How to Cold Store Your Bitcoin/Ethereum/Altcoins -- NOT in a Hardware/Paper Wallet!

in #cryptocurrency7 years ago (edited)

Introduction

I've seen it go around and around that the most secure and reliable way of cold storing your various cryptocurrencies are hardware wallets. I've seen people get ridiculous safes and put their little hardware wallet inside of them. This is, however, NOT the best way to store your crypto currency. Hardware wallets are great if you want to be able to use your crypto in large quantities frequently, however there is no reason to use one for true 'cold storage.' It goes against everything that cryptocurrency is built on. It's in the name--cryptocurrency is based on cryptography, and if you believe in cryptocurrency in general to succeed then you also must believe in open-source cryptography, since that is the backbone of what every cryptocurrency is based on. In this article I'll outline why a hardware wallet, paper wallet and safe is not the best way to store your cryptocurrency, and go over what I believe is the best way to store it.

What's Wrong with Hardware/Paper Wallets?

The issue with hardware and paper wallets is two-fold. First, the issue of location. If you are storing your hardware or paper wallet in one place, then if that location is compromised, so are your funds. Basic robbery or theft will compromise your hardware wallet. Even if you store multiple in separate locations relatively close to each other, you are still at risk of a natural disaster like a fire, flood, tornado, etc. destroying multiple locations at once. In the case of a hardware wallet, the fallback is a mnemonic peg that you get when you receive your device that will allow you to recover your funds cryptographically. This is a good solution, but only if used properly. If you stored this peg on paper and in a similar location, that could be gone as well. If you stored it on your computer in plain text, then you are wasting your time with a hardware wallet anyway, because your money is as vulnerable as your computer is, which is what you were trying to avoid. The only solution is to send multiple copies to geographically significant distances from each other, but this is both expensive and introduces multiple extra attack vectors for a possible attacker. Your money is only as safe as the weakest storage location that you put a copy of your paper or hardware wallet.

Second is the issue of how physically safe the storage of your hardware wallet is. It is vulnerable to being stolen just like any other valuable item you have, and is as vulnerable as the safe you put it in. While safes are generally quite, well, safe, they are nowhere near as safe as what can be accomplished with cryptography if used properly. This especially applies to models of safes that are cheaper and not cost-prohibitive for people not storing tens or hundreds of thousands of dollars worth of crypto. Even for those people, though, I will argue that this is not the best option, because of the reasons listed above. In this case, extra caution should be taken to verify each step of the process I will go through below.

A third thing I will mention is cost. A hardware wallet plus a nice safe worth its salt could easily be a significant percentage of the amount people will be storing in crypto for a beginner. For larger sums, this is obviously less of an issue, but is still worth mentioning. A very secure cryptography-based solution can be had for free and if you want to be ultra paranoid, can be done for much less than multiple hardware wallets plus effective safes in multiple locations to put them in.

How to Store Your Coins the Right Way

* Disclaimer: This method is provided as-is, and I am not responsible for any possible loss of money. There are many places that error is possible, and no method is 100% immune to un-forseen attack vectors. 

The method I will propose takes advantage of freely available open source cryptography, using the same standards that are used to encrypt the most highly classified/secret documents in governments all over the world.

The basic idea is as follows:

    1. Securely generate a wallet--a public address and private key pair on a trusted and air-gapped* computer (*an air-gapped doesn't need to be a completely separate computer. It simply means disconnected from the internet. We'll accomplish this by installing a verified version of Tails on a USB key and using it as an amnesiac computer that can be air-gapped simply by unplugging it or turning off the wifi)

    2. Encrypt the private ("secret") key of the generated key-pair using an officially supported algorithm or openssl using salted AES-256 with a strong passphrase that will need to be remembered (ideally) or stored in a trusted password manager

    (optional) 3a. For extra reliability (not security), encrypt the chosen passphrase using an implementation of Shamir's Secret Sharing

    (optional) 3b. Distribute the pieces of the secret to trusted places, which can be later reassembled to regain access to the original password

    4. Store the encrypted private key on multiple secure* cloud storage platforms

* Note: we are not relying on the security of these platforms, we are only using them as contingency to make sure we never lose access to the encrypted private key.

