Bitcoin Wiki - User contributions [en]

How to import private keys

2019-08-19T19:39:45Z

Tkalfigo: /* Unlock your wallet */

'''WARNING'''

Before reading this page, users should note that messing with ECDSA private keys is very dangerous and can result in losing bitcoins, even long after the import.
It is recommended that outside of self-generated vanity addresses, users should ''never'' import (or export) private keys.<ref>[https://bitcoin.stackexchange.com/questions/29948/why-doc-says-importing-private-keys-is-so-dangerous Bitcoin StackExchange - Why doc says importing private keys is so dangerous?]</ref><ref>[https://bitcoin.stackexchange.com/questions/18619/why-so-many-warnings-about-importing-private-keys Bitcoin StackExchange - Why so many warnings about importing private keys?]</ref>

= Using Blockchain.info =
As of August 2012, possibly the easiest way to import a private key is using [[Blockchain.info]]'s My Wallet service. When successully imported through the "Import/Export" screen, the bitcoins assigned to a private key can be immediately sent to any Bitcoin address. '''It is extremely risky and not recommended to use Blockchain.info or any online third-party service to import private keys, because they can steal your BitCoins if they have the keys. It's best to import them using bitcoind as described below.'''

= Using BIPS =
As of August 2013, [[File:BIPS.gif|20px|link=https://bips.me]] [[BIPS]] allows for easy import of private key using Paper Wallet - Import. User can choose to type in the private key manually or scan a QR code containing the private key using the camera. The user must wait 6 confirmations for access to the funds, and system is based on batch importation. '''It is extremely risky and not recommended to use BIPS or any online third-party service to import private keys, because they can steal your BitCoins if they have the keys. It's best to import them using bitcoind as described below.'''

= Using Mycelium =
Steps described are with the following settings:
* Export mode enabled
* Aggregated view disabled

== Partial spend from cold storage ==
Use this function if you would like to keep some funds on the paper wallet.
# Download [https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en Mycelium] from the Android Play Store or through iTunes.
# Press the menu button and select "Cold Storage"
# Scan in private key
# Select your destination address
# Select the amount
## Press the blue currency tag at the top to toggle currency.
# Send!

After spending, the private key in memory is destroyed so the paper private key remains somewhat secure. Despite this, best practice is to immediately send the remaining balance to a paper wallet that was generated offline.

== Import key from a paper wallet ==
Use this function if you would like to import a private key so all funds are immediately available for spending.
# Download [https://play.google.com/store/apps/details?id=com.mycelium.wallet&hl=en Mycelium] from the Android Play Store or through iTunes.
# Key Management
# Press the blue '+' symbol
# Scan in private key

After importing this paper private key, you might consider destroying the original so it cannot be found and your funds stolen. Alternatively, you can keep it safe to be used as an offline backup.

= Using bitcoind =
'''If you have Version 7 or later it is now trival.''' See: [[How to import private keys v7+]]

If you are using [[Cold storage]], a [[Paper wallet]] or generating [https://bitcointalk.org/index.php?topic=25804.0 vanity addresses] you may have a need to import a [[Private key]]. Since Bitcoin-QT/bitcoind v0.6.0, you can import private keys using built-in RPC command [[importprivkey]]. Before v0.6.0, you needed to rely on third-party [[wallet.dat]] manipulation tool such as [[Pywallet]].

This article describes how to import a private key through the RPC API of bitcoind, which is a topic for advanced users.

'''Note that importing a key to bitcoind and/or Bitcoin-Qt may be dangerous and is not recommended unless you understand the full details of how it works'''

== Start Bitcoin client ==
Unlike third-party wallet.dat manipulation tools such as [[Pywallet]], you do not have to close the Bitcoin client before proceeding. Instead, you need to start the bitcoind server.
* Close bitcoin-qt and start <code>bitcoind -daemon</code> in Terminal Emulator. The version of bitcoind MUST be the same as bitcoin-qt!

Bitcoin-QT does not enable its RPC interface by default. To enable it:
* Close Bitcoin-QT and restart it with ''bitcoin-qt -server''.

== Unlock your wallet ==
If you have an encrypted wallet (recommended), you need to unlock it temporarily before importing private keys. The RPC command for unlocking an encrypted wallet is ''walletpassphrase <passphrase> <timeout>''. Typing this directly in a bash terminal will leave your wallet passphrase directly in the bash history but there are a couple of techniques you can use to avoid this. Simply add a space before the command:

(space)bitcoind walletpassphrase yourpassphrase 120

Another alternative is to use a bash variable:

read -s -p 'Type your passphrase: ' x
(input your passphrase)
bitcoind walletpassphrase "$x" 120 # Do not set the timeout too long or too short.

== Import Private key(s) ==
The last command unlocked your wallet temporarily for 120 seconds, during which time you must import your private keys. Since private keys can be as important as your passphrase, you may want to use the same techniques as above to prevent their being recorded in bash history (bash variable or space before the command):

(space)bitcoind importprivkey "5yourveryveryveryverylongprivatekeystring" "my-new-key" # "my-new-key" is a label for the key/address pair and is optional

The importing process is now started. Bitcoind will rescan the entire block data to ensure this key has not been used before. This process will take from one to two minutes, depending on your CPU performance. DO NOT abort it before finishing!

To avoid rescanning run the following.

