HOW are bitcoins stored?

[BitNerd]

If you haven't read it yet, then you really need to read the bitcoin whitepaper before you ask any more questions.  Here's a link to it for you.
https://bitcoin.org/bitcoin.pdf

Once you've read that, let me know if you have any additional questions.

To be honest, I could understand just 10% of what I read, so I left it to read in the future when I understand better about the words/concepts being used.

The wallet stores your private keys.  Electronic wallets also provide a user friendly way to create, sign, and broadcast transactions that re-assign the value that is associated with the bitcoin addresses that are generated from the private keys.  Most wallets also provide a way to keep track of how much value your private keys provide control of.

What do you mean about "bitcoin addresses generated from the private keys"? How exactly does a "private key" (btw what is a private key in the first place) generates a "bitcoin address"? And I´m assuming that means that for every different private key there is a unique BTC address, which means that for each wallet there is at least one unique BTC address, right? So far, I understand that the only thing thieves shouldn´t be able to steal are my "keys", but how can I be sure about that? Isn´t there always a possibility of some keylogger spying what I´m doing?

The typical way is to use the wallet software from the first wallet to create a transaction that assigns the value to an address under the control of the second wallet. The wallet software handles using the private key to generate a digital signature that authorizes the transfer and handles broadcasting that transaction to the network.  Eventually the transaction makes it into the blcokchain and the value is then under the control of the second wallet.

Ops, I guess this answers at least one of my questions, so each wallet does control a unique address in the blockchain, right? So does that mean that a "paper" wallet is a wallet which key is not stored on any computer, and that key is associated with an address on the blockchain? But at least before you note the key down or print, it will have to be shown on the computer, so does that mean keyloggers can still steal it? How can I be 100% sure it will not be stolen, even during the small amount of time I take to put the key on a piece of paper?

Why people say they stored their bitcoins online and they were stolen?

There are services online that will offer to hold the bitcoin for you.  Essentially you transfer control of the value to the service, and then you trust them to send it back to you (or to send it anywhere else that you ask them to send it) whenever you request it.  Many of these services have turned out to be scams.  After the users transfers control of the value to the service, the person that runs the service disappears and keeps control of the bitcoins for themselves.

Yes, but aren´t there cases of BTC stolen from offline wallets too? How can that happen and how that can be prevented with certainty?

And more questions: What prevents the total number of BTC to be higher than 21 million? And what prevents anyone from creating bitcoin?

Thanks for the answers.

[jonald_fyookball]

If you haven't read it yet, then you really need to read the bitcoin whitepaper before you ask any more questions.  Here's a link to it for you.
https://bitcoin.org/bitcoin.pdf

Once you've read that, let me know if you have any additional questions.

To be honest, I could understand just 10% of what I read, so I left it to read in the future when I understand better about the words/concepts being used.

The wallet stores your private keys.  Electronic wallets also provide a user friendly way to create, sign, and broadcast transactions that re-assign the value that is associated with the bitcoin addresses that are generated from the private keys.  Most wallets also provide a way to keep track of how much value your private keys provide control of.

What do you mean about "bitcoin addresses generated from the private keys"? How exactly does a "private key" (btw what is a private key in the first place) generates a "bitcoin address"? And I´m assuming that means that for every different private key there is a unique BTC address, which means that for each wallet there is at least one unique BTC address, right? So far, I understand that the only thing thieves shouldn´t be able to steal are my "keys", but how can I be sure about that? Isn´t there always a possibility of some keylogger spying what I´m doing?

The typical way is to use the wallet software from the first wallet to create a transaction that assigns the value to an address under the control of the second wallet. The wallet software handles using the private key to generate a digital signature that authorizes the transfer and handles broadcasting that transaction to the network.  Eventually the transaction makes it into the blcokchain and the value is then under the control of the second wallet.

Ops, I guess this answers at least one of my questions, so each wallet does control a unique address in the blockchain, right? So does that mean that a "paper" wallet is a wallet which key is not stored on any computer, and that key is associated with an address on the blockchain? But at least before you note the key down or print, it will have to be shown on the computer, so does that mean keyloggers can still steal it? How can I be 100% sure it will not be stolen, even during the small amount of time I take to put the key on a piece of paper?

Why people say they stored their bitcoins online and they were stolen?