** NOTE 2 (VERY IMPORTANT): This will essentially create the functional equivalent of a paper wallet when sending to it or withdrawing from it. With some currencies, like Ethereum or Ripple, this does not limit functionality and you can use the wallet basically as you would any other wallet, meaning send or withdraw as much or as little as you want at a time. HOWEVER, for some currencies, like Bitcoin, you must withdraw ALL of the funds from your paper wallet at once or else the remainder will be lost. This is because of the concept of Change Addresses. You can read more about this here.

These steps sound simple, and in theory they are, but there are still some possible attack vectors when using this method improperly. In this tutorial I will provide a detailed method that minimizes the possible attack vectors. 

What You Need

  • Two USB sticks, at least 4GB each
  • A paper wallet generator for your chosen cryptocurrency
  • A decent internet connection
  • Enough time to go through this guide carefully

How to Make Your Secure Wallet

I will be walking you through how to do this for three currencies: Bitcoin, Ethereum, and Ripple. The Bitcoin and Ethereum ones are specific to those coins, where the Ripple one can also be used for basically any altcoin that has a paper wallet generator. For Bitcoin and Ethereum, there are officially-supported algorithms for encrypting your private key. For Bitcoin I'll be using bitaddress.org, which implements BIP38. For Ethereum, I'll be using MyEtherWallet.

For Bitcoin

To generate the wallet securely, we'll be using Tails. Go ahead and follow the instructions to install tails here. Make sure you're downloading using BitTorrent, which will cryptographically verify what you've downloaded matches what it should, or using GPG to verify if you know how to use it.

Next, boot up Tails and open up the web browser. Now we'll grab the software we need to do our wallet and passphrase generation. Head to the bitaddress.org github repo and then click on the file bitaddress.org.html. Next, right click on the button that says "Raw" in the upper left of the code editor and choose Save Link As... and save it to the Downloads folder. Then, right click on the Raw button again and choose Copy Link Address... Now, open up a terminal window and type:

> wget --quiet -O - https://raw.githubusercontent.com/pointbiz/bitaddress.org/master/bitaddress.org.html | sha256sum

Replace the url with the url you just copied from the browser. You'll get a string of characters that is the SHA256 sum of the file. Next, navigate to http://bitaddress.org in the browser and take note of the SHA256 sum in the URL. It should look like 

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

where

dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

is the checksum. These two sums should match. Finally, type

> sha256sum ~/Downloads/bitaddress.org.html

This sum should also match the first two. If any of these don't match, you know that one of the files is not legitimate. 

Next,  open a new terminal window and issue the following commands. We are downloading the GPG signing keys for the author of the next piece of software and trusting them so that we can reference them later.

> gpg2 --keyserver pgp.mit.edu --recv-keys 0x63608B66C0929A67 0x37B8284B4B3EBE74 0x2C4C3C144301224F 0x7FFCB72A6522542E
> gpg2 --edit-key FCDD20FDD083C84A5C6404052C4C3C144301224F

At the prompt that comes up type trust then enter a decision of 4 and finally type quit at the subsequent prompt like so:

gpg> trust
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: unknown       validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key) <br>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
Your decision? 4
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: full          validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key)
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> quit

Repeat the same process at the prompt that comes up for this key as well:

gpg2 --edit-key 1C01711C3A0F691D11A9D8BE63608B66C0929A67

Now, clone git repository by running the following commands:

> cd ~/Downloads
> git clone https://github.com/grempe/diceware

Then check the code signature by running

> cd diceware
> git log --show-signature

You should get a message that says gpg: Good signature from "Glenn Rempe (Code Signing Key) . If so, you're good and can continue onto the next steps. Now we can start the process of actually creating the wallet and securing it. At this point, you should disconnect your computer from the internet by either disabling it in Tails or physically unplugging it if you have a wired connection.

