Keeping an Offline Wallet

-By Milly Bitcoin – April 7, 2013.

The safest way to store bitcoins is in an offline wallet.  With Bitcoin the tradeoff for eliminating banks is a that the user is responsible for backing up and securing their wallet.

A wallet is a collection of Bitcoin addresses.  The addresses are pair of cryptographic keys, a public key and a private key.  The public key is related to the Bitcoin address and other people can know your public address.  The PRIVATE key, on the other should stay PRIVATE.  This is the key to your funds.

The PRIVATE keys must stay PRIVATE. 


If the private key is lost you cannot recover the bitcoins, ever.   If the private key is saved to media and that media fails (hard drive, thumb drive, unreadable CD, etc.) you cannot recover the bitcoins.

If someone copies your private key they can take your bitcoins and it is highly unlikely you will ever know who did it.  Also, they transfer coins from your wallet at any time in the future.

If you buy physical bitcoins you must trust the seller because they have the private key.  If a hologram is used the person placing the hologram on the physical item has the private key, etc. This is not recommended for long term storage because there is reason to trust another entity.

One way to store an offline wallet is to use a computer that never connects to the Internet.  An old computer, old laptop, etc. can be used as long as it work along with a thumb drive and you can connect it to a printer.  This does not mean a computer temporarily disconnected from the Internet, it means a computer that NEVER gets connected to the Internet.

-On the computer connected to the Internet download and copy it to the thumb drive.

-Install Bitcoin Armory on the computer that never gets connected to the internet.

-Create a wallet and then follow the direction to create a “watch only” wallet and copy it to the thumb drive.  A “watch only” wallet can receive funds but does not include the private keys so funds cannot be spent.  If the computer with the watch-only wallet gets hacked the funds cannot be stolen.

-Encrypt the wallet on the computer that never gets connected to the Internet.  The passphrase must be remembered to access the wallet.  Lose the passphrase and the coins will be lost if no backup is kept.

-Create  a paper backup.  DO NOT SKIP THIS STEP.  Connect the computer that never gets connected to the Internet.  Make sure the printer is not connected to a network.  Print the paper backup.  The paper backup is not encrypted so anyone who get the paper backup can take the bitcoins if they know what it is.  (identifying information could be removed so it is just a paper full of letters.  Copy the wallet unique ID, Root Key and Chain Code).

-Create another copy of the wallet paper backup and save it at another location.  If your home and computer is damaged by fire, flood, etc. or if you cannot get to your computer you need another backup.  Send to a trusted party, save in a safety deposit box, etc.  If you cannot get to your backup your coins are lost.  For example, if a hurricane hits your town and you cannot get home or to your backup in a safety deposit box your bitcoins are lost.

-Digital backups can also be made.  Make sure your wallet is encrypted so the digital backups are also encrypted.  Remember, if the passphrase used to encrypt the wallet the bitcoins will be lost.

-Use an engraver to record your paper backup.   Paper can break down over time or be destroyed in a fire or flood.  An engraved copy is more resilient.  Remember these backups are not encrypted and anyone can reproduce your wallet from the hard copy backup.  You may want to leave off the reference to Armory or wallets.

-Test restoring your backup!  Do not wait until you lost your wallet to do a test.  Open up Armory on your computer not connected to the Internet and choose the import wallet function and make sure the unique ID matches.

Another way to backup your wallet is to use a passphrase.  This method is less secure and should not be used by beginners.  This method involves taking a cryptographic hash (SHA256) of a passphrase.  Be aware that someone has successfully stolen bitcoins from a wallet by using a password cracker to check common passwords.  Hackers looking to steal bitcoins can run password crackers 24 hours a day 7 days a week to try to crack these passwords.  So something you think may be secure may not stand up to password crackers.  The number of Bitcoin addresses is astronomical and is secure if the addresses are chosen randomly.  By choosing words or passphrases the number of possible addresses is reduced dramatically.

This method is also a way to transfer bitcoins without recording a transaction in the Bitcoin network and in the blockchain.  By creating a wallet via a passphrase the wallet can be turned over to someone else by going them the passphrase and they thus follow these steps to take control of the wallet and all the bitcoins in it.

-Use a SHA256 application or use a web based tool such as this one.  Once you surf to the page disconnect your computer from the Internet before creating a Bitcoin address.  Note that spaces, capitalization, etc. will change the address dramatically.  Make sure you know how to reproduce the address before creating the Bitcoin wallet. 

-Open Bitcoin Armory, create a new wallet.  Double-click on the wallet and choose “import/sweep private keys.”  Take the SHA256 hash that was created from the passphrase and make the appropriate choice whether you created the passphrase yourself or if someone gave it to you. (If someone gave you the passphrase you want to sweep the funds into your wallet.  Otherwise, they will have access to the wallet.)



Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>