Setting up an offline wallet

[massivescam]

Hello everyone.

I have a question about setting up an offline wallet containing the private key. After some duckduckgoing about techniques for securing my BTCs, I found a strategy based on maintaining two wallets, one for visualizing, and other for signing, transactions. In which the wallet for signing transactions should be maintained always offline, with the aim of avoiding any sort of capture of the Master Private Key from a hacker.

I "think" I applied this setup correctly, but I want to make sure if my reasoning is right. So, let me explain step by step what I did. In a Linux Tails, I booted the OS in offline mode, and then I generated my pass-and seed-phrases and created my electrum wallet applying a password for encrypting my electrum wallet file. Still in the offline mode, I got the Master Public Key (MPK), from the Electrum dashboard, and then I created another wallet with the recently obtained MPK, this is my visualization wallet. After that, I restarted the computer, and this time I load Tails with internet connection, and then I can watch any on-chain transactions made over my addresses.

If I load my computer allowing internet connection, and my wallet containing my Master Private Key is in this computer (even though encrypted by electrum), it means that my Master Private Key was, at least once, connected to the internet  . Is it right? My concern here is, even though I do not directly expose my Master Private Key to the internet, the fact of allowing my Master Private Key be present in a computer that had, or will have, access to the internet, already introduces a vector of attack. 

If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions?

Thanks for the attention, case there is any misleading point, let me know. Best regards.

[1714856000]

1714856000

[1714856000]

1714856000

[1714856000]

1714856000

[hosseinimr93]

The offline wallet should be created on an airgapped device. This means that it should be created on a device which has been always offline and will be never online . Otherwise, it's not a cold wallet.

If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions?

Yes. You need two devices. One should be offline and the other one should be online.
Whenever you want to make a transaction, you should create an unsigned transaction using the watch-only wallet on the online device, sign it on the offline device and then broadcast it using the online device.

[massivescam]

The offline wallet should be created on an airgapped device. This means that it should be created on a device which has been always offline and will be never online . Otherwise, it's not a cold wallet.

If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions?

Yes. You need two devices. One should be offline and the other one should be online.
Whenever you want to make a transaction, you should create an unsigned transaction using the watch-only wallet on the online device, sign it on the offline device and then broadcast it using the online device.

Thank you very much. Do you have any recommendation on airgapped devices? Because, considering portability, it seems to be quite difficult to keep a whole computer always offline. Thus I would need some hardware wallet off-the-shelf, however, I must take a judicious choice when selecting a hardware wallet, considering open-source software and hardware, and besides that, I must also take into account the seller, in order to guarantee that the seller haven't corrupted the hardware. Going even further, I assume that, I also should not connect this device to any other device, even by USB, thus having a cold wallet that forbids any sort of external connection (other than through its buttons, of course) may be interesting.

Please, correct me case my assumptions are wrong. Best regards.

[bitmover]

Thank you very much. Do you have any recommendation on airgapped devices? Because, considering portability, it seems to be quite difficult to keep a whole computer always offline. Thus I would need some hardware wallet off-the-shelf, however, I must take a judicious choice when selecting a hardware wallet, considering open-source software and hardware, and besides that, I must also take into account the seller, in order to guarantee that the seller haven't corrupted the hardware. Going even further, I assume that, I also should not connect this device to any other device, even by USB, thus having a cold wallet that forbids any sort of external connection (other than through its buttons, of course) may be interesting.

Please, correct me case my assumptions are wrong. Best regards.

I suggest that you buy a hardware wallet.

You are not a professional, and you are not 100% sure about what you are doing.

Creating an airgapped computer is quite difficult and a small mistake is fatal. You can lose your funds.

This forum is crowded about people who were hacked using offline/paper wallets, and they wouldn't be hacked using hardware wallets.

Hardware wallets have problems (privacy, costs , closed source, etc) but they are SAFE.
You can insert your hardware wallet in an infected device and you will be safe. Viruss can't get your coins from your hw.

You can just buy a ledger or trezor wallet and you will not be hacked. Your btc will be safe and you will have peace of mind.

If you follow this airgapped computer path without proper knowledge,  you may make a mistake and lose your money.

Just go to ledger/trezor official website and buy one. No reseller.

[mk4]

I suggest that you buy a hardware wallet.

This. Unless you really wanted to learn, just go the easy route. A Ledger Nano S Plus is approximately 90 USD and a Trezor Model One is like 70 USD. That should be affordable enough if you plan on investing in the long-term.

[Upgrade00]

the fact of allowing my Master Private Key be present in a computer that had, or will have, access to the internet, already introduces a vector of attack. 

The device could have been connected previously to the internet and you do a hard format on it to erase all previous data that was on it, this will work perfectly fine for a airgapped device, your job is to keep it offline going forward.

Creating an airgapped computer is quite difficult and a small mistake is fatal. You can lose your funds.