"

First, navigate to your Downloads folder and double-click the bitaddress.org.html file we downloaded earlier. When it opens, move your mouse around or type random characters into the box until you unlock the other options which will initially be covered by percentages. Click on the "Bulk Wallet" option. Then,

  1. Deselect the "Compressed Addresses?" option
  2. Change "Rows to Generate" to 1
  3. Check the "BIP38 Encrypt?" option

Now, go back to your Downloads folder and navigate into the diceware folder. Double click on index.html to load the password generator in the browser. Click on one of the green buttons to generate a password of that word length. You should generate a password of at least 7 words, and more if you'd like to be even more careful. Feel free to regenerate as many times to find a set that you like. However, NEVER select words you like from each and assemble them together to create your own because you think they'll be easier to remember or for any other reason. You MUST choose an entirely generated set for this to work. If you want to read more about how this generator works or the rationale behind it, feel free to scroll down and read the rest of the page. If not, find one you like and then copy the password with dashes separating the words. At this point, you can temporarily write down the password on paper as you learn to memorize it, but you will eventually want to destroy any copies that you have of it. See this and this for information on how to memorize the password easier. You should also periodically test yourself to exercise your memory and make sure you remember the password. One way of doing this would be writing it down on paper and then destroying the paper.

Now, take the password you just generated/temporarily wrote down and paste it into the "Passphrase" box in the local bitaddress.org site you had open from the previous step. Then, click Generate. It will think for a minute, and then you'll get an output that looks something like this:

1,"19UhXiZSVkfRjKD4oeJR7TCr8PM4vG9A2H","6PfUAtbzfPjrisggVh4ts5bNcEiDYCmY87A6gPuxcf6xv3YVcFfgLYtmKN"

The 1 just signifies that this is the first wallet in the list. The first string of characters contained in quotes, in this case 19UhXiZSVkfRjKD4oeJR7TCr8PM4vG9A2H, is your bitcoin address, also known as your public key. This is where you will send bitcoins to in order to add them to your wallet. The second, in this case 6PfUAtbzfPjrisggVh4ts5bNcEiDYCmY87A6gPuxcf6xv3YVcFfgLYtmKN, is your encrypted private key. It is in the standard BIP38 format, meaning that when you import it into most reputable bitcoin wallet software, it will automatically detect it as such and ask you to input your password to decrypt it. Since it is encrypted, there is no way to use it without also knowing the password. 

Therefore, feel free to put this anywhere you wish. Write it down, print it out, upload it to the internet wherever you want, etc. As long as you made a password as described above and did not ever put it somewhere it could be stolen, your money will be safe. What I propose to do with it, as one extra layer of security, is to upload this to semi-secure file hosting services like Dropbox, Google Drive, etc. An easy way to do this is to copy your private address and then enter the following in a terminal, replacing the example encrypted private key with your own. 

> cd ~/Desktop
> echo 6PfUAtbzfPjrisggVh4ts5bNcEiDYCmY87A6gPuxcf6xv3YVcFfgLYtmKN > bitcoin_bip38_encrypted_private_key.txt

You can now copy this file from the desktop onto another flash drive and bring it to another computer to upload it to whichever of these sites you wish. You may also want to name it something innocuous so that it's not obvious for a potential attacker what it contains. 

Optional Extra Step: Gain greater reliability using Shared Secrets

What we will be doing here is creating a set of files that can be assembled to recreate your password if you forget it or lose it, or if you die and you want family or someone else to be able to recover your funds. The way this works is you will make a number of files, N, of which a threshold number, T, of those files must be assembled in order to recover the original password. If any less than that number are assembled then you will know nothing about the original file, in our case the password. 

To do this, we will use ssss-split to split our shared secret. Issue this command, replacing the number after -t with how many shares you want to require in order to re-assemble the password, and the number after -n with how many shares to generate total:

> ssss-split -t 6 -n 10

This will create 10 shares, with 6 required to reassemble the secret. You will then be prompted to

Enter the secret, at most 128 ASCII characters:

At which point you will want to paste in the password you used to encrypt your wallet. It will give you an output that looks something like this:

01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
02-fe5bfdec37dba02ee0d3740d615f36bb6c3789f03fd20ba2b513f828ee1a34b5504ecb7499bab9d62dfb537989b9aec4572c8f1d4c0531b5b0c9bdcb02bb
03-f6e63b213b729471e41b42317603072d2ba093af510314aa759ac0f5f43630216b2d6381b3a3ba3854b414fe61c69f812728edd15b996b978031308468270951fce9
04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
07-1c94cd5ab39ae4709f14ed6960b3f7e35a1310cb232e01bda9e8dac30c0eb5d2e55377c32c152507a4e46f425682ad220edb20d31a54ef660b9b811a8b8560c8db04
08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
09-63088deb5acd7995fc2ddbc3868a3dd71153b5d63ac40eb131f17299ed3dd3416ffe0ec2cc1fd4a907eb88c36aff1f513b14d099cfa8a5b54b66cba5efb96ca2ced2
10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414