There are services online that will offer to hold the bitcoin for you.  Essentially you transfer control of the value to the service, and then you trust them to send it back to you (or to send it anywhere else that you ask them to send it) whenever you request it.  Many of these services have turned out to be scams.  After the users transfers control of the value to the service, the person that runs the service disappears and keeps control of the bitcoins for themselves.

Yes, but aren´t there cases of BTC stolen from offline wallets too? How can that happen and how that can be prevented with certainty?

And more questions: What prevents the total number of BTC to be higher than 21 million? And what prevents anyone from creating bitcoin?

Thanks for the answers.

You're starting to get it.  Keep in mind a wallet can have multiple addresses.  Each address has a private key.
Yes, keyloggers are possible, which is why the highest saftey is with offline computer, also known
as "cold storage".  I really haven't heard of offline bitcoins being stolen.

As far as the issuance of new Bitcoins and the limit of 21 million, that's built into the protocol
code itself.  Every 10 mintues or so, a new block is generated (this process is called mining),
and there's a certain number of coins that the winning miner receives (called a coinbase transaction).
The reward keeps halving about every 4 years, with the last fraction of a coin being awarded
in the year 2140.  The sum of all coin rewards is slightly less than 21 million BTC.

If someone tried to rewrite the code to just give themselves more coins, it wouldn't
be recognized by anyone else on the network.

Private keys generate public addresses via complicated math known as elliptic curve
cryptography, the details of which I won't elaborate on here but you can research
easily.

[BitNerd]

Thanks, Jonald. One more question: Why do bitcoins need to be mined? Why the 21 million weren´t created all together at the beginning of BTC?

[jonald_fyookball]

Thanks, Jonald. One more question: Why do bitcoins need to be mined? Why the 21 million weren´t created all together at the beginning of BTC?

The mining serves two purposes.  First, as an issuance mechanism:   Proof of work
for solving the blocks is much more fair than just giving away the coins (to who?)
at the genesis of the currency.  By offering a free and open competition, anyone
with the resources to mine for Bitcoins can do so, thus establishing an equitable
distribution.

Second, mining serves as a security mechanism for the entire network.  Because
it takes computational work to solve the blocks, no one can just come in and
start adding blocks to the blockchain without participating in the mining process.
This process incentivizes people to spend their resources honestly collecting rewards
because it is more profitable to do so than to try to use those resources to attack
the network.

[BitNerd]

Thanks, Jonald. One more question: Why do bitcoins need to be mined? Why the 21 million weren´t created all together at the beginning of BTC?

The mining serves two purposes.  First, as an issuance mechanism:   Proof of work
for solving the blocks is much more fair than just giving away the coins (to who?)
at the genesis of the currency.  By offering a free and open competition, anyone
with the resources to mine for Bitcoins can do so, thus establishing an equitable
distribution.

Second, mining serves as a security mechanism for the entire network.  Because
it takes computational work to solve the blocks, no one can just come in and
start adding blocks to the blockchain without participating in the mining process.
This process incentives people to spend their resources honestly collecting rewards
because it is more profitable to do so than to try to use those resources to attack
the network.

It´s amazing that someone thought about all of that stuff and programmed the bitcoin to address all of those issues. What I had in mind about to whom the initial 21M would be given - I imagined to the creator of Bitcoin, who would sell them very cheap and then the prices would of course start to raise with time. So I understand he preferred to create a system in which people mine and therefore the system as a whole is more safe from attacks.

And another question: What if Satoshi Nakamoto or whoever made BTC actually, secretly has the control of BTC and can e.g. change the software or take control of certain amounts of BTC? How can anyone be sure no one has control of BTC? Is BTC a software that was designed to be impossible to control? Including by the creators?

[DannyHamilton]

Thanks everyone for the answers.

You're welcome.

Ok, the wallet contains private keys to spend coins. But that must mean that each wallet has a different key, right?

Actually, a wallet is a collection of one or more private keys. Each wallet has a different set of private keys.

Does that mean that each individual wallet must have a different blockchain address?

Yes.  Or more specifically, a wallet has one or more addresses (each private key has exactly one bitcoin address). Each wallet therefore has a different set of addresses.

In other words, if I send 1 BTC from wallet A to wallet B, what I actually did was sending 1 BTC from blockchain address A to blockchain address B?

At a basic user level, this is a pretty good way to think of it.  The technical details are a bit more complex than that.

And the wallets just store the keys to controlling the addresses?

