Paper wallet: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Belcher (talk | contribs)
m →‎Browser wallets are bad: Added recent example of paper wallet hack
Holy-Fire (talk | contribs)
Revert multiple edits by User:Belcher, which are based on a very narrow view of what paper wallets are, and misunderstanding of their use cases.
Line 1: Line 1:
[[File:Water-damaged-paper-wallet.jpg|thumb|right|200px|Water damaged paper wallet]]
[[File:FirstBitcoinBills.jpg|thumb|right|200px|Casascius holding early paper wallets]]


A '''paper wallet''' is the name given to an obsolete and unsafe method of storing bitcoin which was popular between 2011 and 2016. It works by having a single [[private key]] and bitcoin [[address]], usually generated by a website, being printed out onto paper.  
In the most specific sense, a '''paper wallet''' is a document containing all of the data necessary to generate any number of Bitcoin [[private key]]s, forming a wallet of keys. However, people often use the term to mean ''any'' way of storing bitcoins offline as a physical document. This second definition also includes '''paper keys''' and '''redeemable codes'''. A paper key is a single key written on paper that is used multiple times like a wallet (this is strongly [[address reuse|discouraged]]). A redeemable code is a single key intended to be funded and "redeemed" only once: these are commonly used for gifts and as part of physical Bitcoin coins/notes.


This method has a large number of downsides and should not be used<ref>https://www.reddit.com/r/Bitcoin/comments/670zhy/summary_pitfalls_of_paper_wallets/</ref><ref>https://www.reddit.com/r/Bitcoin/comments/5pnrjb/mentor_monday_january_23_2017_ask_all_your/dcu36a2/?context=3</ref>.
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation. (See below.)


For storage of bitcoins, a much better way accomplish what paper wallets do is to use [[seed phrase]]s instead, where the user writes down 12 or 24 random words generated by their wallet.
__TOC__


== Paper wallet flaws ==
== Security overview ==


=== Printing is problematic ===
Generating paper wallets is not recommended from an online PC. Malware malware on the PC may be able to steal your paper wallet keys.


Paper wallets require using a printer to transfer them to paper. Many printers have a hard drive for internal storage where the paper wallet will be saved. Anybody who reads the file will be able to see the private key and steal the stored bitcoins. Shared printers such as in schools, offices or internet cafes are also usually centrally logged. If the printer is accessed over WiFi then any radio wave listener could also obtain the private keys and steal the money.<ref>https://www.reddit.com/r/Bitcoin/comments/6ajwsv/printing_paper_wallet_at_work_office/</ref>
Even if you generate paper wallets securely, they are still vulnerable to loss and theft.  


[[Seed phrase]]s avoid this problem by having the user transfer the sensitive information to paper without a printer but via their own handwriting.
Unencrypted paper wallets must be kept safe like jewels or cash.  


=== Promotes address reuse ===
For additional security paper wallets can be split into shares, requiring X of Y shares (e.g., 3 out of 5) to reassemble the secret key.


Paper wallets have just one bitcoin address, so they promote [[address reuse]]. The paper wallet creating websites generally have no warnings against this.
==Use cases==


[[Deterministic wallet]]s and [[seed phrase]]s avoids this problem by being able to create a new bitcoin [[address]] for every incoming transaction.
===Tips and gifts===


=== Encouragment of centralized and outsourced validation ===
By creating a keypair, one can store bitcoins on a physical medium to be left as a tip or a gift.
The recipient then sweeps the private key to their own wallet.


Despite the name, paper wallets are not actually wallets. They only store the private keys and addresses, and cannot tell users if they have actually received bitcoins and in what quantity.
===Physical tokens===


The single bitcoin addresses require the user to have random-access lookups of any address on the blockchain, this requirement pushes users to use centralized third-party blockchain explorer websites. This results in privacy and validation issues, the websites can spy on users and lie to them.
A trusted provider can hide the private key inside a tamper-resistant token, and issue them as a form of bitcoins.
This requires those who accept it as payment to trust that when the provider produced the tokens, they loaded them with the correct amount of bitcoins, and that they have not been tampered with since then.
To redeem the bitcoin value, the token must be destroyed to access the private key.
Often a bitcoin address is embedded on the outside visible, but there is no guarantee (without destroying the token) that this matches the private key inside, or, even if it does, that the private key is not replicated on multiple tokens or saved by the producer.