Each of these, including the numbers at the beginning, are the shares. To save them, you may simply store them in text files. One way to make these files is by doing this for each share, copy/pasting the text of each share and incrementing the share number each time:

> echo 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41 > share1.txt

You should then verify that the text contained in these files are correct. At this point, you should print each one out and store them in secure locations scattered around a large geographical area. You could also distribute them to trusted people or family members to take care of if you wish. If you aren't yet ready to do so, you can save these files to a flash drive and distribute them later, but be VERY CAREFUL that they are never connected to a computer that is exposed to the internet, or a computer that you believe might be compromised. 

In order to reassemble the shares, issue the following command, replacing the number after -t with the number of required shares just as you did in the split process:

> ssss-combine -t 6

It will then prompt you to enter the shares like so. The order does not matter:

Enter 6 shares separated by newlines:
Share [1/6]: 10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414
Share [2/6]: 06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
Share [3/6]: 05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
Share [4/6]: 08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
Share [5/6]: 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
Share [6/6]: 04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
Resulting secret: safari-create-pummel-theater-thermal-jolliness-charbroil-cathedral

You can try out how this process works at the ssss demo page here, but please do not use actual sensitive information on the web version. Just use it to make sure you understand how it works before doing it for real. 

For Ethereum

To generate the wallet securely, we'll be using Tails. Go ahead and follow the instructions to install tails here. Make sure you're downloading using BitTorrent, which will cryptographically verify what you've downloaded matches what it should, or using GPG to verify if you know how to use it.

Next, boot up Tails and open up the web browser. Now we'll grab the software we need to do our wallet and passphrase generation. First, navigate to the MyEtherWallet github releases page and download the latest version as a zip file. It should be called dist-vX.X.X.X.zip.

Next,  open a new terminal window and issue the following commands. We are downloading and trusting the GPG signing keys for the author of the next piece of software, the passphrase generator, so that we can reference them later for verification.

> gpg2 --keyserver pgp.mit.edu --recv-keys 0x63608B66C0929A67 0x37B8284B4B3EBE74 0x2C4C3C144301224F 0x7FFCB72A6522542E
> gpg2 --edit-key FCDD20FDD083C84A5C6404052C4C3C144301224F

At the prompt that comes up type trust then enter a decision of 4 for I trust fully and finally type quit at the subsequent prompt like so:

gpg> trust
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: unknown       validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key) <br>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
  1 = I don't know or won't say
 2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
Your decision? 4
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: full          validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key)
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit

Repeat the same process at the prompt that comes up for this key as well:

> gpg2 --edit-key 1C01711C3A0F691D11A9D8BE63608B66C0929A67

Now, clone git repository by running the following commands:

> cd ~/Downloads
> git clone https://github.com/grempe/diceware

Then check the code signature by running

> cd diceware
> git log --show-signature

You should get a message that says gpg: Good signature from "Glenn Rempe (Code Signing Key) . If so, you're good and can continue onto the next steps. Now we can start the process of actually creating the wallet and securing it. At this point, you should disconnect your computer from the internet by either disabling it in Tails or physically unplugging it if you have a wired connection.

First, navigate to your Downloads folder and open the diceware folder. Double click on index.html to load the password generator in the browser. Click on one of the green buttons to generate a password of that word length. You should generate a password of at least 7 words, and more if you'd like to be even more careful. Feel free to regenerate as many times to find a set that you like. However, NEVER select words you like from each and assemble them together to create your own because you think they'll be easier to remember or for any other reason. You MUST choose an entirely generated set for this to work. If you want to read more about how this generator works or the rationale behind it, feel free to scroll down and read the rest of the page. If not, find one you like and then copy the password with dashes separating the words. At this point, you can temporarily write down the password on paper as you learn to memorize it, but you will eventually want to destroy any copies that you have of it. See this and this for information on how to memorize the password easier. You should also periodically test yourself to exercise your memory and make sure you remember the password. One way of doing this would be writing it down on paper and then destroying the paper.

Next, navigate back to your downloads folder and unzip the dist-vX.X.X.X.zip folder that we downloaded earler by double clicking on it. Then, open the resulting folder and double click on the index.html file contained inside. This will open the MyEtherWallet interface in your browser. Click on the New Wallet tab in the upper left corner. Paste your previously generated password into the space provided and hit the Generate New Wallet button.