(space)bitcoind importprivkey 5yourveryveryveryverylongprivatekeystring" "label-here" rescan=false

If no errors occurs, the import is a success and Bitcoin-QT users will be able to see the new address in the GUI immediately. If you need to import more keys, just repeat the instructions above. There is currently no command to import a batch of private keys so you will need to wait a minute or two for each key to be imported.

== Cleaning up ==

bitcoind walletlock

This will lock your wallet again (so you don't have to wait for timeout)

unset x
unset y

These commands will clear the passphrase and private key from memory if you used the ''read'' technique. If you started bitcoind, you will need to stop it before Bitcoin-QT will start again:

bitcoind stop

===Deleting Keys===
At some point, you may wish to delete private keys from a wallet.dat file but as of version v0.6.0 of Bitcoin-QT/bitcoind, there is no RPC method available for this purpose.

==References==
<references />

[[Category:Instructional]]

Storing bitcoins

2019-05-11T10:16:38Z

Tkalfigo:

This page is a discussion of the different ways of storing bitcoins, whether for [[Bitcoin as an investment|investment purposes]] or as a [[Bitcoin as a medium of exchange|medium of exchange]].

As bitcoin is a digital asset, it can be very un-intuitive to store safely. Historically many people have lost their coins but with proper understanding the risks can be eliminated. If your bitcoins do end up lost or stolen then there's almost certainly nothing that can be done to get them back.

tl;dr The best way to store bitcoin is to either use a [[hardware wallet]], a [[Multisignature|multisignature wallet]] or a [[Cold storage|cold storage wallet]]. Have your wallet create a [[seed phrase]], write it down on paper and store it in a safe place. The wallet should be backed by your own [[full node]].

== Introduction ==

Storage of bitcoin can be broken down in a few independent goals:

* Protection against accidental loss
* Verification that the bitcoins are genuine
* Privacy and protection against spying
* Protection against theft
* Easy access for spending or moving bitcoins

The art and science of storing bitcoins is about keeping your private keys safe, yet remaining easily available to you when you want to make a transaction. It also requires verifying that you received real bitcoins, and stopping an adversary from spying on you.

[[File:Mnemonic-seed-still-life.jpg|300px|thumb|alt=An example seed phrase written on paper|Example seed phrase on paper.]]

=== Protection from accidental loss ===

In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives or corrupted SSD devices. Through bitter experience it was found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. All good wallet software asks their users to write down the [[seed phrase|seed recovery phrase]] of the wallet. It is worthwhile to keep copies in several locations so that even if your home burns down and nothing remains you can still recover the bitcoins.

As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.

=== Verification and privacy ===

Storing a [[seed phrase]] only stores [[Private key|private keys]], but it cannot tell you if or how many bitcoins you have actually received. For that you need wallet software.

If you received cash banknotes or gold coins as payment, you wouldn't accept them without verifying that the banknotes were genuine and that the gold was real. The same is true with bitcoin. Payments must be genuine or else you may be slipped counterfeit bitcoins and be left out of pocket. The most secure kind of wallet is one which independently verifies ''all'' the rules of bitcoin, known as a [[full node]]. For receiving large volumes it is essential to use wallet software backed by a [[full node]]. If bitcoin is digital gold, then a [[full node]] is your own personal goldsmith who checks that received bitcoin payments are actually real. Lightweight wallets which don't check all of bitcoin's rules are only appropriate for receiving smaller amounts or when you trust the sender. See the article about [[full node|full nodes]].

Your wallet software will also need to learn the history and balance of its wallet. For a lightweight wallet this usually involves querying a third-party server which leads to a privacy problem as that server can spy on you by seeing your entire balance, all your transactions and usually linking it with your IP address. Using a [[full node]] avoids this problem because the software connects directly to the bitcoin p2p network and downloads the entire [[blockchain]], so any adversary will find it much harder to obtain information. See also: [[Anonymity]]

So for verification and privacy, a good storage solution should be backed by a [[full node]] under your own control for use when receiving payments. The [[full node]] wallet on an online computer can be a watch-only wallet. This means that it can detect transaction involving addresses belonging to the user and can display transaction information about them, but still does not have the ability to actually spend the bitcoins.

=== Protection from theft ===

Possession of bitcoins comes from your ability to keep the private keys under your exclusive control. In bitcoin, keys are money. Any malware or hackers who learn what your private keys are can create a valid bitcoin transaction sending your coins to themselves, effectively stealing your bitcoins. The average person's computer is usually vulnerable to malware so that must be taken into account when deciding on storage solutions. Anybody else who discovers a wallet's [[seed phrase]] can steal all the bitcoins, so it must be kept safe and secret like jewels or cash. In particular phrases should not be typed into any website.

[[Seed phrase]]s can store any amount of bitcoins. It doesn't seem secure to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password. See [[Seed phrase#Two-Factor_Seed_Phrases]]

=== Easy access ===

Some users may not need to actually move their bitcoins very often, especially if they [[Bitcoin as an investment|own bitcoin as an investment]]. Other users will want to be able to quickly and easily move their coins. A solution for storing bitcoins should take into account how convenient it is to spend from depending on the user's needs.

=== Summary ===

In summary: bitcoin wallets should be backed up by writing down their [[seed phrase]], this phrase must be kept safe and secret, and when sending or receiving transactions the wallet software should obtain information about the bitcoin network from your own [[full node]].

