The best way to create an offline wallet? Questions.

[TechnoBibble]

Hi,

I am in the process of creating an offline secure wallet to store my BTC. I am wondering the best way to do this? I am quite paranoid about security so would prefer the approach "the more secure the better", even if it is a pain in the backside to do.

So far I have an offline PC (Ubuntu Server, AMD R9 290)

I have the following questions.

1) What is the best software to use to create the wallet? I dont know if I trust bitcoind or bitcoincore, I am even happy to write my own software if it is more secure (what would I need to look into to do this)
2) Is there any software out there apart from what I have mentioned that can do this?
3) I understand on Linux that it will be using /dev/random and /dev/urandom, are these truly random enough or is it worth investing in a hardware RNG? (http://www.entropykey.co.uk/)
4) is there anything else I should take into account, I am going to print it and have a copy of the private key in my safe and in my parents safe, No-one has access to this apart from them.

Thanks for any help.

[1715614227]

1715614227

[siameze]

You seem to be on the right track thus far. I personally use Armory for my offline wallet: https://bitcoinarmory.com/download/

If you do decide to write your own software, that is quite an undertaking! I wish you well.

[hhanh00]

It kinda depends on how convenient vs secure you want it. If it's for pure storage, a multisig paper wallet seems the way to go.

[TechnoBibble]

Thank You both for your replies.

It kinda depends on how convenient vs secure you want it. If it's for pure storage, a multisig paper wallet seems the way to go.

That is a great idea, it did not occur to me to use multisig, certainly something I will be looking into more.

You seem to be on the right track thus far. I personally use Armory for my offline wallet: https://bitcoinarmory.com/download/

If you do decide to write your own software, that is quite an undertaking! I wish you well.

I will look into armory, I like to write my own code so that I KNOW it is safe. I am also looking more into this.

[DannyHamilton]

If you don't trust /dev/random, it isn't necessary to invest in a hardware RNG unless you are going to be generating a LOT of addresses.

If you're only going to be generating a small number of addresses, you can simply roll a good set of dice or give a deck of cards a really good shuffle.  Either of these should give you good random results.

If you really want to write your own code, you'll need to be absolutely certain that you haven't made any mistakes.  One tiny mistake in your code can result in either never being able to access your bitcoins, or in accidentally leaking your private key due to errors in how you implement the cryptography.  That's one of the benefits of using well reviewed open source software.  At least then you know that many people have looked at the code and all agree that there are no fatal errors and it has been well tested by others as well.

Assuming that you still want to write your own program, you'll need to perform 3 basic steps to create a bitcoin address:

Step 1.
Generate a random 256 bit number with sufficient entropy to be used as a private key.

Step 2.
Calculate the compressed ECDSA public key using the Secp256k1 curve.

Step 3.
Convert the generated public key into a WIF bitcoin address.

Additionally, you'll probably want to convert the private key into a WIF bitcoin private key for ease of use later when you want to create transactions that spend the bitcoins that were received at the address.

You also might want to generate QR-Codes for both the private key and the address to make it easier to get the information into a computer later.  Typing private keys and bitcoin addresses is time consuming, tedious, and error prone.

Let me know which of those 5 things you are uncertain about, and I'll point you in the right direction.

[TechnoBibble]

If you don't trust /dev/random, it isn't necessary to invest in a hardware RNG unless you are going to be generating a LOT of addresses.

If you're only going to be generating a small number of addresses, you can simply roll a good set of dice or give a deck of cards a really good shuffle.  Either of these should give you good random results.

If you really want to write your own code, you'll need to be absolutely certain that you haven't made any mistakes.  One tiny mistake in your code can result in either never being able to access your bitcoins, or in accidentally leaking your private key due to errors in how you implement the cryptography.  That's one of the benefits of using well reviewed open source software.  At least then you know that many people have looked at the code and all agree that there are no fatal errors and it has been well tested by others as well.

Assuming that you still want to write your own program, you'll need to perform 3 basic steps to create a bitcoin address:

Step 1.
Generate a random 256 bit number with sufficient entropy to be used as a private key.

Step 2.
Calculate the compressed ECDSA public key using the Secp256k1 curve.

Step 3.
Convert the generated public key into a WIF bitcoin address.

Additionally, you'll probably want to convert the private key into a WIF bitcoin private key for ease of use later when you want to create transactions that spend the bitcoins that were received at the address.

You also might want to generate QR-Codes for both the private key and the address to make it easier to get the information into a computer later.  Typing private keys and bitcoin addresses is time consuming, tedious, and error prone.

Let me know which of those 5 things you are uncertain about, and I'll point you in the right direction.