Next, click the Download Keystore File button and save it to your downloads folder. This is your encrypted private key. Since it is encrypted, there is no way to use it without also knowing the password. 

Therefore, in theory, feel free to put this anywhere you wish. Write it down, print it out, upload it to the internet wherever you want, etc. As long as you made a password as described above and did not ever put it somewhere it could be stolen, your money will be safe. However, this isn't the most advisable solution, as it is advertising yourself as a target for others. What I propose to do with it, as one extra layer of security, is to upload this to semi-secure file hosting services like Dropbox, Google Drive, etc. To do so, copy your encrypted keystore file from the downloads onto another flash drive and bring it to another computer and upload it to whichever of these sites you wish. You may also want to name it something innocuous so that it's not obvious for a potential attacker what it contains.

Now, click Continue. Do not save your private key file, even though it advises you to do so. Also do not print out this paper wallet, as it is not encrypted. Just click Save Your Address. Now, select the Keystore File option and then select the file you saved earlier.  It will ask you for your password, which you should enter and then click unlock. After a successful decryption, you will be able to scroll down and view your "public" ethereum address. This is where you will send ether to in order to fund your account. You should try sending a small sum of ethereum to the address, reloading the wallet from scratch and unencrypting it again, and making sure the funds show up before transferring large sums into the account.

Optional Extra Step: Gain greater reliability using Shared Secrets

What we will be doing here is creating a set of files that can be assembled to recreate your password if you forget it or lose it, or if you die and you want family or someone else to be able to recover your funds. The way this works is you will make a number of files, N, of which a threshold number, T, of those files must be assembled in order to recover the original password. If any less than that number are assembled then you will know nothing about the original file, in our case the password. 

To do this, we will use ssss-split to split our shared secret. Issue this command, replacing the number after -t with how many shares you want to require in order to re-assemble the password, and the number after -n with how many shares to generate total:

> ssss-split -t 6 -n 10

This will create 10 shares, with 6 required to reassemble the secret. You will then be prompted to

Enter the secret, at most 128 ASCII characters:

At which point you will want to paste in the password you used to encrypt your wallet. It will give you an output that looks something like this:

01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
02-fe5bfdec37dba02ee0d3740d615f36bb6c3789f03fd20ba2b513f828ee1a34b5504ecb7499bab9d62dfb537989b9aec4572c8f1d4c0531b5b0c9bdcb02bbcad4aade
03-f6e63b213b729471e41b42317603072d2ba093af510314aa759ac0f5f43630216b2d6381b3a3ba3854b414fe61c69f812728edd15b996b978031308468270951fce9
04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
07-1c94cd5ab39ae4709f14ed6960b3f7e35a1310cb232e01bda9e8dac30c0eb5d2e55377c32c152507a4e46f425682ad220edb20d31a54ef660b9b811a8b8560c8db04
08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
09-63088deb5acd7995fc2ddbc3868a3dd71153b5d63ac40eb131f17299ed3dd3416ffe0ec2cc1fd4a907eb88c36aff1f513b14d099cfa8a5b54b66cba5efb96ca2ced2
10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414

Each of these, including the numbers at the beginning, are the shares. To save them, you may simply store them in text files. One way to make these files is by doing this for each share, copy/pasting the text of each share and incrementing the share number each time:

> echo 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41 > share1.txt

You should then verify that the text contained in these files are correct. At this point, you should print each one out and store them in secure locations scattered around a large geographical area. You could also distribute them to trusted people or family members to take care of if you wish. If you aren't yet ready to do so, you can save these files to a flash drive and distribute them later, but be VERY CAREFUL that they are never connected to a computer that is exposed to the internet, or a computer that you believe might be compromised. 

In order to reassemble the shares, issue the following command, replacing the number after -t with the number of required shares just as you did in the split process:

> ssss-combine -t 6

It will then prompt you to enter the shares like so. The order does not matter:

Enter 6 shares separated by newlines:
Share [1/6]: 10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414
Share [2/6]: 06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
Share [3/6]: 05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
Share [4/6]: 08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
Share [5/6]: 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
Share [6/6]: 04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
Resulting secret: safari-create-pummel-theater-thermal-jolliness-charbroil-cathedral

You can try out how this process works at the ssss demo page here, but please do not use actual sensitive information on the web version. Just use it to make sure you understand how it works before doing it for real. 