A more private solution is to import the private key into bitcoin-qt and rescan. Nobody watching the bitcoin-qt full node from outside will be able to tell which address it's interested in because all the scanning happens locally on disk. Unfortunately rescanning is not scalable and so is very slow; therefore most users are pushed towards using public blockchain explorers or Electrum servers. These centralized services can spy on the user and learn exactly how many bitcoins they have and where they spend them. An address database created from all bitcoin addresses is nearly 20 GB in size at of October 2018 and takes a long time to build up, so very few people will have this kind of thing available locally for the few occasions when they redeem paper wallets. Almost all wallet software today especially smartphone wallets relies on centralized lookups when redeeming paper wallets.
===Wallets===


[[Deterministic wallet]]s and [[seed phrase]]s partly avoid this problem by having a sequence of bitcoin addresses which can be sequentially scanned. Wallets using that tech don't inherently need any extra databases and are compatible with pruning.
Proper paper wallets are often a very secure way of storing bitcoins, since they are not typically exposed to malware. They can also be easily stored securely in safes and safe deposit boxes. However, it may be more difficult to securely "backup" paper wallets, and due to the current sub-optimal software support, it may be easier to make a mistake that causes loss of bitcoins.


See Also: [[Full_node#Why_should_you_use_a_full_node_wallet]]
Sometimes people try to use single keys as true bitcoin wallets. However [[address reuse]] is very bad for privacy and security. Because of this, one is forced to choose between hazardous options:
* '''Use the key only once to receive, and only once to send the full amount.''' This requires the user to know the full amount he wants to store in advance, and often leads to the next situation:
* '''Create multiple keys.''' By using more than one key, the user can receive more than once using a different address each time, including using new addresses for change. This is very complicated, and makes it easy to accidentally reuse addresses, produce the wrong change/fee combination, lose some keys, spend hours searching for the right key, etc. Not even skilled bitcoin experts are comfortable managing their own keys manually like this.


=== Raw private keys are dangerous ===
Therefore, it is highly recommended that you use proper paper wallets which allow you to generate an infinite number of addresses from a single seed.


Dealing with raw private keys is very unintuative and has lead to loss of funds on a number of occasions.<ref>https://bitcoin.stackexchange.com/questions/29948/why-doc-says-importing-private-keys-is-so-dangerous</ref><ref>https://bitcoin.stackexchange.com/questions/18619/why-so-many-warnings-about-importing-private-keys</ref>. Paper wallets encourage these dangers by only having one private key and exposing it to the user.
==Encoding/formatting==


One example is the mistake of destroy a paper wallet after it's imported into a [[deterministic wallet]], thinking that it has become a part of the [[deterministic wallet]] and it's safe to destroy because the master seed of the [[deterministic wallet]] has been backed up. In reality the private key is not part of the [[deterministic wallet]]. If the paper wallet (the paper) is destroyed and the app is uninstalled, the BTC is gone even if the [[deterministic wallet]] is recovered from its master seed. The unintuative behavour of raw private keys leads to this.
[[File:BitcoinPaperWallet-sample.jpg|thumb|right|300px|Paper keypair with private key secured beneath folds]]
[[File:PaperWallets-offlineaddress-com.png|200px|thumb|right|Paper keypair]]
Proper, multi-key paper wallets usually take the form of a multi-word [[Deterministic wallet | HD wallet]] seed mnemonic. The list of several words corresponds to some binary data that is used to generate all of the addresses. Words are used to make it easier to avoid and correct errors. Trying to memorize an entire seed mnemonic is very difficult and is generally not recommended.


Using only fully-featured wallet software is a much better because it only presents with intuative interfaces (like a GUI button to Send) which abstracts all the dangerous details away from the user.
A single key (for use in insecure single-key paper wallets or redeemable codes) can be represented in several formats, but typically the Wallet Import Format (WIF) is used, since keys represented that way are very short (51 characters) and thus easy to re-enter when importing or "sweeping" it for withdrawal.


