Paper wallet: Difference between revisions
Improve opening paragraph |
Improve the article more |
||
Line 6: | Line 6: | ||
__TOC__ | __TOC__ | ||
== | ==Key encoding/formatting== | ||
[[File:BitcoinPaperWallet-sample.jpg|thumb|right|300px|Paper keypair with private key secured beneath folds]] | [[File:BitcoinPaperWallet-sample.jpg|thumb|right|300px|Paper keypair with private key secured beneath folds]] | ||
Line 12: | Line 12: | ||
An [[ECDSA]] [[private key]] can be represented in several formats, but typically the Wallet Import Format (WIF) is used, since keys represented that way are very short (51 characters) and thus easy to re-enter when importing or "sweeping" it for withdrawal. | An [[ECDSA]] [[private key]] can be represented in several formats, but typically the Wallet Import Format (WIF) is used, since keys represented that way are very short (51 characters) and thus easy to re-enter when importing or "sweeping" it for withdrawal. | ||
==Creation of a paper wallet== | |||
===Generation of secure keys=== | |||
Care must be taken to securely generate keys since an attacker can steal stored bitcoins if it is exposed, transmitted, or generated with insufficient entropy. | Care must be taken to securely generate keys since an attacker can steal stored bitcoins if it is exposed, transmitted, or generated with insufficient entropy. | ||
Some websites feature | Several tools exist for producing keypairs, including [[Bitcoin Address Utility]], [[vanitygen]], and [[Cwallet]]. | ||
===Web-based key generators=== | |||
Some websites feature free open-source client-side keypair generators written in JavaScript. | |||
Keypairs generated by JavaScript or using websites are generally considered inherently weak and insecure, and unless the code of the website is audited every time it is used, it may leak the keys to the server. | |||
Even with careful code auditing, browser plugins or other websites may compromise the environment. | |||
===Recommendations=== | |||
'''Recommendations:''' | '''Recommendations:''' | ||
* Keys should be produced on a computer not connected to the Internet. | * Keys should be produced on a computer not connected to the Internet. | ||
* Be aware that malware often allows a remote third party to view your screen and see your keystrokes, and these can compromise the integrity of your key. Also consider that antivirus software cannot completely rule out the possibility of malware. However, booting from a [https://en.wikipedia.org/wiki/Live_CD live disc] prevents most malware from running. | * Be aware that malware often allows a remote third party to view your screen and see your keystrokes, and these can compromise the integrity of your key. Also consider that antivirus software cannot completely rule out the possibility of malware. However, booting from a [https://en.wikipedia.org/wiki/Live_CD live disc] prevents most malware from running. | ||
* The private keys should never be saved to a computer hard drive. You should also never scan your key into your computer | * The private keys should never be saved to a computer hard drive or sent via email or other network connections. You should also never scan/type your key into your computer, except at the moment you are redeeming it. | ||
* If possible, the private key should be kept hidden, for example by using BIP38 encryption, or by folding the paper to hide the private key so that a photograph or photocopy of it will not reveal or replicate the private key. | * If possible, the private key should be kept hidden, for example by using BIP38 encryption, and/or by folding the paper to hide the private key so that a photograph or photocopy of it will not reveal or replicate the private key. | ||
* A web-based generator should not be used. | * A web-based generator should not be used. | ||
* A generator should use an appropriate source of random numbers (entropy). This means that the generated keys aren't predictable. If the addresses come from a predictable or partially-predictable patterns like pseudorandom numbers <ref>[https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography Pseudorandomness] '' is not enough for strong cryptography''</ref>, someone else who can predict the pattern can steal the balance. | * A generator should use an appropriate source of random numbers (entropy). This means that the generated keys aren't predictable. If the addresses come from a predictable or partially-predictable patterns like pseudorandom numbers <ref>[https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography Pseudorandomness] '' is not enough for strong cryptography''</ref>, someone else who can predict the pattern can steal the balance. Randomness should NEVER be human generated, as the human brain is incapable of secure entropy. | ||
* Remember that unlike wallets, a single ECDSA private key is only good to receive a single payment, and must be redeemed in its entirety. | * Remember that unlike wallets, a single ECDSA private key is only good to receive a single payment, and must be redeemed in its entirety. | ||
Line 40: | Line 48: | ||
There are various methods for copying the private key data to other wallets. | There are various methods for copying the private key data to other wallets. | ||
* bitcoind supports an "importprivkey" RPC method for this purpose. | * bitcoind supports an "importprivkey" RPC method for this purpose. | ||
* Bitcoin-Qt's debug console can also be used in a similar way (see also [[ | * Bitcoin-Qt's debug console can also be used in a similar way (see also [[How to import private keys in Bitcoin Core 0.7+]]). | ||
* [[BlockChain.info]] and [[Armory]] can also import them directly into wallets. | * [[BlockChain.info]] and [[Armory]] can also import them directly into wallets. | ||
Note that importing a private key that may be compromised can result in the entire wallet | Note that importing a private key that may be compromised can result in the entire wallet becoming insecure. | ||
For this reason, sweeping is generally recommended over importing. | For this reason, sweeping is generally recommended over importing. | ||
Line 50: | Line 58: | ||
==See Also== | ==See Also== | ||
* [[Paper wallet]] | |||
* [[Private key]] | * [[Private key]] |
Revision as of 07:46, 28 February 2015
A paper ECDSA private key (often incorrectly referred to as a "paper wallet") is a mechanism for storing bitcoins offline as a physical document that can be secured like cash or anything else of real-world value. They are generally created by printing a brand new ECDSA private key onto paper, usually along with a bitcoin address derived from the key, and then sending bitcoins from a wallet to that address for safekeeping. Storing bitcoins this way is generally considered a bad idea.[why?]