== Discussion of wallet solutions ==

=== Hardware wallets ===

[[Hardware wallet]]s are special purpose security-hardened devices for storing Bitcoins on a peripheral that is trusted to generate wallet keys and sign transactions.

A [[hardware wallet]] typically holds the private keys in its internal storage and is designed to be malware resistant. The device signs the transactions internally and only transmits the signed transactions to the computer. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins without running any risk even when using an untrustworthy computer. Hardware wallets are relatively user-friendly and are a top solution for holding private keys.

Some downsides are that hardware wallets are physical objects which could be discovered and which prove that you probably own bitcoins. This is worth considering when for example crossing borders. They also cost more than software wallets. Still physical access to a hardware wallet, even though it reduces its security strength, does not mean that the keys are easily compromised. The companies creating them, have gone to great lengths to secure them and, though not impossible, only technically skilled people with specialized equipment have been able to get access to the private keys.

Main article: [[Hardware wallet]]

=== Multisignature wallets ===

A multisignature wallet is one where multiple private keys are required to move the bitcoins instead of a single key, avoiding a single point of failure. These private keys can be spread across multiple machines in various locations with the rationale that malware and hackers are unlikely to infect all of them. The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop and smartphone; any two are required to move the money but the loss of any one does not result in loss of money especially because they can be restored from paper backup.

Multisignature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, as well as being convenient as all keys are online and the wallet user interfaces are typically easy to use. Wallet software [[Electrum]] and [[Armory]] can create multisig wallets. Hardware and multisignature wallets can be combined by having a multisignature wallet with the private keys held on hardware wallets; after all a single hardware wallet is still a single point of failure. Cold storage and multisignature can also be combined, by having the multisignature wallet with the private keys held in cold storage to avoid them being kept online.

Main article: [[Multisignature]]

=== Cold storage wallets ===

A cold wallet generates and stores private wallet keys offline on a clean, newly-installed [https://en.wikipedia.org/wiki/Air_gap_(networking) air-gapped] computer. Payments are received online with a watch-only wallet. Unsigned transactions are generated online, transferred offline for signing, and the signed transaction is transferred online to be broadcast to the Bitcoin network.

This allows funds to be managed offline in [[Cold storage]]. Used correctly a cold wallet is protected against online threats, such as viruses and hackers. Cold wallets are similar to hardware wallets, except that a general purpose computing device is used instead of a special purpose peripheral. The downside is that the transferring of transactions to and fro can be fiddly and unweilding, and less practical for carrying around like a hardware wallet.

Main article: [[Cold storage]]

=== Hot wallets ===

A hot wallet refers to keeping single-signature wallets with private keys kept on an online computer or mobile phone. Most bitcoin wallet software out there is a hot wallet. The bitcoins are easy to spend but are maximally vulnerable to malware or hackers. Hot wallets may be appropriate for small amounts and day-to-day spending.

Main article: [[Hot wallet]]

== Bad wallet ideas ==

=== Custodial wallets ===

Custodial wallets are where an exchange, broker or other third party holds your bitcoins in trust.

The number one rule to storing bitcoin is this: if you don’t hold the private keys, you don’t actually own the assets. There are many historical examples of loss due to custodial wallets: Bitcoinica, Silk Road, Bitfloor, [[Collapse of Mt. Gox|MTGOX]], Sheep Marketplace, BTC-e, Bitstamp, Bitfinex, Bithumb, Cryptsy, Bter, Mintpal and many more<ref>https://bitcointalk.org/index.php?topic=576337</ref>

==== "Isn't it just like keeping your money in a bank?" ====

:There are trade offs with everything, but trusting Coinbase with your Bitcoin is ''not'' the same as trusting a bank with your dollars:

:Suppose 5 people are needed to access the funds, within Coinbase, e.g. the CEO, the tech lead engineer and 3 other senior employees. Suppose one day they wake up and decide to be evil and move all the Bitcoin to some private account of theirs, and perhaps make up a story in the press about how they've been "hacked". You have a serious problem, as you might find there is a protracted legal battle (see MtGox), but you can't actually retrieve the funds unless in some way the company is re-stocked with Bitcoin, or perhaps an equivalent in fiat.

:If on the other hand you controlled the funds with a majority of keys in a multisig i.e. you own both of the two needed keys of a 2-of-3 multisig, then it would always effectively be your bitcoin, even though the third key may belong to a trusted third party custodian. But this also comes with the responsibility that if you get hacked, you lose all your funds. That is why it's prudent, in a 2-of-3 multisig where you have the two needed keys, to have them in separate systems/locations. If one of them fails, you can go to the custodian to supply the third key and transfer your funds again to safety. But the custodian alone, cannot touch your funds just by virtue of having the third key.

:Now, if your bank gets hacked similarly - 5 key operatives in the bank decide to swipe your money and pretend it was external hackers - SWIFT transfers are made to accounts in Russia and China. Here it will always ultimately be at the discretion of legal agencies whether you "actually" still have the money that is stolen. Because dollars are not real, they can be created at a whim<ref>https://en.wikipedia.org/wiki/Fractional-reserve_banking</ref>, and while reversing international transfers is not ''quite'' so simple, very often that reversal can be achieved (e.g. recent SWIFT hack at bangladesh<ref>https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/</ref><ref>https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery</ref> bank; $1 billion stolen, all but $80 million "recovered" (just means wire transfers reversed)). Added to that consider that fiat money is insured, so even when transfers can't be reversed, the money can be "recovered". If too many banks get hacked all at once the Federal Reserve and the government together can make up some "fund" that magically reassigns balances any time they like, with sufficient political will (that's essentially what was happening in 2008 TARP etc).