For Ripple/Other Altcoins

To generate the wallet securely, we'll be using Tails. Go ahead and follow the instructions to install tails here. Make sure you're downloading using BitTorrent, which will cryptographically verify what you've downloaded matches what it should, or using GPG to verify if you know how to use it.

Next, boot up Tails and open up the web browser. Now we'll grab the software we need to do our wallet and passphrase generation. First, navigate to the Ripply wallet generator github repo here and then click on the file coldwallet-SHA1-xxxxx. Next, right click on the button that says "Raw" in the upper left of the code editor and choose Save Link As... and save it to the Downloads folder. Then, open a terminal window and enter the following commands:

> cd ~/Downloads
> sha1sum coldwallet-

Press TAB after typing the last one instead of enter and it should autocomplete the file name for you so you don't have to type it all out. After it does, then press enter. You should get a string of characters. Verify that it matches the checksum listed on the home page of the github repository. If it does, you're good.

Next,  open a new terminal window and issue the following commands. We are downloading and trusting the GPG signing keys for the author of the next piece of software, the passphrase generator, so that we can reference them later for verification.

> gpg2 --keyserver pgp.mit.edu --recv-keys 0x63608B66C0929A67 0x37B8284B4B3EBE74 0x2C4C3C144301224F 0x7FFCB72A6522542E
> gpg2 --edit-key FCDD20FDD083C84A5C6404052C4C3C144301224F

At the prompt that comes up type trust then enter a decision of 4 for I trust fully and finally type quit at the subsequent prompt like so:

gpg> trust
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: unknown       validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key) <br>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
Your decision? 4
pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: full          validity: unknown
[ unknown] (1). Glenn Rempe (Code Signing Key)
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> quit

Repeat the same process at the prompt that comes up for this key as well:

> gpg2 --edit-key 1C01711C3A0F691D11A9D8BE63608B66C0929A67

Now, clone git repository by running the following commands:

> cd ~/Downloads
> git clone https://github.com/grempe/diceware

Then check the code signature by running

> cd diceware
> git log --show-signature

You should get a message that says gpg: Good signature from "Glenn Rempe (Code Signing Key) >". If so, you're good and can continue onto the next steps. Now we can start the process of actually creating the wallet and securing it. At this point, you should disconnect your computer from the internet by either disabling it in Tails or physically unplugging it if you have a wired connection.


First, navigate to your Downloads folder and open the diceware folder. Double click on index.html to load the password generator in the browser. Click on one of the green buttons to generate a password of that word length. You should generate a password of at least 7 words, and more if you'd like to be even more careful. Feel free to regenerate as many times to find a set that you like. However, NEVER select words you like from each and assemble them together to create your own because you think they'll be easier to remember or for any other reason. You MUST choose an entirely generated set for this to work. If you want to read more about how this generator works or the rationale behind it, feel free to scroll down and read the rest of the page. If not, find one you like and then copy the password with dashes separating the words. At this point, you can temporarily write down the password on paper as you learn to memorize it, but you will eventually want to destroy any copies that you have of it. See this and this for information on how to memorize the password easier. You should also periodically test yourself to exercise your memory and make sure you remember the password. One way of doing this would be writing it down on paper and then destroying the paper.

Next, navigate back to your downloads folder and double click on the coldwallet-SHA1-xxx.html file that you downloaded earlier to open it in the browser. It should auto generate a public address/private ("secret") key pair. Highlight your secret key and copy it to the clipboard. Then go back to the terminal and issue the following commands, replacing my example private key with your own :

> cd ~/Desktop
> echo snMbyuuwcSC2Cy8jJbT4ib6ko5T2A > ripple_secret_key.txt

Now you should see a text file on your desktop that contains your secret key. Go back to the browser and copy the public ripple address to the clipboard and do the following commands, again replacing my example address with your own.

> echo rN2t3dhPzFiAd2HDZTNW4NrurLmohcXsPG > ripple_address.txt

You should now also have a file called ripple_address.txt on your desktop that contains your public ripple address. You can store this wherever you like, write it down, and share it with anyone. This is the address you will use to send XRP to your wallet. Verify that this and the secret key contained in ripple_secret_key.txt both match the addresses shown in the browser. Now, we will encrypt the secret key using the password we created earlier. To do this, issue the following commands.