Correct.  The wallet has the private keys that allow you to create digital signatures that can be verified with a matching public key.  The signatures prove that you have the authorization to re-assign that value.

What do you mean about "bitcoin addresses generated from the private keys"? How exactly does a "private key" (btw what is a private key in the first place) generates a "bitcoin address"?

You are asking about some VERY COMPLEX mathematics.  You either need to learn a lot of maths, or you need to be willing to except that the following process has been worked out by expert mathematicians and that it works.

A private key is a VERY BIG number.  A number so big and random that nobody can ever guess it.  From that number using the ECDSA (Elliptic Curve Digital Signature Algorithm) a public key can be generated.  The public key can be safely given out to anybody, and they won't be able to calculate what the private key was that was used to generate it. Any data (such as a bitcoin transaction for example) can be converted into a numeric representation.  Using the private key and the numeric representation of the data, it is possible to calculate another number (a digital signature of that data).  Using the public key, it is possible for anyone to validate that the matching private key was used to generate the signature, even though the private key isn't know.  If any of the data changes (even a single bit), then the digital signature will no longer match, and everyone will know that the data presented was not the data that was signed.  Therefore, it is possible to create and then sign a transaction, and nobody can modify the transaction on you without re-signing the transaction with the private key.  As long as you are the only person that knows the private key, you are the only person that can create valid verifiably signed transactions.

A bitcoin address is a public key that has been converted (through a function called a hash) to a numeric representation.  This number is then represented in base58 resulting in a sequence of letters and numbers.  As such, any private key can generate a single matching public key (through ECDSA) and then that public key converts to a single bitcoin address (through hashing and bas358).

And I´m assuming that means that for every different private key there is a unique BTC address,

Correct.

which means that for each wallet there is at least one unique BTC address, right?

Correct.  Each wallet has a collection of one or more private keys, and therefore has one or more bitcoin addresses.

So far, I understand that the only thing thieves shouldn´t be able to steal are my "keys", but how can I be sure about that?

It is your responsibility to protect your private keys from theft.  Just like it is your responsibility to protect the physical cash in your physical wallet from theft.

Isn´t there always a possibility of some keylogger spying what I´m doing?

If you are using a computer that has malware (such as a keylogger on it), then it is absolutely possible for the private keys (and therefore the bitcoins) to be stolen.  This is why the people who are working with significant amounts of bitcoins will generally use a computer that is not connected to the internet at all.  They will disconnect the internet, completely wipe the hard drive, install a fresh copy of a trusted clean operating system, and use this to generate and store their private keys.  

Ops, I guess this answers at least one of my questions, so each wallet does control a unique address in the blockchain, right?

Correct.  Each wallet controls a set of one or more unique addresses.

So does that mean that a "paper" wallet is a wallet which key is not stored on any computer, and that key is associated with an address on the blockchain?

Correct.  The private key (and frequently the associated bitcoin address) is printed on the paper for safe keeping.  The private key is then wiped from any and all computer systems so that it is impossible for any hacker to access the private key.

But at least before you note the key down or print, it will have to be shown on the computer, so does that mean keyloggers can still steal it?

If you are using a computer that has malware (such as a keylogger on it), then it is absolutely possible for the private keys (and therefore the bitcoins) to be stolen.  This is why the people who are working with significant amounts of bitcoins will generally use a computer that is not connected to the internet at all.  They will disconnect the internet, completely wipe the hard drive, install a fresh copy of a trusted clean operating system, and use this to generate and store their private keys.  

How can I be 100% sure it will not be stolen, even during the small amount of time I take to put the key on a piece of paper?

There is no such thing as 100% sure in this world.  You can get close if you use a computer that is not connected to the internet, has never been connected to the internet, and never will be connected to the internet.  Then wipe all traces of the private key from the hard drive when you are done.  Even then though, it is possible that sombody might have a spy camera watching what you are doing and they can see the paper, or somebody might find where you've hidden the paper.

Yes, but aren´t there cases of BTC stolen from offline wallets too?

Yes.

How can that happen

If the user allowed malware (or any other method) to leak their private keys to someone else, then the bitcoins can be stolen since the person that has the private keys can create transactions and sign them.

and how that can be prevented with certainty?

Protect your private keys.

And more questions: What prevents the total number of BTC to be higher than 21 million?

Consensus.