:So far no insurance company has ever paid out on a Bitcoin company's claim. Worth considering also.

:You might say, since it's risky both ways, why not trust Coinbase? Aren't they more competent in security than me?

:Almost certainly, but this argument has two massive holes in it: (1) because they ''concentrate'' funds they are a massive target for hackers, while you are not - at all. (2) they are a ''trusted third party'' so the situation is strictly worse - not only do you have to trust their security skills, but you also have to trust them not to steal (modulo multisig, as mentioned above) (edited to add: as well as literal stealing, there is things like political confiscation, don't forget).<ref>https://www.reddit.com/r/Bitcoin/comments/5py495/brian_armstrong_controlling_your_own_wealth_as_a/dcve9xx/?context=3</ref>

=== Web wallets ===

Web wallets have all the downsides of custodial wallets (no direct possession, private keys are held by a third party) along with all the downsides of hot wallets (exposed private keys), as well as all the downsides of lightweight wallets (not verifying bitcoin's rules, someone could send you a billion bitcoins and under certain conditions the dumb web wallet would happily accept it)

Someone who needs the easy access of a web wallet should download a lightweight wallet like [[Electrum]].

Main article: [[Browser-based wallet]]

=== Paper wallets ===

So-called [[paper wallets]] are an obsolete and unsafe method of storing bitcoin which should not be recommended to beginners. They simply store a single private/public keypair on paper. They promote [[address reuse]] and require unwieldy and complicated live OS system boots to be safe, they risk theft by printers, and typically rely on [[Javascript cryptography]].

Paper wallets also do not provide any method of displaying to the user when money has arrived. There's no practical way to use a [[full node]] wallet. Users are typically driven to use third-party blockchain explorers which can lie to them and spy on them.

A much better way to accomplish what paper wallets do is to use [[seed phrase]]s instead.

Main article: [[Paper wallets]]

=== Cloud storage ===

This means storing your encrypted (or not) wallet file on a cloud storage solution such as Dropbox, or emailing them to yourself on gmail. This very similar to trusting a custodial wallet service, and is not recommended for the same reasons<ref>https://www.reddit.com/r/Bitcoin/comments/8i6via/28_btc_stolen_10_btc_reward_please_help/</ref>. You might say you use encryption for two-factor authentication, but uploading the wallet to the cloud reduces this to one-factor.

=== Removable media ===

This refers to storing wallet files on removable media like SSD or hard drives.

Refer to the warnings from these two links:

* https://www.reddit.com/r/Bitcoin/comments/6nj0eb/reminder_beware_of_data_rot_always_make_paper/

* https://tedjonesweb.blogspot.co.uk/2017/08/do-not-use-flash-memory-ssd-drives.html

Those articles recommend using GPG for encryption or a printer, instead a better solution is [[seed phrase]]s.

== Other ideas ==

=== Time-locked wallets ===

An interesting unconventional solution. The idea is to use [[Timelock|time-lock contracts]] to create a wallet which cannot be spent from until a certain date. One possible use-case might be by a gambling addict who locks up money for paying bills for a month, after a month has passed and their time-lock wallet is opened they use that money for paying bills instead of gambling. This is the equivalent proposal towards compulsive shoppers to freeze their credit card in a block of ice, so when they feel the urge to immediately buy something they see on the TV, they will need to wait for the block to melt until they can retrieve the credit card to be able to place the order. This hopefully gives them the time to cool off, and reconsider an otherwise meaningless purchase.

Time lock wallets don't exist yet except for simple [https://coinb.in/#newTimeLocked javascript pages] which rely on [[Javascript cryptography]] and are therefore not safe.

=== Consulting ===

If you intend to store a very large amount of bitcoins, for example in a business, you should consider paying for security consulting.

== The 5 dollar wrench attack ==

[[File:Security.png|400px|none|alt=xkcd comic on the 5 dollar wrench attack.]]

It's sometimes said that all this security is worthless because the $5 wrench attack can be used.

There are two ways to beat this attack: by hiding or by defending yourself.

Stored bitcoins are not secured by [[seed phrase]]s, [[hardware wallet]]s, [[multisignature]], passwords, hash functions or anything like that; they are secured by ''people''.

Technology is never the root of system security. Technology is a tool to help people secure what they value. Security requires people to act. A server cannot be secured by a firewall if there is no lock on the door to the server room, and a lock cannot secure the server room without a guard to monitor the door, and a guard cannot secure the door without risk of personal harm.<ref>[https://github.com/libbitcoin/libbitcoin/wiki/Risk-Sharing-Principle Libbitcoin wiki Risk Sharing Principle]</ref>.

Bitcoin is no different. The technology discussed on this page is only a tool to tip the scales in the defender's favour. Following from this principle, the way to beat the $5 wrench attack is to bear arms. Either your own, or employ guards, or use a safety deposit box, or rely on the police forces and army; or whatever may be appropriate and proportionate in your situation. If someone physically overpowers you then no technology on Earth can save your bitcoins. You can't be your own bank without bank-level security.

