by Bit Plorer
A bitcoin paper wallet is one of the most secure ways to store digital currency. At the most basic level, it is simply a document which contains all of the information necessary to access and spend the bitcoins at a certain address on the blockchain.
Paper wallets are often used as backups for online wallets, or as part of a multisig wallet security system.
Before setting up and generating a paper wallet, take the following precautions.
- Find a wallet generator which works offline and comes from a trusted source.
- Ensure that the wallet generator uses a secure source of randomness (entropy) rather than a pseudorandom number generator.
- Verify the code of generation software has not been tampered with. This can be done manually by reading the source or using reliable checksum methods to verify the file’s integrity.
- To avoid the possibility of malware or keyloggers capturing any of the information conduct the wallet generation process from a clean live cd or usb OS. There are plenty of linux distros available to use. Ubuntu is probably the most user friendly.
- Disconnect every device used in the process from the internet completely before you begin. That means the printer too.
- Never save any of the wallet information to any electronic device.
- Once printed keep the paper wallet in a secure location and make sure the private key seed is not visible, either by folding the wallet or using a cover.
Now with that out of the way, on to making a secure paper wallet.
- Go to bitaddress.org and save the page for use offline as webpage complete. Copy the bitaddress.org.htm file and the folder with the same name to a flash drive or other removable media. For more advanced users the wallet generator is available on github.
- Now download a live-cd or usb version of linux to use for the actual wallet creation. Ubuntu is a popular choice. The instructions for creating a live version are easy to follow.
- Completely disconnect the computer and printer being used from the internet.
- Reboot the computer and use the key command to enter the boot selection screen. Select boot from which ever media has the live linux installed on it.
- Once linux is running, open the copy of bitaddress.org which was saved earlier.
- Follow the directions to help randomize the number generator.
- Next select paper wallet, and check the BIP38 encrypt box then enter a passphrase you can remember. (you will need this passphrase to decrypt the private keys in the future)
- Print the paper wallet on an offline printer.
- Now fold the wallet so the private key is not visible and only the public key may be seen.
- Store this in a safe place away from water, fire, and prying eyes.
- Use the public keys to send coins to the new wallet address.
This method will provide secure storage for any amount of bitcoins. The only real danger is that this paper wallet is now a bearer bond worth however much bitcoin is stored at the associated addresses. Make sure it is kept in a secure location. There is no way to stress this enough. If it is lost or stolen or destroyed the coins are gone.
Using Paper Wallets with Multisig Security
For a given bitcoin address, two cryptographic keys, public and private, are required to spend the coins contained therein. Single key wallets are discouraged as a way to store and spend bitcoin because they require the reuse of a single address. Address reuse and repeated reuse of a single private key make it easier to track financial activity and potentially hack the address.
The way around this is to use multiple addresses which require multiple keys. Even a list of a a dozen or more pre-generated key pairs will run out quickly when used regularly though. To solve this problem true paper wallets don’t contain a list of multiple private keys but rather the information necessary to generate an unlimited number of private keys. This provides a fresh address for every transaction and increases both the security of the wallet and the privacy of the user. The little bit of extra time and effort setting up a proper multi-key wallet will be worth the effort.
For more information on Multisig Security, check out this article on Multisignature Wallets.