * www.CYPHERHODL.com * COLD STORAGE BITCOIN CERTIFICATES <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
NotATether
Legendary
*
Offline Offline

Activity: 1540
Merit: 6495


bitcoincleanup.com / bitmixlist.org


View Profile WWW
December 26, 2020, 11:48:59 PM
Merited by krogothmanhattan (2)
 #13

   An error window did pop up...i will get a pic tomorrow for you.

    Edit...btw...i installed it using a windows installer and also just downloading it and start via exe file directly.

     Via windows installer startup the electrum vanishes.

      Via the exe file directly...the windows error pops up.

       I did in two different computers!

So this is an error coming from Windows Problem Reporting or something like that name. What's your Windows version?

You don't see a console window appear even briefly? That indicates that Windows was able to run electrum but Electrum itself hit an exception.

I'm not sure how much this will help but if you run Procmon[1] and filter it to capture events from the Electrum program and PM me the saved output, I might be able to see if it has something to do with your Windows installation. From experience I know that Electrum works on a clean windows install.

[1]: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

  BTC
.
BTC
.
 BTC
.
BTC
..JAMBLER.io..
██
██
██
██
██
██
██

██

██

██

██
YOUR OPPORTUNITY TO
HAVE BITCOIN BUSINESS

██
██
██
██
██
██
██

██

██

██

██
.
  BTC
. BTC
.
.
 
BTC
  BTC
krogoth
Full Member
***
Offline Offline

Activity: 1204
Merit: 135


Krogothmanhattan alt account


View Profile WWW
December 26, 2020, 11:52:46 PM
 #14

   An error window did pop up...i will get a pic tomorrow for you.

    Edit...btw...i installed it using a windows installer and also just downloading it and start via exe file directly.

     Via windows installer startup the electrum vanishes.

      Via the exe file directly...the windows error pops up.

       I did in two different computers!

So this is an error coming from Windows Problem Reporting or something like that name. What's your Windows version?

You don't see a console window appear even briefly? That indicates that Windows was able to run electrum but Electrum itself hit an exception.

I'm not sure how much this will help but if you run Procmon[1] and filter it to capture events from the Electrum program and PM me the saved output, I might be able to see if it has something to do with your Windows installation. From experience I know that Electrum works on a clean windows install.

[1]: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

  Will give to all tomorrow...and one computer is brand new dell..so as clean as they come I hope.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>CIPHER BILLS-CIPHER BONDS-CIPHER STAMPS * www.CYPHERHODL.com * COLD STORAGE BITCOIN CERTIFICATES <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
NotATether
Legendary
*
Offline Offline

Activity: 1540
Merit: 6495


bitcoincleanup.com / bitmixlist.org


View Profile WWW
December 26, 2020, 11:55:20 PM
 #15

  Will give to all tomorrow...and one computer is brand new dell..so as clean as they come I hope.

Just make sure that Procmon is capturing events before you start Electrum, or it's going to miss some at the beginning.

  BTC
.
BTC
.
 BTC
.
BTC
..JAMBLER.io..
██
██
██
██
██
██
██

██

██

██

██
YOUR OPPORTUNITY TO
HAVE BITCOIN BUSINESS

██
██
██
██
██
██
██

██

██

██

██
.
  BTC
. BTC
.
.
 
BTC
  BTC
ranochigo
Legendary
*
Offline Offline

Activity: 2940
Merit: 4126



View Profile
December 27, 2020, 02:39:57 AM
 #16

You may ask how nodes validate the transaction without the private key.
When you sign a transaction, you generate a hash and a signature using your private key. For validating the transaction, nodes calculate the hash using your public key and your signature without any need to your private key.
If the hash calculated by nodes matches the hash already generated by you, your transaction is validated.  
To be more specific, the signature is contained in the scriptsig, together with the public key. The validation is done then with the signature in the first ~70ish bytes and the public key at the end. There's no hash but the nodes will calculate the signature with your raw transaction and your private key. The signature encompasses the entire transaction and as with public key cryptography, you only need the public key to match the signature.

I don't think factory reset will necessarily cover all the malware there is, some malware can exploit the privilege escalation to plant itself into the firmware and factory reset won't remove it. It seems pretty hard for the malware to really transfer information anyways so it's not that big of a deal even with malware.

I think using Tails on a USB would be quite convenient as well.



