Questions to Electrum

[o_e_l_e_o]

If you wanted plausible deniability with a purely software wallet, then I probably wouldn't be using passphrases at all. I would do one of two things:

• Use paper (or other non-digital wallets), which I only ever recover to an airgapped device when I need to spend from them. Keep my different paper wallets hidden in separate locations. If coerced or threatened, I can reveal the existence of one or more paper wallets (and give up the coins on them), while keeping the existence of one or more other paper wallets entirely secret.
• If storing my wallets electronically, then create an encrypted volume with a hidden volume. Store my low value "decoy" wallets behind one decryption key, and my high value wallets behind a second decryption key. If coerced, I can decrypt the volume and give up the low value wallets, while keeping the existence of hidden volume entirely secret.

But these liveOSes i know are read-only Linux Iso-images on CD / USB-Drive. That mean i use Internet with an outdated system, maybe with a lot of leaks.

The one that is most commonly recommended on these forums is Tails.

Could it done with an ordinary Debian with an external USB3.0 hard-drive? It’s fast enough and maintainable. Plug-off and there is a nice harmless computer without any wallet-software. Disk encryption (without /boot) is also possible. And the wallet is not connected permanently to internet.

An airgapped device is not one which is currently disconnected from the internet, but rather one which will never connect to the internet again. There is plenty of malware which can steal your data and then wait for an internet connection to be reestablished before attempting to transmit it.

[Miau222]

The one that is most commonly recommended on these forums is Tails.

Got it, thanks a lot. Installed on an USB-Drive, opened it and found - Electrum. Wow. Looks good.

An airgapped device is not one which is currently disconnected from the internet, but rather one which will never connect to the internet again.

But how does this device interact with the Blockchain / Full-Node? Did you mean an (Android)Mobile without sim and without wlan?

[o_e_l_e_o]

But how does this device interact with the Blockchain / Full-Node?

Via a separate device which does have an internet connection.

The basic principle if you are using Electrum is as follows. You have two computers, one with an internet connection, and another airgapped computer which does not and will never have an internet connection. On the airgapped computer, you create a wallet and back up the seed phrase on paper. This wallet will contain your private keys. From that wallet you export the addresses or the master public key, but never the private keys or the seed phrase. You move these addresses to your online computer, either through a USB drive, or via displaying QR codes on your airgapped computer and scanning them with a camera attached to your online computer.

So now you have a wallet on your online computer which contains only addresses, and no private keys. This is called a watch only wallet. It will monitor your addresses for balance and incoming transactions, but it will be unable to spend any coins (and therefore completely resistant to being hacked) since it does not contain any private keys. When you want to make a transaction, you use this online watch only wallet to create the transaction you want to make, and then save the transaction. You then transfer this unsigned transaction over to your airgapped computer (again either via a clean USB drive or QR codes), sign it on your airgapped computer with the private keys which are safely stored offline, and then transfer the now signed transaction back to your online computer to be broadcast to the network.