=== Change addresses are not handled which leads to screwups ===
==Creation of a paper wallet==


Users have been known to import the private key into software wallet and then spend part of the funds. They mistakenly believe the remaining funds are still on the paper wallet when in reality they are in a [[change|change address]].<ref>https://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/</ref>
===Generation of secure keys===


=== Encouragement of raw transactions ===
The private seed is used to prove your right to spend the bitcoins transferred to the paper wallet, and as such should be kept hidden and secret.
If the private seed on a paper wallet is exposed (for example in a photograph) then the wallet may be used by anyone who sees it.
To guard against accidental revelation, the private key displayed on the paper wallet may be encrypted or split into several different parts (for example using [https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing Shamir's secret sharing scheme]).
At the very least, the private key should be well hidden e.g. by folding the wallet in half and sealing it shut.


[[Raw Transactions]] are dangerous, unintuitive and have many times resulted in loss of funds.
Currently, at least [[Armory]] and [[Electrum]] support generating mnemonic codes for their wallets, which can be written down or printed to make a multi-key paper wallet.


A notable example of such a costly mistake is the address <code>1Acbo3viCYy1TSZB7m2W1nPPNF4rcAPMC9</code> which seems to have been a paper wallet. The owner appears to have been regularly buying bitcoin between April 2014 and January 2017, before apparently making a mistake with raw transactions and sending ''50 bitcoins'' as miner fees.<ref>See transaction <code>d38bd67153d774a7dab80a055cb52571aa85f6cac8f35f936c4349ca308e6380</code></ref> (worth about $50000 at the contemporary exchange rate).
Several tools exist for producing single keys, including [[Bitcoin Address Utility]], [[vanitygen]], and [[Cwallet]]. Again, using single keys for anything except one-time ''transfers'' of bitcoins is strongly [[address reuse|discouraged]].


Also note the terrible privacy due to [[Address reuse]] that allows us to get such a complete picture of what happened.
===Web-based key generators===


=== Low error correction ===
Some websites feature free open-source client-side keypair/wallet generators written in JavaScript.
Keypairs/wallets generated by JavaScript or using websites are inherently weak and insecure, and unless the code of the website is audited every time it is used, it may leak the generated keys back to the server—especially if un-audited Javascript is downloaded and run locally.
Even with careful code auditing, browser plugins or other websites may compromise the environment.


[[File:Water-damaged-paper-wallet-privkey.jpg|thumb|right|400px|Water damaged paper wallet [[private key]]]]
===Recommendations===
* Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't transmitting your keys online.
* Verifying the integrity of the code (and the trustworthiness of the author) is important to make sure a hacker hasn't modified the download so that it generates predictable seeds instead of truly random ones.
* Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets are something of value that have already been targeted by malware. If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private seed can then be intercepted while you enter it, so only enter a Bitcoin private seed into your computer when you are certain it is secure (such as a fresh boot of a LiveCD).
* The wallet should never be saved to a computer hard drive or sent via email or other network connections.  You should also never scan/type your key into your computer, except at the moment you are using it.
* If possible, the wallet should be kept hidden, for example by using [[BIP_0038|BIP38]] encryption (single keys only), and/or by folding the paper to hide the private key so that a photograph or photocopy of it will not reveal or replicate the private key.
* A web-based generator should not be used.
* A generator should use an appropriate source of random numbers (entropy).  This means that the generated keys aren't predictable.  If the addresses come from a predictable or partially-predictable patterns like pseudorandom numbers <ref>[https://en.wikipedia.org/wiki/Pseudorandomness#Cryptography Pseudorandomness] '' is not enough for strong cryptography''</ref>, someone else who can predict the pattern can steal the balance. Randomness should NEVER be human generated, as the human brain is incapable of secure entropy.
* Remember that unlike wallets (paper or otherwise), a single paper key is only good to receive a single payment, and must be redeemed in its entirety.