The entire bitcoin system runs on consensus.  The protocol that every peer is running would refuse to recognize any transaction that creates more than the appropriate amount of bitcoins.  If you could convince enough users to run a different protocol that allows extra bitcoins, then you would have two separate consensus systems, one that recognizes the additional "bitcoins" and one that refuses to recognize them.  This would essentially be another "altcoin".  The creators and users of this system might try to call thier system "bitcoin", and this might cause confusion between users of the "old bitcoin" and users of the "new bitcoin", but the two systems would be incompatible with each other.  They would essentially be two distinct crypto-currencies that are fighting over the same name.

If you could convince EVERYBODY to use software that runs the new protocol that allows additional bitcoins, then bitcoin would allow additional bitcoins.  Fortunately that would be impossible, because I can already tell you with certainty that I will not run such a new protocol.  I'm pretty sure you can find many others that would do the same as me.  As such, while it might be "technically possible" to modify the protocol to allow additional bitcoins, it isn't "realistically possible" since you can't convince EVERY SINGLE BITCOIN USER IN THE ENTIRE WORLD to run a protocol that is modified in that way.

And what prevents anyone from creating bitcoin?

The protocol defines the acceptable way to put new bitcoin value into circulation.  Any other attempt will be rejected by all peers.

And another question: What if Satoshi Nakamoto or whoever made BTC actually, secretly has the control of BTC and can e.g. change the software or take control of certain amounts of BTC? How can anyone be sure no one has control of BTC? Is BTC a software that was designed to be impossible to control? Including by the creators?

The software is open source.  All computer programmers in the world have access to the program so that they can see exactly how it works.  They can compile that program and verify that the resulting executable is exactly the same as the one that is provided for download.  As such, it is impossible to "hide" anything about how bitcoin works.

If it was possible for someone to "take control of certain amounts of BTC", then some programmer somewhere would point that out and other programmers would verify what was being said.  Then nobody would have ever decided to use such a system since it couldn't be trusted.

Thanks for the answers.

You're welcome.

[Braedo]

I reported TKeenan´s post, who implied I am a "moron" and an "idiot" to the moderators. I will also not answer the rest of his post, although I want to, because I refuse to talk to someone so impolite.

You must be so sad and feel so inadequate to the rest of the world. Get a life you dick.

I'm glad you found parts of the post useful - you moron idiot.  (This time I didn't 'imply' but stated explicitly so you could understand even better)

Wow. Your a piece of shit.

[jonald_fyookball]

It´s amazing that someone thought about all of that stuff and programmed the bitcoin to address all of those issues.  

Yes, it is amazing.  That is why Satoshi is hailed as a genius and Bitcoin as a revolutionary invention.

Doubly remarkable is that Satoshi not only created a stunning new concept, but also managed
to nail so many of the particulars in his implementation.

[inigthz]

Here the answer.

https://bitcointalk.org/index.php?topic=7269.0

[biodieselchris]

Just want to weigh in here about one question which had to do with online coins. So this is where I think a lot of people really blow it with the concept of bitcoin. Essentially it is a software protocol that allows people to collectively agree on something (bitcoin is more of an agreement protocol than it is a payment protocol). What everyone is actually agreeing to is the ownership of these "coins" or digital tokens in a distributed ledger. Since these tokens can be traded instantly to anyone in the world almost instantly, now you have a payment protocol assuming the tokens have value, which is ironically self-fulfilling prophecy: the more people that use it the more they say it's worth (by buying it and such). Bitcoin can be more accurately described as an asset IMO (like gold) than a currency.

So for the first time people can exchange tokens with each other in a peer-to-peer fashion which is bitcoin's central functionality (this wasn't possible before bitcoin), so what do people do, they run around and store their coins online at 3rd party websites (like MtGox)! It's kind of insane, and is exactly NOT the point of bitcoin. This is what I think people miss: Here you have a system where you can keep a couple of coins in a personal file on your computer and you voluntarily let someone else hold them for you? Doesn't make sense!