> cd ~/Desktop
> openssl enc -aes-256-cbc -salt -in ripple_secret_key.txt -out ripple_secret_key_encrypted.enc

It will then prompt you to enter your password twice. Go back and copy/paste it into the terminal window. It won't appear in the window, but you will be typing it. Paste it in with Ctrl+V and then hit enter.

You should now have your encrypted secret key file on the desktop called ripple_secret_key_encrypted.enc. To verify that this worked, run these commands:

> openssl enc -d -aes-256-cbc -in ripple_secret_key_encrypted.enc

It will then prompt you for the password to decrypt it with. Again, paste or type it in. It should then spit out your original secret key. Verify that it matches with what is contained in your ripple_secret_key.txt file. 

You should now delete the ripple_secret_key_encrypted.txt file. You now have your encrypted secret key, which is called ripple_secret_key_encrypted.enc. Since it is encrypted, there is no way to use it without also knowing the password. 

Therefore, in theory, feel free to put this anywhere you wish. Write it down, print it out, upload it to the internet wherever you want, etc. As long as you made a password as described above and did not ever put it somewhere it could be stolen, your money will be safe. However, this isn't the most advisable solution, as it is advertising yourself as a target for others. What I propose to do with it, as one extra layer of security, is to upload this to semi-secure file hosting services like Dropbox, Google Drive, etc. To do so, copy your encrypted keystore file from the downloads onto another flash drive and bring it to another computer and upload it to whichever of these sites you wish. You may also want to name it something innocuous so that it's not obvious for a potential attacker what it contains.

In the future, in order to decrypt your secret key and import it into whichever Ripple wallet you choose, simply load up Tails (or, if you're on a Mac that you trust, you can use that as well since it comes with openssl installed) and issue the command, replacing path/to/ripple_secret_key_encrypted.enc with the path to wherever you have the encrypted secret key stored. You can also just drag the file from a file browser into the terminal window after typing -in :

> openssl enc -d -aes-256-cbc -in path/to/ripple_secret_key_encrypted.enc

You can then enter the secret key in any ripple wallet you wish. Make sure to only do this on a computer and internet connection that you trust. 

Optional Extra Step: Gain greater reliability using Shared Secrets

What we will be doing here is creating a set of files that can be assembled to recreate your password if you forget it or lose it, or if you die and you want family or someone else to be able to recover your funds. The way this works is you will make a number of files, N, of which a threshold number, T, of those files must be assembled in order to recover the original password. If any less than that number are assembled then you will know nothing about the original file, in our case the password. 

To do this, we will use ssss-split to split our shared secret. Issue this command, replacing the number after -t with how many shares you want to require in order to re-assemble the password, and the number after -n with how many shares to generate total:

> ssss-split -t 6 -n 10

This will create 10 shares, with 6 required to reassemble the secret. You will then be prompted to

Enter the secret, at most 128 ASCII characters:

At which point you will want to paste in the password you used to encrypt your wallet. It will give you an output that looks something like this:

01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
02-fe5bfdec37dba02ee0d3740d615f36bb6c3789f03fd20ba2b513f828ee1a34b5504ecb7499bab9d62dfb537989b9aec4572c8f1d4c0531b5b0c9bdcb02bbcad4aade
03-f6e63b213b729471e41b42317603072d2ba093af510314aa759ac0f5f43630216b2d6381b3a3ba3854b414fe61c69f812728edd15b996b978031308468270951fce9
04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
07-1c94cd5ab39ae4709f14ed6960b3f7e35a1310cb232e01bda9e8dac30c0eb5d2e55377c32c152507a4e46f425682ad220edb20d31a54ef660b9b811a8b8560c8db04
08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
09-63088deb5acd7995fc2ddbc3868a3dd71153b5d63ac40eb131f17299ed3dd3416ffe0ec2cc1fd4a907eb88c36aff1f513b14d099cfa8a5b54b66cba5efb96ca2ced2
10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414

Each of these, including the numbers at the beginning, are the shares. To save them, you may simply store them in text files. One way to make these files is by doing this for each share, copy/pasting the text of each share and incrementing the share number each time:

> echo 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41 > share1.txt

You should then verify that the text contained in these files are correct. At this point, you should print each one out and store them in secure locations scattered around a large geographical area. You could also distribute them to trusted people or family members to take care of if you wish. If you aren't yet ready to do so, you can save these files to a flash drive and distribute them later, but be VERY CAREFUL that they are never connected to a computer that is exposed to the internet, or a computer that you believe might be compromised. 