The private keys is typically printed in rather small font. Sometimes the characters could be mistakenly read for another letter, such as a B versus an 8 or 1 versus l. If even a single character is wrong or mistakenly typed then the entire private key will be invalid. Private keys in WIF format have a checksum but there are no tools for regular users to correct mistakes.
===Printer Security===


QR codes were not designed for secure storage of cryptographic material. QR codes have been damaged and made unscannable by water<ref>https://www.reddit.com/r/Bitcoin/comments/1sc02w/make_sure_to_secure_your_paperwallet_against/</ref><ref>https://www.reddit.com/r/Bitcoin/comments/2ni2fq/reminder_keep_your_paper_wallets_dry_if_you_use/</ref>, crumpling and even folding the paper.
Some advanced printers have internal storage (even hard drives) that preserve copies of printouts. This is a risk if someone gets access to your printer, or if you dispose of your printer. There is also the possibility that a smart enough printer can be hacked. (Consider [http://en.wikipedia.org/wiki/Stuxnet StuxNet] which was able to rewrite the firmware of non-computer devices indirectly connected to the Internet) If this concerns you, use a "dumb" printer, and never let your printer have access to the Internet or to an Internet-connected computer.


As [[seed phrase]]s uses natural language words, they have far more error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be read. The [[Seed_phrase#Word_Lists|word list]] from which seed phrase words are drawn from is carefully chosen so that the first four letters of a word is enough to uniquely identify it.
====Handwriting====


=== Inconsistent private key format ===
An alternative using a printer for paper wallets is to write the private key and address with your own hand. [[Base58Check]] encoding used for Bitcoin addresses and private keys specifically excludes characters that look similar like 0OIl. The mnemonic recovery seeds used by wallets like [[Armory]] and [[Electrum]] are also suitable to be written by hand.


The spending of paper wallets relies on wallet software understanding the private key format. There has been at least one situation where an update to private key formats resulted in a user's funds becoming stuck <ref>https://www.reddit.com/r/Bitcoin/comments/8v2lxa/did_i_lose_my_btc_by_sending_to_a_segwit_bc1/</ref>.
==Redeeming Keys and Withdrawing Funds==


[[Seed phrase]]s avoid this problem because they are created by the same wallet software which understands how to spend from them.
This section applies only to single-key paper "wallets".


=== Encouragement of obsolete brainwallet style ===
Paper keys, when used as wallets, are very different from wallets such as Bitcoin Core in that there is only one address in a paper key rather than a hundred or more online keys that are managed with full software assistance from Bitcoin Core.


Almost all paper wallet websites today also have an interface to the obsolete sha256 brainwallets. These are very insecure and should never be used, yet paper wallet websites do not come with adequate warnings.
There are various methods for copying the private key data to other wallets.
* bitcoind supports an "importprivkey" RPC method for this purpose.
* Bitcoin-Qt's debug console can also be used in a similar way (see also [[How to import private keys in Bitcoin Core 0.7+]]).
* [[BlockChain.info]] and [[Armory]] can also import them directly into wallets.
* [http://MyCelium.com/download Mycelium] is a Android mobile wallet with an easy to use "cold storage" spending function. It is also available via Android and iTunes playstore. The iTunes version may not yet support cold storage spending.


See also: [[Brainwallet#Obsolete_Brainwallet_Style]]
Note that importing a private key that may be compromised can result in the entire wallet becoming insecure. For this reason, sweeping (or sending the entire amount to a fresh address) is generally recommended over plain importing.


=== Javascript software ===
==References==
<references />


Most paper wallets are created in a website using [[Javascript cryptography]], which is considered unsafe for anything related to bitcoin.
==See Also==


=== Browser wallets are bad ===
* [[Cold storage]]
 
* [[Private key]]
Almost all paper wallets are made by websites, which therefore involves most of the problems associated with [[Browser-based wallet]].<ref>https://www.reddit.com/r/Bitcoin/comments/771c4z/bitaddressorg_beware_of_possible_scam/</ref><ref>https://np.reddit.com/r/Bitcoin/comments/a7xaej/paperwallet_being_hacked/</ref>
 
== Redeeming bitcoins and withdrawing funds ==
 
[[File:FirstBitcoinBills.jpg|thumb|right|200px|Casascius holding early paper wallets]]
 
The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This sends the entire balance of the paper wallet to a [[deterministic wallet]]. Alternatively the private key could be imported and the entire balance sent to an address in the wallet.