This forum is crowded about people who were hacked using offline/paper wallets, and they wouldn't be hacked using hardware wallets.

You do not have to be a professional and creating an airgapped device is not difficult, and a small mistake is not fatal either.
I have also not seen a long list of people hacked using offline wallets, I've not seen one even that was hacked. A paper wallet is different from an offline (airgapped) wallet.

Hardware wallets have problems (privacy, costs , closed source, etc) but they are SAFE.
You can insert your hardware wallet in an infected device and you will be safe. Viruss can't get your coins from your hw.

They are not SAFE if they re not private or closed source.

You can just buy a ledger or trezor wallet and you will not be hacked. Your btc will be safe and you will have peace of mind.

Those are poor choice for hardware wallets.

[bitmover]

Hardware wallets have problems (privacy, costs , closed source, etc) but they are SAFE.
You can insert your hardware wallet in an infected device and you will be safe. Viruss can't get your coins from your hw.

They are not SAFE if they re not private or closed source.

Although ledger and trezor have many privacy problems they are indeed safe. And ledger closed source.

Tested for years and no real issues about users losing funds due to manufacturers mistake.

They are not perfect but they are SAFE for newcomers.

[Coyster]

Although ledger and trezor have many privacy problems they are indeed safe. And ledger closed source.

The problem with Ledger is not only a privacy problem, it is a very serious security problem. They (Ledger) propose to split and send their customers recovery phrase to "trusted parties" through the Ledger recover service, that makes them unsafe because the safest way a seed phrase should be backed up is on paper and by only the owner of the funds. The thing is, Ledger recover is a big red flag about the entire Ledger project, and it is enough reason to stay away from the hardware wallet.

[hatshepsut93]

If I load my computer allowing internet connection, and my wallet containing my Master Private Key is in this computer (even though encrypted by electrum), it means that my Master Private Key was, at least once, connected to the internet  . Is it right? My concern here is, even though I do not directly expose my Master Private Key to the internet, the fact of allowing my Master Private Key be present in a computer that had, or will have, access to the internet, already introduces a vector of attack. 

Yes, the whole point of always being offline is to reduce the ways the wallet can be hacked. If you connected it to the Internet before creating a wallet, you could get a malware that will stay in the system and do something like swap your Bitcoin addresses, generate your seed with bad randomness, etc. But this is theory, it's not likely to happen to a verified Linux that simply connected to the Internet. Similarly, connecting after you started using a wallet could allow potential malware to upload the stolen data to its master server.

[sheenshane]

I suggest that you buy a hardware wallet.

You are not a professional, and you are not 100% sure about what you are doing.

Creating an airgapped computer is quite difficult and a small mistake is fatal. You can lose your funds.

I tend to agree with this.
Yes, those air-gapped wallets offer excellent security benefits, they're best suited for users who have a good understanding of the technical aspects of cryptocurrencies and are willing to invest time in learning the setup and usage process.  But, for non-techy people, IMO using a reputable hardware wallet with a more user-friendly interface might be a better option to ensure both security and ease of use.

However, you can try if you pursue yourself using an air-gapped wallet but make sure you already tested it already with a small amount first.

[jrrsparkles]

Thank you very much. Do you have any recommendation on airgapped devices? Because, considering portability, it seems to be quite difficult to keep a whole computer always offline. Thus I would need some hardware wallet off-the-shelf, however, I must take a judicious choice when selecting a hardware wallet, considering open-source software and hardware, and besides that, I must also take into account the seller, in order to guarantee that the seller haven't corrupted the hardware. Going even further, I assume that, I also should not connect this device to any other device, even by USB, thus having a cold wallet that forbids any sort of external connection (other than through its buttons, of course) may be interesting.

Please, correct me case my assumptions are wrong. Best regards.

Considering the fact you are newbie/ average user I recommend you to go with HW which ofcourse has privacy issues but since you mentioned about prioritizing the portability then Hardware wallets are the suitable one. The reputation of Ledger is broken due to the data hacks so the option could be Trezor or something better such as open sourced.

But you should meanwhile attempt to have a complete cold storage via clean air gapped device so there will be no compromise to the security of your funds.

[Gladitorcomeback]

If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions?

Thanks for the attention, case there is any misleading point, let me know. Best regards.

Instead of going through such a long process, if you get a hard wallet for yourself, it is the best option to save your Bitcoin and other assets. Anyone who has capital and can afford a hard wallet, I think it is the safest wallet to store their assets. Currently there are different brands of hard wallets available in the market  but some of them are quite expensive. whereas I am using safe pal wallet which is cheaper and enough for me. ledger will be my top priority but one thing should be kept in mind that always buy from the official website while ordering online. Never order from an online application, because even here scammers can cheat you.

[massivescam]

Thank you very much folks. I really appreciate.