What is bitcoin ownership ultimately? The private key. When 3rd parties gets hacked, this is what they lose to the hackers. Convince yourself:

- download bitcoin and install (block chain takes awhile to sync)
- go to a faucet like freebitco.in and roll for some free coins. You can have 10,000-20,000 satoshi (0.0001 - 0.0002 BTC) in like a week or so. The expected value per roll is about 2 cents, so in 50 rolls you'll have a buck, theoretically. You can roll once an hour. You can even refer people ....  
- Send the coins to your personal bitcoin client (from the above site they auto-withdraw once a week I believe)
- Once received, copy the address you sent them to
- Open the client -> go to help -> debug window -> console
- in the command line area type "dumpprivkey <your bitcoin address>" (no quotes or brackets)
- copy the output (this is the private key!)
- go to this folder (this is where your wallet lives in "wallet.dat") c:\Users\[YOU]\AppData\Roaming\Bitcoin   [note, this is for windows]
- delete wallet.dat (your coins are now toast). You can also just rename it wallet2.dat or something else, or move it to your desktop or whatever, for this exercise.
- reopen bitcoin (it will generate a new, blank, wallet.dat file automatically if you don't have one there)
- go back to the console and type importprivkey <private key>
- your coins come back!

When people make cold-storage, paper wallets they dump the private key and delete all traces of the software. Therefore you really don't even need a wallet file. You just need that private key. You could even memorize, and all of your net bitcoin wealth exists solely in your brain. Imagine that, flying overseas with a memorized key in your head that unlocks $10M in bitcoins. Kind of a cool concept. WITH BITCOIN YOU DON'T OWN ANY COINS. THAT'S JUST A WORD. YOU OWN A PRIVATE KEY.

Lastly, one thing I really enjoy about bitcoin (or any of the 400 alts out there, they really all work the same) is that it is meant to be USED. And I mean beat on like a rented mule. Download the client, play around in the command line area, make several wallets and move some coins around. I mean, if you play around with the client, know of and can manipulate the wallet file, back it up, play with keys and such you are literally 99% further along with bitcoin than the rest of the public, and all of that would take you less than a few hours on a weekend. Welcome to the Top 1%! Not bad for being a noob just earlier today! PLus a lot of the answers to your questions that others have posted in here begin to make a lot of sense, so that's the real benefit of playing around with it, if you really are indeed curious how it works.

[AGD]

This video explains some things about BTC in an easily understandable manner:
https://www.youtube.com/watch?v=ZloHVKk7DHk

[LiteCoinGuy]

also take a look at a hardware wallet:

http://www.coindesk.com/ledger-launches-usb-bitcoin-wallet-bank-grade-security/


secure and cheap

[edward_cullen]

No need to be rude, when people don't know things.

You don't actually store the coins, you store key pairs that according to the public ledger have a balance.

[BitNerd]

Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?

[ujka]

Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?

You can prepare the transaction online, with watch-only wallet, transfer that to offline computer on USB, and sign the transaction with private key there. Signed transaction is then transfered back to online wallet and broadcast to network.
Or use a hardware wallet - private keys are generated there, and never leave.

[BitNerd]

Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?

You can prepare the transaction online, with watch-only wallet, transfer that to offline computer on USB, and sign the transaction with private key there. Signed transaction is then transfered back to online wallet and broadcast to network.
Or use a hardware wallet - private keys are generated there, and never leave.

Hmmm. Interesting, this is actually the point of me having started this thread. All I want is to be completely sure there is no chance of my BTC being stolen. Ok, so let me see if I understand: Prepare the transaction online with a watch-only wallet (which brings the question: what is a watch-only wallet?), then the unsigned (?) transaction goes to offline computer. Inside the offline computer (now disconnected from the online one, so that it can´t be hacked?), the transaction is signed. Then the signed transaction (maybe I put it in a usb so that both the online and offline computers won´t actually connect to each other), then the signed transaction (BTW what is a "signed transaction"?) goes to online computer, then it is done. And in all of the process, a hacker never had even a milisecond of chance of getting my keys, right?

Now my questions are:

-What is a watch-only wallet, how to get one?
-What is an unsigned transaction and what is a signed transaction?
-Should I transport the "unsigned transaction" to the offline computer through a usb, and sign it there, then get it back on the online pc?
-What software in the offline pc will sign the transaction?
-Do I really need an offline pc or can I just unplug the internet, sign the transaction, and then plug it back (or could malware detect, save my key, and later send it to hacker)?

[ujka]

The moment I was writing that reply above, I knew you will be asking that questions.
Sorry, my english is not so good to explain it all.