See Also: [https://twitter.com/i/moments/942083114385281024 Guns + Bitcoin Hardware Wallets]

== Further reading ==

* [https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md SmartCustody: Simple Self-Custody Cold Storage Scenario]

* https://bitzuma.com/posts/a-gentle-introduction-to-bitcoin-cold-storage/

* https://medium.com/@lopp/thoughts-on-secure-storage-of-bitcoins-and-other-crypto-assets-210cadabb53d

* https://medium.com/@michaelflaxman/how-should-i-store-my-bitcoin-43874ac208e4

* Two-factor authentication on custodial wallets doesn't work as well as you might think https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac

* This is why you shouldn’t use texts for two-factor authentication https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin Hacking 2FA based on SMS is easy.

==References==
<references />

[[Category:Security]]

Storing bitcoins

2019-05-11T10:15:23Z

Tkalfigo:

This page is a discussion of the different ways of storing bitcoins, whether for [[Bitcoin as an investment|investment purposes]] or as a [[Bitcoin as a medium of exchange|medium of exchange]].

As bitcoin is a digital asset, it can be very un-intuitive to store safely. Historically many people have lost their coins but with proper understanding the risks can be eliminated. If your bitcoins do end up lost or stolen then there's almost certainly nothing that can be done to get them back.

tl;dr The best way to store bitcoin is to either use a [[hardware wallet]], a [[Multisignature|multisignature wallet]] or a [[Cold storage|cold storage wallet]]. Have your wallet create a [[seed phrase]], write it down on paper and store it in a safe place. The wallet should be backed by your own [[full node]].

== Introduction ==

Storage of bitcoin can be broken down in a few independent goals:

* Protection against accidental loss
* Verification that the bitcoins are genuine
* Privacy and protection against spying
* Protection against theft
* Easy access for spending or moving bitcoins

The art and science of storing bitcoins is about keeping your private keys safe, yet remaining easily available to you when you want to make a transaction. It also requires verifying that you received real bitcoins, and stopping an adversary from spying on you.

[[File:Mnemonic-seed-still-life.jpg|300px|thumb|alt=An example seed phrase written on paper|Example seed phrase on paper.]]

=== Protection from accidental loss ===

In the past many people have accidentally lost bitcoins because of failed backups, mistyped letters, forgotten hard drives or corrupted SSD devices. Through bitter experience it was found that one of the most practical storage mediums is '''pencil and paper'''. The private keys of a bitcoin wallet are encoded into [[seed phrase|random words from a dictionary]] which can be written down. If your hard drive crashes, you can find the paper with the [[seed phrase]] and restore the entire wallet. All good wallet software asks their users to write down the [[seed phrase|seed recovery phrase]] of the wallet. It is worthwhile to keep copies in several locations so that even if your home burns down and nothing remains you can still recover the bitcoins.

As [[seed phrase]]s use natural language words, they have good error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be deduced. The [[Seed_phrase#Word_Lists|word list]] that the seed phrase words are drawn from is carefully chosen so that the first four letters of each word are enough to uniquely identify it.

=== Verification and privacy ===

Storing a [[seed phrase]] only stores [[Private key|private keys]], but it cannot tell you if or how many bitcoins you have actually received. For that you need wallet software.

If you received cash banknotes or gold coins as payment, you wouldn't accept them without verifying that the banknotes were genuine and that the gold was real. The same is true with bitcoin. Payments must be genuine or else you may be slipped counterfeit bitcoins and be left out of pocket. The most secure kind of wallet is one which independently verifies ''all'' the rules of bitcoin, known as a [[full node]]. For receiving large volumes it is essential to use wallet software backed by a [[full node]]. If bitcoin is digital gold, then a [[full node]] is your own personal goldsmith who checks that received bitcoin payments are actually real. Lightweight wallets which don't check all of bitcoin's rules are only appropriate for receiving smaller amounts or when you trust the sender. See the article about [[full node|full nodes]].

Your wallet software will also need to learn the history and balance of its wallet. For a lightweight wallet this usually involves querying a third-party server which leads to a privacy problem as that server can spy on you by seeing your entire balance, all your transactions and usually linking it with your IP address. Using a [[full node]] avoids this problem because the software connects directly to the bitcoin p2p network and downloads the entire [[blockchain]], so any adversary will find it much harder to obtain information. See also: [[Anonymity]]

So for verification and privacy, a good storage solution should be backed by a [[full node]] under your own control for use when receiving payments. The [[full node]] wallet on an online computer can be a watch-only wallet. This means that it can detect transaction involving addresses belonging to the user and can display transaction information about them, but still does not have the ability to actually spend the bitcoins.

=== Protection from theft ===

Possession of bitcoins comes from your ability to keep the private keys under your exclusive control. In bitcoin, keys are money. Any malware or hackers who learn what your private keys are can create a valid bitcoin transaction sending your coins to themselves, effectively stealing your bitcoins. The average person's computer is usually vulnerable to malware so that must be taken into account when deciding on storage solutions. Anybody else who discovers a wallet's [[seed phrase]] can steal all the bitcoins, so it must be kept safe and secret like jewels or cash. In particular phrases should not be typed into any website.