There are various wallets for doing this:
* [[Securing_your_wallet#Paper_Wallets]]


* [[Electrum]] and [[Mycelium]] support sweeping private keys.
* [https://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/ Reddit warning on redeeming paper wallets]
* [[Bitcoin Core]] supports the RPC call "importprivkey" for this purpose. See [[How to import private keys in Bitcoin Core 0.7+]]
* [[BlockChain.info]] and [[Armory]] can also import them directly into wallets.


== Bitcoin ATMs and paper wallets ==
Many bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer would sweep the bitcoins into their own wallet as soon as they can.
== See Also ==
* [[Private key]]
* [[Seed phrase]]
* [[Storing bitcoins]]
* [[How to import private keys]]
* [[How to import private keys]]
* https://bitzuma.com/posts/how-to-spend-a-bitcoin-paper-wallet-in-three-easy-steps/


==References==
* [[Casascius physical bitcoins]]
<references />


[[Category:Security]]
[[Category:Security]]
[[es:Monedero de papel]]

Revision as of 17:28, 7 February 2019

Casascius holding early paper wallets

In the most specific sense, a paper wallet is a document containing all of the data necessary to generate any number of Bitcoin private keys, forming a wallet of keys. However, people often use the term to mean any way of storing bitcoins offline as a physical document. This second definition also includes paper keys and redeemable codes. A paper key is a single key written on paper that is used multiple times like a wallet (this is strongly discouraged). A redeemable code is a single key intended to be funded and "redeemed" only once: these are commonly used for gifts and as part of physical Bitcoin coins/notes.

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation. (See below.)

Security overview

Generating paper wallets is not recommended from an online PC. Malware malware on the PC may be able to steal your paper wallet keys.

Even if you generate paper wallets securely, they are still vulnerable to loss and theft.

Unencrypted paper wallets must be kept safe like jewels or cash.

For additional security paper wallets can be split into shares, requiring X of Y shares (e.g., 3 out of 5) to reassemble the secret key.

Use cases

Tips and gifts

By creating a keypair, one can store bitcoins on a physical medium to be left as a tip or a gift. The recipient then sweeps the private key to their own wallet.

Physical tokens

A trusted provider can hide the private key inside a tamper-resistant token, and issue them as a form of bitcoins. This requires those who accept it as payment to trust that when the provider produced the tokens, they loaded them with the correct amount of bitcoins, and that they have not been tampered with since then. To redeem the bitcoin value, the token must be destroyed to access the private key. Often a bitcoin address is embedded on the outside visible, but there is no guarantee (without destroying the token) that this matches the private key inside, or, even if it does, that the private key is not replicated on multiple tokens or saved by the producer.

Wallets

Proper paper wallets are often a very secure way of storing bitcoins, since they are not typically exposed to malware. They can also be easily stored securely in safes and safe deposit boxes. However, it may be more difficult to securely "backup" paper wallets, and due to the current sub-optimal software support, it may be easier to make a mistake that causes loss of bitcoins.

Sometimes people try to use single keys as true bitcoin wallets. However address reuse is very bad for privacy and security. Because of this, one is forced to choose between hazardous options:

  • Use the key only once to receive, and only once to send the full amount. This requires the user to know the full amount he wants to store in advance, and often leads to the next situation:
  • Create multiple keys. By using more than one key, the user can receive more than once using a different address each time, including using new addresses for change. This is very complicated, and makes it easy to accidentally reuse addresses, produce the wrong change/fee combination, lose some keys, spend hours searching for the right key, etc. Not even skilled bitcoin experts are comfortable managing their own keys manually like this.

Therefore, it is highly recommended that you use proper paper wallets which allow you to generate an infinite number of addresses from a single seed.

Encoding/formatting

Paper keypair with private key secured beneath folds
Paper keypair

Proper, multi-key paper wallets usually take the form of a multi-word HD wallet seed mnemonic. The list of several words corresponds to some binary data that is used to generate all of the addresses. Words are used to make it easier to avoid and correct errors. Trying to memorize an entire seed mnemonic is very difficult and is generally not recommended.

A single key (for use in insecure single-key paper wallets or redeemable codes) can be represented in several formats, but typically the Wallet Import Format (WIF) is used, since keys represented that way are very short (51 characters) and thus easy to re-enter when importing or "sweeping" it for withdrawal.