In order to reassemble the shares, issue the following command, replacing the number after -t with the number of required shares just as you did in the split process:

> ssss-combine -t 6

It will then prompt you to enter the shares like so. The order does not matter:

Enter 6 shares separated by newlines:
Share [1/6]: 10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414
Share [2/6]: 06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
Share [3/6]: 05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
Share [4/6]: 08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
Share [5/6]: 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
Share [6/6]: 04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
Resulting secret: safari-create-pummel-theater-thermal-jolliness-charbroil-cathedral

You can try out how this process works at the ssss demo page here, but please do not use actual sensitive information on the web version. Just use it to make sure you understand how it works before doing it for real. 

Conclusion

Making a wallet that is securely encrypted using a properly-generated and secure password will allow you to do truly secure "cold storage" of your cryptocurrency without the downsides of having to spend lots of money on hardware wallets and safes that could be compromised by traditional theft or natural disasters. Using this method, you can be confident that your coins will be safe from brute force attack. This means that unless someone gains access to your password (through bad practice in handling your password) or gains access to the proper threshold of your shared secret shares (which would hopefully be preventable once you know one or more of the shares is compromised), then your coins will be safe. A traditional safe or bank vault may seem to provide more peace of mind at first glance, but in reality, when properly executed, a cryptographic approach is much more secure and reliable. 

I hope this helps someone! If you see any errors or have comments, or if you have any questions about something that wasn't clear enough, please feel free to leave a comment.

Sort:  

Wow. This post is very well done, and perhaps really took a lot of effort to make.
The thing is, unless we have more than 1 bitcoin this may be an overkill. Especially for non techie people. It really is rare nowadays for a regular household to have an "air gapped computer". So if i've got a quarter of a bitcoin right now it would be impractical for me ( cost-security ratio) to do this. Please don't get me wrong. This is a wonderful Idea, and I could be kicking myself in 10 years when I have 0.25 Bitcoin and I did not took extra efforts to secure it and it will be $50,000 by that time. :)

Thank you! Yes, it is some effort, but actually, an "air-gapped computer" can be the same one you're using right now. Air-gapped just means disconnected from the internet. Using a verified version of Tails and then disconnecting the computer from the internet when actually doing the sensitive generation steps should do the job! Of course, ideally you'd do it on a truly separate air-gapped computer, but that's really not necessary, especially for something like 0.25 bitcoin.

Hope you find it useful, now or in the future haha :)

Wow, I wasn't aware of that too. It's a bit long but this looks really interesting. I hold a small amount of Ethereum and I'll see if I can follow these steps. Thank you @grayolson

Cool! Let me take a look. :)

Great :) You're welcome!

Oh I see, as you can tell I'm one of those non techie guys. Thanks for that, I'll really look into this now since it's possible. Appreciate the response. I'm an avid follower now. Please continue to post more topics like this.

Awesome! Glad to have helped :)

I'm going to bookmark this for future use, when I need it. Very well done tutorial

Hi, great article. I have followed your examples and made it to the part where you compare the checksums of the bitadressorg.org.html.
When i type: wget --quiet -O - url.to.bitadr.org.html
I seem to get the whole file displayed and not the string of the checksum, what am i doing wrong?

Hi, sorry for the late reply. In case it helps, or helps someone in the future, you need to make sure to pipe the output from wget to sha256sum:

wget --quiet -O - url.to.bitadr.org.html | sha256sum

(notice the " | sha256sum" after what you had above). This takes the whole file and sends it to be inputted into the sha256sum program, which will hash the file and give you the output (checksum).

Hey well written article! I had a quick question. I now have a number of alt coins on 2 different exchanges - Cryptopia and Kucoin. Do you know the best way to keep these alt coints safe. For obvious reasons now every wallet will be able to store these alt coins so not quite sure what to do. Also, if you purchase alt coints and you take them out of the exchange platform (cryptopia kucoin) will the value still go up if you transfer to a wallet? I hope that makes sense and appreciate your help!

Loading...