[[Seed phrase]]s can store any amount of bitcoins. It doesn't seem secure to possibly have enough money to purchase the entire building just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password. See [[Seed phrase#Two-Factor_Seed_Phrases]]

=== Easy access ===

Some users may not need to actually move their bitcoins very often, especially if they [[Bitcoin as an investment|own bitcoin as an investment]]. Other users will want to be able to quickly and easily move their coins. A solution for storing bitcoins should take into account how convenient it is to spend from depending on the user's needs.

=== Summary ===

In summary: bitcoin wallets should be backed up by writing down their [[seed phrase]], this phrase must be kept safe and secret, and when sending or receiving transactions the wallet software should obtain information about the bitcoin network from your own [[full node]].

== Discussion of wallet solutions ==

=== Hardware wallets ===

[[Hardware wallet]]s are special purpose security-hardened devices for storing Bitcoins on a peripheral that is trusted to generate wallet keys and sign transactions.

A [[hardware wallet]] typically holds the private keys in its internal storage and is designed to be malware resistant. The device signs the transactions internally and only transmits the signed transactions to the computer. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins without running any risk even when using an untrustworthy computer. Hardware wallets are relatively user-friendly and are a top solution for holding private keys.

Some downsides are that hardware wallets are physical objects which could be discovered and which prove that you probably own bitcoins. This is worth considering when for example crossing borders. They also cost more than software wallets. Still physical access to a hardware wallet, even though it reduces its security strength, does not mean that the keys are easily compromised. The companies creating them, have gone to great lengths to secure them and, though not impossible, only technically skilled people with specialized equipment have been able to get access to the private keys.

Main article: [[Hardware wallet]]

=== Multisignature wallets ===

A multisignature wallet is one where multiple private keys are required to move the bitcoins instead of a single key, avoiding a single point of failure. These private keys can be spread across multiple machines in various locations with the rationale that malware and hackers are unlikely to infect all of them. The multisig wallet can be of the m-of-n type where any m private keys out of a possible n are required to move the money. For example a 2-of-3 multisig wallet might have your private keys spread across a desktop, laptop and smartphone; any two are required to move the money but the loss of any one does not result in loss of money especially because they can be restored from paper backup.

Multisignature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, as well as being convenient as all keys are online and the wallet user interfaces are typically easy to use. Wallet software [[Electrum]] and [[Armory]] can create multisig wallets. Hardware and multisignature wallets can be combined by having a multisignature wallet with the private keys held on hardware wallets; after all a single hardware wallet is still a single point of failure. Cold storage and multisignature can also be combined, by having the multisignature wallet with the private keys held in cold storage to avoid them being kept online.

Main article: [[Multisignature]]

=== Cold storage wallets ===

A cold wallet generates and stores private wallet keys offline on a clean, newly-installed [https://en.wikipedia.org/wiki/Air_gap_(networking) air-gapped] computer. Payments are received online with a watch-only wallet. Unsigned transactions are generated online, transferred offline for signing, and the signed transaction is transferred online to be broadcast to the Bitcoin network.

This allows funds to be managed offline in [[Cold storage]]. Used correctly a cold wallet is protected against online threats, such as viruses and hackers. Cold wallets are similar to hardware wallets, except that a general purpose computing device is used instead of a special purpose peripheral. The downside is that the transferring of transactions to and fro can be fiddly and unweilding, and less practical for carrying around like a hardware wallet.

Main article: [[Cold storage]]

=== Hot wallets ===

A hot wallet refers to keeping single-signature wallets with private keys kept on an online computer or mobile phone. Most bitcoin wallet software out there is a hot wallet. The bitcoins are easy to spend but are maximally vulnerable to malware or hackers. Hot wallets may be appropriate for small amounts and day-to-day spending.

Main article: [[Hot wallet]]

== Bad wallet ideas ==

=== Custodial wallets ===

Custodial wallets are where an exchange, broker or other third party holds your bitcoins in trust.

The number one rule to storing bitcoin is this: if you don’t hold the private keys, you don’t actually own the assets. There are many historical examples of loss due to custodial wallets: Bitcoinica, Silk Road, Bitfloor, [[Collapse of Mt. Gox|MTGOX]], Sheep Marketplace, BTC-e, Bitstamp, Bitfinex, Bithumb, Cryptsy, Bter, Mintpal and many more<ref>https://bitcointalk.org/index.php?topic=576337</ref>

==== "Isn't it just like keeping your money in a bank?" ====

:There are trade offs with everything, but trusting Coinbase with your Bitcoin is ''not'' the same as trusting a bank with your dollars:

:Suppose 5 people are needed to access the funds, within Coinbase, e.g. the CEO, the tech lead engineer and 3 other senior employees. Suppose one day they wake up and decide to be evil and move all the Bitcoin to some private account of theirs, and perhaps make up a story in the press about how they've been "hacked". You have a serious problem, as you might find there is a protracted legal battle (see MtGox), but you can't actually retrieve the funds unless in some way the company is re-stocked with Bitcoin, or perhaps an equivalent in fiat.

:If on the other hand you controlled the funds with a majority of keys in a multisig i.e. you own both of the two needed keys of a 2-of-3 multisig, then it would always effectively be your bitcoin, even though the third key may belong to a trusted third party custodian. But this also comes with the responsibility that if you get hacked, you lose all your funds. That is why it's prudent, in a 2-of-3 multisig where you have the two needed keys, to have them in separate systems/locations. If one of them fails, you can go to the custodian to supply the third key and transfer your funds again to safety.