..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
coinableS
Legendary
*
Offline Offline

Activity: 1442
Merit: 1179



View Profile WWW
December 27, 2020, 04:58:29 AM
 #17

Is there any way for someone to hijack the transaction when you go online to sweep the wallet? I have been asking for a method where you do this whole process "Offline" and that the "Private Key" get encrypted, before you go "online" again to finalize the process.

You can build one with bitcoin libraries like nbitcoin or bitcoinjs (for example). Or use one already created by someone else like coinb.in by outkast or coldsigner(https://github.com/coinables/coldsigner) that I made.

The ways these work is basically all you need to create an unsigned bitcoin transaction is (3) things:
  • the transaction ID,
  • output position (vout) and;
  • value.

This is the essential data of a UTXO, and this part is usually done online unless you saved this information ahead of time.

You can now take this data (unsigned bitcoin transaction) offline, sign it with your WIF private key in a secure air-gapped environment, and then it is ready for broadcast.

krogothmanhattan (OP)
Cypher Hodl LLC
Legendary
*
Offline Offline

Activity: 2464
Merit: 3167


The Stone the masons rejected was the cornerstone.


View Profile WWW
December 27, 2020, 03:57:36 PM
Last edit: June 12, 2023, 06:51:55 PM by krogothmanhattan
 #18

  Will give to all tomorrow...and one computer is brand new dell..so as clean as they come I hope.

Just make sure that Procmon is capturing events before you start Electrum, or it's going to miss some at the beginning.

   You would not believe what was causing the error.

    First I bought and installed procman, but before I used it , I tried electrum again, and I noticed instead of going to load transaction I click on sign verify message instead of load a transaction...I guess my brain was a bit fried at that point.

    Anyway, so today I continued and just briefly did a succesful transaction which I tried again to replicate and post in here step by ste with pics.
    Well guess what, at the end at exactly the part where I want to load a transaction with a QR code, to my horror this error came up.

     

      AHHHHHH!!!   Then I have no idea why I thought about it, I realized my electrical tape was still covering my camera ( YES I cover my camera), I restarted electrum and this time it worked like a charm!!!   Cheesy

     You can see the step by step between Laptop and air gapped phone here  https://bitcointalk.org/index.php?topic=5303860.msg55941154#msg55941154

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
PrimeNumber7
Copper Member
Legendary
*
Offline Offline

Activity: 1610
Merit: 1899

Amazon Prime Member #7


View Profile
December 28, 2020, 03:53:02 AM
Merited by vapourminer (2)
 #19

   
      Wipe out all data on cellphone and have it reboot with factory reset, thus cleaning it of any malware of viruses.
I am not sure this is a valid assumption. In theory, malware could modify what your phone does when you initiate a factory reset. I would rather buy a new phone from a random store in person. There is still the possibility your phone will have malware, but it should remove the possibility you will be specifically targeted.
     Install Electrum and then will place it in Airplane mode, disable wifi, disable bluetooth, remove sim card and also remove the antenna thus making it air gapped.
How are you getting electrum onto your phone? Are you downloading it?

   Yes downloading it before antenna is removed
Downloading something from the internet on a cold storage device is not the best of ideas. It is most ideal for a cold storage device to have never touched the internet.

I am also not a fan of using paper wallets as a means of cold storage. If you were to generate a wallet on your cold storage phone, there is a subset of possible vulnerabilities in which your phone could leak your private keys. If you use a paper wallet to store your private keys, you will be subject to the same vulnerabilities as if you were storing the private keys on your phone, and in addition will be subject to additional vulnerabilities when you print your paper wallet, and when you move the private keys from your paper wallet to your cold storage phone.
Evilish
Hero Member
*****
Offline Offline

Activity: 882
Merit: 563


Bitcoin to the moon!


View Profile
December 28, 2020, 05:23:30 AM
 #20

Great post, krogothmanhattan. Good to learn that you can do this with phones too.

I will also add that if you use Coldcard wallet (a hardware wallet), this process becomes a little simpler as the wallet has a built-in way to sign transactions offline. It goes like this:

1) You generate a transaction on Electrum desktop and export it to file as PSBT, copy that file to a MicroSD card
2) Insert the MicroSD card into Coldcard wallet and sign the PSBT
3) Coldcard wallet will generate the final transaction and save that to the MicroSD card
4) Insert the MicroSD card into your PC through a card reader, copy the final transaction, and finalize the transaction on Electrum

Takes a couple minutes to finish the transaction, but it's really the most secure way I've found on signing transactions offline. Your private key never touches your computer or your phone which is great.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!