Key encoding/formatting
An ECDSA private key can be represented in several formats, but typically the Wallet Import Format (WIF) is used, since keys represented that way are very short (51 characters) and thus easy to re-enter when importing or "sweeping" it for withdrawal.
Creation of a paper wallet
Generation of secure keys
Care must be taken to securely generate keys since an attacker can steal stored bitcoins if it is exposed, transmitted, or generated with insufficient entropy.
Several tools exist for producing keypairs, including Bitcoin Address Utility, vanitygen, and Cwallet.
Web-based key generators
Some websites feature free open-source client-side keypair generators written in JavaScript. Keypairs generated by JavaScript or using websites are generally considered inherently weak and insecure, and unless the code of the website is audited every time it is used, it may leak the keys to the server. Even with careful code auditing, browser plugins or other websites may compromise the environment.
Recommendations
Recommendations:
- Keys should be produced on a computer not connected to the Internet.
- Be aware that malware often allows a remote third party to view your screen and see your keystrokes, and these can compromise the integrity of your key. Also consider that antivirus software cannot completely rule out the possibility of malware. However, booting from a live disc prevents most malware from running.
- The private keys should never be saved to a computer hard drive or sent via email or other network connections. You should also never scan/type your key into your computer, except at the moment you are redeeming it.
- If possible, the private key should be kept hidden, for example by using BIP38 encryption, and/or by folding the paper to hide the private key so that a photograph or photocopy of it will not reveal or replicate the private key.
- A web-based generator should not be used.
- A generator should use an appropriate source of random numbers (entropy). This means that the generated keys aren't predictable. If the addresses come from a predictable or partially-predictable patterns like pseudorandom numbers [1], someone else who can predict the pattern can steal the balance. Randomness should NEVER be human generated, as the human brain is incapable of secure entropy.
- Remember that unlike wallets, a single ECDSA private key is only good to receive a single payment, and must be redeemed in its entirety.
Printer Security
Some advanced printers have internal storage (even hard drives) that preserve copies of printouts. This is a risk if someone gets access to your printer, or if you dispose of your printer. There is also the possibility that a smart enough printer can be hacked. (Consider StuxNet which was able to rewrite the firmware of non-computer devices indirectly connected to the Internet) If this concerns you, use a "dumb" printer, and never let your printer have access to the Internet or to an Internet-connected computer.
Redeeming Keys and Withdrawing Funds
ECDSA private keys are very different from wallets such as Bitcoin Core in that it is not possible to transfer (withdraw) a portion of a key's bitcoins. The only way to withdraw funds is to import or "sweep" the entire received amount to a new address, typically a wallet or online exchange. Once the transfer has been confirmed, the key should not be reused.[2]
There are various methods for copying the private key data to other wallets.
- bitcoind supports an "importprivkey" RPC method for this purpose.
- Bitcoin-Qt's debug console can also be used in a similar way (see also How to import private keys in Bitcoin Core 0.7+).
- BlockChain.info and Armory can also import them directly into wallets.
Note that importing a private key that may be compromised can result in the entire wallet becoming insecure. For this reason, sweeping is generally recommended over importing.
References
- ↑ Pseudorandomness is not enough for strong cryptography
- ↑ reddit.com Using Paper Wallets and Understanding Change
See Also
- Blockchain.info tutorial on how to generate a paper wallet.