:Now, if your bank gets hacked similarly - 5 key operatives in the bank decide to swipe your money and pretend it was external hackers - SWIFT transfers are made to accounts in Russia and China. Here it will always ultimately be at the discretion of legal agencies whether you "actually" still have the money that is stolen. Because dollars are not real, they can be created at a whim<ref>https://en.wikipedia.org/wiki/Fractional-reserve_banking</ref>, and while reversing international transfers is not ''quite'' so simple, very often that reversal can be achieved (e.g. recent SWIFT hack at bangladesh<ref>https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/</ref><ref>https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery</ref> bank; $1 billion stolen, all but $80 million "recovered" (just means wire transfers reversed)). Added to that consider that fiat money is insured, so even when transfers can't be reversed, the money can be "recovered". If too many banks get hacked all at once the Federal Reserve and the government together can make up some "fund" that magically reassigns balances any time they like, with sufficient political will (that's essentially what was happening in 2008 TARP etc).

:So far no insurance company has ever paid out on a Bitcoin company's claim. Worth considering also.

:You might say, since it's risky both ways, why not trust Coinbase? Aren't they more competent in security than me?

:Almost certainly, but this argument has two massive holes in it: (1) because they ''concentrate'' funds they are a massive target for hackers, while you are not - at all. (2) they are a ''trusted third party'' so the situation is strictly worse - not only do you have to trust their security skills, but you also have to trust them not to steal (modulo multisig, as mentioned above) (edited to add: as well as literal stealing, there is things like political confiscation, don't forget).<ref>https://www.reddit.com/r/Bitcoin/comments/5py495/brian_armstrong_controlling_your_own_wealth_as_a/dcve9xx/?context=3</ref>

=== Web wallets ===

Web wallets have all the downsides of custodial wallets (no direct possession, private keys are held by a third party) along with all the downsides of hot wallets (exposed private keys), as well as all the downsides of lightweight wallets (not verifying bitcoin's rules, someone could send you a billion bitcoins and under certain conditions the dumb web wallet would happily accept it)

Someone who needs the easy access of a web wallet should download a lightweight wallet like [[Electrum]].

Main article: [[Browser-based wallet]]

=== Paper wallets ===

So-called [[paper wallets]] are an obsolete and unsafe method of storing bitcoin which should not be recommended to beginners. They simply store a single private/public keypair on paper. They promote [[address reuse]] and require unwieldy and complicated live OS system boots to be safe, they risk theft by printers, and typically rely on [[Javascript cryptography]].

Paper wallets also do not provide any method of displaying to the user when money has arrived. There's no practical way to use a [[full node]] wallet. Users are typically driven to use third-party blockchain explorers which can lie to them and spy on them.

A much better way to accomplish what paper wallets do is to use [[seed phrase]]s instead.

Main article: [[Paper wallets]]

=== Cloud storage ===

This means storing your encrypted (or not) wallet file on a cloud storage solution such as Dropbox, or emailing them to yourself on gmail. This very similar to trusting a custodial wallet service, and is not recommended for the same reasons<ref>https://www.reddit.com/r/Bitcoin/comments/8i6via/28_btc_stolen_10_btc_reward_please_help/</ref>. You might say you use encryption for two-factor authentication, but uploading the wallet to the cloud reduces this to one-factor.

=== Removable media ===

This refers to storing wallet files on removable media like SSD or hard drives.

Refer to the warnings from these two links:

* https://www.reddit.com/r/Bitcoin/comments/6nj0eb/reminder_beware_of_data_rot_always_make_paper/

* https://tedjonesweb.blogspot.co.uk/2017/08/do-not-use-flash-memory-ssd-drives.html

Those articles recommend using GPG for encryption or a printer, instead a better solution is [[seed phrase]]s.

== Other ideas ==

=== Time-locked wallets ===

An interesting unconventional solution. The idea is to use [[Timelock|time-lock contracts]] to create a wallet which cannot be spent from until a certain date. One possible use-case might be by a gambling addict who locks up money for paying bills for a month, after a month has passed and their time-lock wallet is opened they use that money for paying bills instead of gambling. This is the equivalent proposal towards compulsive shoppers to freeze their credit card in a block of ice, so when they feel the urge to immediately buy something they see on the TV, they will need to wait for the block to melt until they can retrieve the credit card to be able to place the order. This hopefully gives them the time to cool off, and reconsider an otherwise meaningless purchase.

Time lock wallets don't exist yet except for simple [https://coinb.in/#newTimeLocked javascript pages] which rely on [[Javascript cryptography]] and are therefore not safe.

=== Consulting ===

If you intend to store a very large amount of bitcoins, for example in a business, you should consider paying for security consulting.

== The 5 dollar wrench attack ==

[[File:Security.png|400px|none|alt=xkcd comic on the 5 dollar wrench attack.]]

It's sometimes said that all this security is worthless because the $5 wrench attack can be used.

There are two ways to beat this attack: by hiding or by defending yourself.

Stored bitcoins are not secured by [[seed phrase]]s, [[hardware wallet]]s, [[multisignature]], passwords, hash functions or anything like that; they are secured by ''people''.