Creation of a paper wallet

Generation of secure keys

The private seed is used to prove your right to spend the bitcoins transferred to the paper wallet, and as such should be kept hidden and secret. If the private seed on a paper wallet is exposed (for example in a photograph) then the wallet may be used by anyone who sees it. To guard against accidental revelation, the private key displayed on the paper wallet may be encrypted or split into several different parts (for example using Shamir's secret sharing scheme). At the very least, the private key should be well hidden e.g. by folding the wallet in half and sealing it shut.

Currently, at least Armory and Electrum support generating mnemonic codes for their wallets, which can be written down or printed to make a multi-key paper wallet.

Several tools exist for producing single keys, including Bitcoin Address Utility, vanitygen, and Cwallet. Again, using single keys for anything except one-time transfers of bitcoins is strongly discouraged.

Web-based key generators

Some websites feature free open-source client-side keypair/wallet generators written in JavaScript. Keypairs/wallets generated by JavaScript or using websites are inherently weak and insecure, and unless the code of the website is audited every time it is used, it may leak the generated keys back to the server—especially if un-audited Javascript is downloaded and run locally. Even with careful code auditing, browser plugins or other websites may compromise the environment.

Recommendations

  • Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't transmitting your keys online.
  • Verifying the integrity of the code (and the trustworthiness of the author) is important to make sure a hacker hasn't modified the download so that it generates predictable seeds instead of truly random ones.
  • Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets are something of value that have already been targeted by malware. If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private seed can then be intercepted while you enter it, so only enter a Bitcoin private seed into your computer when you are certain it is secure (such as a fresh boot of a LiveCD).
  • The wallet should never be saved to a computer hard drive or sent via email or other network connections. You should also never scan/type your key into your computer, except at the moment you are using it.
  • If possible, the wallet should be kept hidden, for example by using BIP38 encryption (single keys only), and/or by folding the paper to hide the private key so that a photograph or photocopy of it will not reveal or replicate the private key.
  • A web-based generator should not be used.
  • A generator should use an appropriate source of random numbers (entropy). This means that the generated keys aren't predictable. If the addresses come from a predictable or partially-predictable patterns like pseudorandom numbers [1], someone else who can predict the pattern can steal the balance. Randomness should NEVER be human generated, as the human brain is incapable of secure entropy.
  • Remember that unlike wallets (paper or otherwise), a single paper key is only good to receive a single payment, and must be redeemed in its entirety.

Printer Security

Some advanced printers have internal storage (even hard drives) that preserve copies of printouts. This is a risk if someone gets access to your printer, or if you dispose of your printer. There is also the possibility that a smart enough printer can be hacked. (Consider StuxNet which was able to rewrite the firmware of non-computer devices indirectly connected to the Internet) If this concerns you, use a "dumb" printer, and never let your printer have access to the Internet or to an Internet-connected computer.

Handwriting

An alternative using a printer for paper wallets is to write the private key and address with your own hand. Base58Check encoding used for Bitcoin addresses and private keys specifically excludes characters that look similar like 0OIl. The mnemonic recovery seeds used by wallets like Armory and Electrum are also suitable to be written by hand.

Redeeming Keys and Withdrawing Funds

This section applies only to single-key paper "wallets".

Paper keys, when used as wallets, are very different from wallets such as Bitcoin Core in that there is only one address in a paper key rather than a hundred or more online keys that are managed with full software assistance from Bitcoin Core.

There are various methods for copying the private key data to other wallets.

  • bitcoind supports an "importprivkey" RPC method for this purpose.
  • Bitcoin-Qt's debug console can also be used in a similar way (see also How to import private keys in Bitcoin Core 0.7+).
  • BlockChain.info and Armory can also import them directly into wallets.
  • Mycelium is a Android mobile wallet with an easy to use "cold storage" spending function. It is also available via Android and iTunes playstore. The iTunes version may not yet support cold storage spending.

Note that importing a private key that may be compromised can result in the entire wallet becoming insecure. For this reason, sweeping (or sending the entire amount to a fresh address) is generally recommended over plain importing.

References

  1. Pseudorandomness is not enough for strong cryptography

See Also