Will just say this: yes (if you are so paranoid), you need a separate, offline, computer that is used only for bitcoin wallet software, and has no connection to any other computer or network. You put a clean system on it, install wallet software, and use it only for signing transactions.

https://electrum.org/tutorials.html#offline-mpk

[DannyHamilton]

Hmmm. Interesting, this is actually the point of me having started this thread. All I want is to be completely sure there is no chance of my BTC being stolen. Ok, so let me see if I understand: Prepare the transaction online with a watch-only wallet (which brings the question: what is a watch-only wallet?),

A "watch only" wallet is a piece of software that knows what your bitcoin addresses are, but that does not have your private keys.  This software can search the blockchain for unspent transaction outputs sent to those addresses.  The software can use its knowledge of these unspent outputs to tell you how much bitcoin you are able to control and to create unsigned transactions that transfer some of that value wherever you wish.  These unsigned transactions can't be used on the bitcoin network until they are signed, but they can be copied to something external (such as a USB drive or a printed QR Code) and then physically transported to an offline computer.

then the unsigned (?) transaction goes to offline computer.

Correct.

Inside the offline computer (now disconnected from the online one, so that it can´t be hacked?), the transaction is signed.

Correct.

Then the signed transaction (maybe I put it in a usb so that both the online and offline computers won´t actually connect to each other), then the signed transaction (BTW what is a "signed transaction"?)

A signed transaction is a transaction that includes a special number that is unique to the exact specific transaction, and that can only be created with knowledge of the private key, but which can be verified with knowledge of the public key.  I explained this earlier, remember:

Any data (such as a bitcoin transaction for example) can be converted into a numeric representation.  Using the private key and the numeric representation of the data, it is possible to calculate another number (a digital signature of that data).  Using the public key, it is possible for anyone to validate that the matching private key was used to generate the signature, even though the private key isn't know.  If any of the data changes (even a single bit), then the digital signature will no longer match, and everyone will know that the data presented was not the data that was signed.  Therefore, it is possible to create and then sign a transaction, and nobody can modify the transaction on you without re-signing the transaction with the private key.  As long as you are the only person that knows the private key, you are the only person that can create valid verifiably signed transactions.[/i]

goes to online computer, then it is done.

Correct.

And in all of the process, a hacker never had even a milisecond of chance of getting my keys, right?

Unless they break into your home (or business, or wherever you store your offline computer) and physically access the computer and copy the private keys.

Now my questions are:

-What is a watch-only wallet,

You already asked this question earlier.  It has already been answered.

how to get one?

There are a couple of wallets that provide the ability to split the wallet functionality into an online "watch only" wallet and an offline "signing" wallet.  The two most popular are Electrum and Armory.  Armory is a "full node" and stores a complete copy of the blockchain.  Electrum depends on someone running an Electrum server to provide the blockchain information.

-What is an unsigned transaction and what is a signed transaction?

An unsigned transaction is a list of unspent outputs that are to be spent, and a list of scripts that encumber new unspent outputs with a specific requirement before they can be spent.  The most common requirement new outputs are encumbered with is a digital signature from a private key that is associated with a particular bitcoin address.  This transaction doesn't yet have the digital signatures that satisfy the script requirements of the outputs that are being spent.

A signed transaction is the same lists except that each of the outputs in the list of outputs that are being spent includes a digital signature of the transaction that satisfies th signature requirements in the output's script.

-Should I transport the "unsigned transaction" to the offline computer through a usb, and sign it there, then get it back on the online pc?

USB is the most common method.  There is cerrtainly a small risk that the USB could include malware that will affect the offline computer.  If you are truly concerned about that, you might want to look into a non electronic method of transporting data.

-What software in the offline pc will sign the transaction?

There are several pieces of software that can handle that.  Typically it is handled by the offline half software designed for being split into an online and offline functionality, such as Armory or Electrum.

-Do I really need an offline pc or can I just unplug the internet, sign the transaction, and then plug it back

That depends on how concerned you are about malware.

(or could malware detect, save my key, and later send it to hacker)?

Correct.

[Flashman]

 I really haven't heard of offline bitcoins being stolen.

I can't point to a specific example, but it's well known that private keys generated by a "brain wallet" can be insecure, and exhibit vulnerability to dictionary attacks or just plain guessing.

Offline, really just means that the keys cannot be stolen through an internet connection, it does not mean that insecure keys cannot be cracked.

There is a collection of small wallets that have had balance using passphrases from Star Wars films, such as "do or do not there is no try" or "may the force be with you" I am not sure if anyone actually used them or whether they were set up as Easter Eggs.

[BitNerd]

Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?