Technology is never the root of system security. Technology is a tool to help people secure what they value. Security requires people to act. A server cannot be secured by a firewall if there is no lock on the door to the server room, and a lock cannot secure the server room without a guard to monitor the door, and a guard cannot secure the door without risk of personal harm.<ref>[https://github.com/libbitcoin/libbitcoin/wiki/Risk-Sharing-Principle Libbitcoin wiki Risk Sharing Principle]</ref>.

Bitcoin is no different. The technology discussed on this page is only a tool to tip the scales in the defender's favour. Following from this principle, the way to beat the $5 wrench attack is to bear arms. Either your own, or employ guards, or use a safety deposit box, or rely on the police forces and army; or whatever may be appropriate and proportionate in your situation. If someone physically overpowers you then no technology on Earth can save your bitcoins. You can't be your own bank without bank-level security.

See Also: [https://twitter.com/i/moments/942083114385281024 Guns + Bitcoin Hardware Wallets]

== Further reading ==

* [https://github.com/BlockchainCommons/SmartCustodyWhitePapers/blob/master/%23SmartCustody-_Simple_Self-Custody_Cold_Storage_Scenario.md SmartCustody: Simple Self-Custody Cold Storage Scenario]

* https://bitzuma.com/posts/a-gentle-introduction-to-bitcoin-cold-storage/

* https://medium.com/@lopp/thoughts-on-secure-storage-of-bitcoins-and-other-crypto-assets-210cadabb53d

* https://medium.com/@michaelflaxman/how-should-i-store-my-bitcoin-43874ac208e4

* Two-factor authentication on custodial wallets doesn't work as well as you might think https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bitcoin-in-15-minutes-with-verizon-and-coinbase-com-ba75fb8d0bac

* This is why you shouldn’t use texts for two-factor authentication https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin Hacking 2FA based on SMS is easy.

==References==
<references />

[[Category:Security]]

File:Twotx.png

2018-07-10T08:31:42Z

Tkalfigo: Tkalfigo uploaded a new version of File:Twotx.png

File:Twotx.png

2018-07-10T08:24:52Z

Tkalfigo: Tkalfigo uploaded a new version of File:Twotx.png

Deterministic wallet tools

2018-07-03T10:28:07Z

Tkalfigo: /* Risks of Sharing an Extended Private Key (xprv) */

List of tools/services for working with Hierarchical Deterministic Wallets, aka hd-wallets aka bip32 wallets.

Tools listed on this page can typically perform some form of key derivation and list hd-wallet addresses.

'''Warning: You should never give an online service your master extended private key (xprv) as they could use it to drain your entire wallet'''. Even sharing an extended public key [[#Risks of Sharing an Extended Public Key (xpub)|entails risks]]. If using an online hosted javascript tool, be careful to work with it offline only.

See also [[Deterministic Wallet]].

=== Online Services ===

* [http://bip32.org/ bip32.org]: A tool for displaying information derived from bip32 extended key, or nmenonic phrase. Appears to list only the first address.
* [https://iancoleman.github.io/bip39/ Mnemonic Code Converter]: A tool for listing keys and addresses from a bip32 mnemonic phrase. The tool can be saved as a file and used without any internet connection.
* [https://webhdwallet.github.io/ WebHDWallet]: Implementing the Hierarchical Deterministic Wallet proposal BIP32, with the aim of creating easy to use, secure, and powerful tools for managing HD wallets and the funds within.
* [https://mybitprices.info/hd-wallet-addrs.html mybitprices.info]: A tool that can derive all used wallet addresses from an extended public key and can further lookup historic price information for all wallet transactions and create gain/loss reports.
* [https://bitcore.io/playground/#/hdkeys bitcore playground]: Derive HD keys from a private or public extended key and a path.

=== Offline Command-line software ===

* [https://github.com/trezor/python-mnemonic python-mnemonic]: Reference implementation of BIP-0039: Mnemonic code for generating deterministic keys
* [https://github.com/dan-da/hd-wallet-derive hd-wallet-derive]: A command-line tool that derives bip32 addresses and private keys from bip32 extended keys or mnemonic.
* [https://github.com/dan-da/hd-wallet-addrs hd-wallet-addrs]: A command-line tool for finding bitcoin hd-wallet addresses that have actually received funds, including change addresses. (note: key derivation occurs offline, but funds lookup requires internet connection.)
* [https://github.com/vbuterin/pybitcointools pybitcointools]: Simple, common-sense Bitcoin-themed Python ECC library. by Vitalik Buterin.
* [https://github.com/trezor/python-trezor python-trezor]: Client side implementation for TREZOR-compatible Bitcoin hardware wallets.

=== Risks associated with sharing extended keys with a third party ===

==== Risks of Sharing an Extended Private Key (xprv) DO-NOT-DO-THIS!!! ====

# '''The recipient can spend (steal) all your wallet funds.'''
# The recipient can obtain all your wallet keys and addresses, private and public.
# The recipient can identify and view all your historic transactions.
# The recipient can link all your wallet transactions together, possibly linking anonymous transactions with those associated with your identity.

==== Risks of Sharing an Extended Public Key (xpub) ====

In general it is safest NOT to share an extended public key.

# The recipient can obtain all your wallet public keys and addresses, but not your private keys.
# The recipient can identify and view all your historic transactions.
# The recipient can link all your wallet transactions together, possibly linking anonymous transactions with those associated with your identity.
# If, and only if, the recipient ''also'' obtains a single private key from your wallet, the recipient can obtain all your private keys and steal your funds, just as if they had your xprv key.