Thank You for the informative post, I have been doing a LOT of research and I think I have found many open source programs which already do this. especially in Python which I was going to use.

I am going to fork the code though and create a version that prints QR codes and WIF addresses. I think this will be a good learning "elliptic curve". - See what I done there

Really appreciate the post.

[TechnoBibble]

Decided to go for the armory multisig wallet in the end, Used armory on an offline PC which I don't plug in to LAN at all. I have a very redundant but very secure setup stored in 3 separate safes at 3 separate locations. So I don't have a single point of failure, If I were to lose one of the document sets I could still get to my wallet through joining one of the pairs up.

Thanks for this suggestion

[piotr_n]

Hi,

I am in the process of creating an offline secure wallet to store my BTC. I am wondering the best way to do this? I am quite paranoid about security so would prefer the approach "the more secure the better", even if it is a pain in the backside to do.

So far I have an offline PC (Ubuntu Server, AMD R9 290)

I have the following questions.

1) What is the best software to use to create the wallet? I dont know if I trust bitcoind or bitcoincore, I am even happy to write my own software if it is more secure (what would I need to look into to do this)
2) Is there any software out there apart from what I have mentioned that can do this?
3) I understand on Linux that it will be using /dev/random and /dev/urandom, are these truly random enough or is it worth investing in a hardware RNG? (http://www.entropykey.co.uk/)
4) is there anything else I should take into account, I am going to print it and have a copy of the private key in my safe and in my parents safe, No-one has access to this apart from them.

You may also want to check out my software - I created exactly for the reasons you've mentioned; being paranoid about the security.
It's open source and you can easily modify it for your own needs, if you are missing any functionality.
http://www.assets-otc.com/gocoin

[siameze]

Hi,

I am in the process of creating an offline secure wallet to store my BTC. I am wondering the best way to do this? I am quite paranoid about security so would prefer the approach "the more secure the better", even if it is a pain in the backside to do.

So far I have an offline PC (Ubuntu Server, AMD R9 290)

I have the following questions.

1) What is the best software to use to create the wallet? I dont know if I trust bitcoind or bitcoincore, I am even happy to write my own software if it is more secure (what would I need to look into to do this)
2) Is there any software out there apart from what I have mentioned that can do this?
3) I understand on Linux that it will be using /dev/random and /dev/urandom, are these truly random enough or is it worth investing in a hardware RNG? (http://www.entropykey.co.uk/)
4) is there anything else I should take into account, I am going to print it and have a copy of the private key in my safe and in my parents safe, No-one has access to this apart from them.

You may also want to check out my software - I created exactly for the reasons you've mentioned; being paranoid about the security.
It's open source and you can easily modify it for your own needs, if you are missing any functionality.
http://www.assets-otc.com/gocoin

Nice, I am only just becoming familiar with go. I will tinker with this a bit.

[thompete]

Hi,

I am in the process of creating an offline secure wallet to store my BTC. I am wondering the best way to do this? I am quite paranoid about security so would prefer the approach "the more secure the better", even if it is a pain in the backside to do.

So far I have an offline PC (Ubuntu Server, AMD R9 290)

I have the following questions.

1) What is the best software to use to create the wallet? I dont know if I trust bitcoind or bitcoincore, I am even happy to write my own software if it is more secure (what would I need to look into to do this)
2) Is there any software out there apart from what I have mentioned that can do this?
3) I understand on Linux that it will be using /dev/random and /dev/urandom, are these truly random enough or is it worth investing in a hardware RNG? (http://www.entropykey.co.uk/)
4) is there anything else I should take into account, I am going to print it and have a copy of the private key in my safe and in my parents safe, No-one has access to this apart from them.

Thanks for any help.

I have used Armory to do so and it has always been the best to do so . I know a couple of gambling sites as well using Armory to store it offline using armory.

[Reynaldo]

You can try electrum as a offlane wallet too... Here's more information
https://electrum.org/tutorials.html

its a really nice alternative from armory since you wont need to download the whole blockchain to do the broadcasting part.

[bitkilo]

You have probably made a good chose with Armory, i have heard nothing but good from everyone that uses it.
Armory can be a bit advanced for some people and if paranoid like yourself then you have to be 100% in every step you take to create your offline wallet.
To help with my paranoia about setting up cold storage i have ordered a Mycelium Entropy device, you can create a paper wallet without ever being online.
Good luck with whatever you decide on.

[CIYAM]

For those paranoid about security there is also the CIYAM Safe (https://susestudio.com/a/kp8B3G/ciyam-safe) which combines various tools (including bitcoind, vanitygen, scrypt and GPG) so that you can use QR codes to do 100% air-gapped tx signing and also safely keep encrypted backups of your keys online.