As bitcoin continues to climb in value, its security flaws become increasingly apparent and important. The nightmare is waking up one morning to discover you were hacked and your five-, six-, or seven-figure savings are gone forever. Here’s how to install cold storage to eliminate the risk of such a hack.
You’ll find no shortage of people on the Bitcoin forums saying that your private keys shouldn’t be on any computer connected to the Internet. This reveals one of the major usability flaws with bitcoin today – the impossibility of trusting your wealth to stay, well, your wealth, and how that is a major roadblock to mainstream adoption. But while the community works on that problem, the early adopters among us have the ability to make sure the keys to our bitcoin wealth can’t be hacked. That’s a far from trivial exercise, so here’s a walkthrough on how to do that.
You will need:
- Your ordinary workstation, connected to the Internet
- An old laptop, which has had wi-fi permanently disabled in hardware
- A fresh-from-package USB stick (1G is enough)
The object of this exercise is to make a laptop that has never connected, nor will ever connect to the Internet – and have that laptop be the so-called cold storage of the keys that are used to send coins from our large wallets. We will still be able to see the wallet from our online workstation, but in order to send any money from it, we will need to do so on the offline laptop, the cold storage. To minimize risk of infection, we’ll be installing Ubuntu Linux on the laptop (nothing from Microsoft, nothing from Apple).
Steps to perform:
- Download Ubuntu LTS and create a boot stick
- Install Ubuntu LTS on the laptop
- Install apt-offline, update, upgrade
- Install dependencies then Armory
- Create your offline wallet
- Make a fragmented secure paper backup (m-of-n)
- Make and install your watch-only copy on your workstation
- Wipe and reinstall laptop to make sure the backup works
- Send your first few millicoins to test the wallet
- Distribute your backup fragments
This is easily a workday’s exercise, but this walkthrough is going to save you from a lot of the trial-and-error and googling that took most of my time.
Get an offline laptop and a USB stick
Your first step is to take an old laptop and kill its wi-fi. We want to make sure that this particular computer can never, ever, again connect to the Internet – even accidentally, particularly not accidentally. It has to be permanently offline. We are going to move files back and forth to it using a USB stick.
The laptop doesn’t need to have particularly strong specs – 512M of RAM is plenty. Mine is almost a decade old. We assume here that you trust the laptop’s hardware for reliability and for not having been infected hardware-wise. Obviously, you shouldn’t pick a laptop that has had any chance of being tampered with by an adversary.
Get a USB stick. To minimize risk of infection, use a completely fresh one: break its packaging.
Get Ubuntu LTS
Download Ubuntu 12.04.4 LTS to your workstation from here. 32-bit is fine. Make care to use the alternate installer, which the link points to, as we’re going to use full-disk encryption on the offline laptop, so that an adversary can’t obtain your wealth even if they obtain the laptop.
Open the package of a new USB stick and run Startup Disk Creator, installing the ISO to the USB stick and making it bootable. (If you’re not running Ubuntu Linux on your workstation, use whatever utility available to you to create a bootable USB stick from an ISO.)
Install Ubuntu Linux on the laptop
Did you kill wi-fi on the laptop yet? No you didn’t. Seriously, the one single purpose of this laptop is to never ever have been connected to the Internet, so take the time for peace of mind and kill that wi-fi. On laptops this age, there’s usually a physical switch. You could even glue it shut in the “wifi off” position if you don’t want to open the laptop and resolder the switch to permanently off.
With that done, install Ubuntu 12.04.4 LTS from the alternate installer. It may seem unfamiliar as it’s slightly more technical than the standard installer, but the steps are very straightforward.
The one key step you must make sure to do here is to choose full-disk encryption. You do that in the partitioning part of the install sequence: make sure to pick the installation option named Guided – Use entire disk and set up encrypted LVM. That option is the one reason we’re using the alternate installer in the first place. Choose a strong password, obviously. “Battery horse staple correct”. Use five or six words if you want to be super-paranoid.
Install and login.
Install apt-offline, update, upgrade
Technical note: This section assumes that you’re running a version of Debian Linux, such as Ubuntu, on your online workstation. If you’re not, the utility ‘apt-offline’ is available for your workstation even if you’re running something else, like Microsoft Windows. You’ll have to find and install it yourself, though, and find the appropriate syntax, adapting what’s specified below to your operating system.
Ok, so you have a freshly-installed offline laptop with 32-bit Ubuntu 12.04.4 LTS on it. The laptop can’t update its software. That’s part of the point, actually, but in this case, it causes a few problems as we need to install the software packages required for Armory.
The solution is named apt-offline, which is a utility that enables an offline computer to use a secondary, online computer to fetch its packages from the Internet. From your online workstation, get this debian package and put it on the USB stick (don’t erase the boot packages also on there just yet). Move the USB stick to the laptop, open a Terminal, and run
sudo dpkg -i /media/[your USB stick]/apt-offline_1.1.1build1_all.deb
This will enable us to install packages using the USB stick as a relay to the Internet, going through the online workstation.
First, an update/upgrade sequence. On the offline laptop, with the USB stick still inserted,
sudo apt-offline set --update /media/[your USB stick]/cold-apt.sig
Move the USB stick to the online workstation, then run
sudo apt-get install apt-offline
(Yes, we need apt-offline on the online workstation as well! They can be different distributions and architectures, that’s ok. If you’re not running a Debian Linux or an Ubuntu Linux, find the way of installing and running apt-offline that is appropriate for whatever your online workstation runs on.)
mkdir /media/[your USB stick]/apt-offline
We’ll be storing the downloaded files in that folder.
apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig
This fetches the needed files and puts them on the stick. Expect a few fails in bright red. That’s ok. Return the stick to the offline laptop, and run
sudo apt-offline install /media/[your USB stick]/apt-offline sudo apt-offline set --upgrade /media/[your USB stick]/cold-apt.sig
Yup, we’re doing an upgrade sequence too while we’re at it. Move the stick to the online workstation:
apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig
and to the offline:
sudo apt-offline install /media/[your USB stick]/apt-offline
Install dependencies and Armory
Armory is an advanced bitcoin wallet that allows for offline storage, so-called cold storage. It’s what we’ll be using here. But Armory won’t install on a freshly-installed offline Ubuntu 12.04 LTS. That’s a usability problem that is one of the primary reasons for the existence of this walkthrough.
Armory depends on three packages that aren’t present in the base install: python-qt4, python-twisted, and python-psutil. We’ll use apt-offline to install these, then install Armory. Still on the offline laptop:
sudo apt-offline set --install-packages python-qt4 python-twisted python-psutil -- /media/[your USB stick]/cold-apt.sig
The two dashes in the command are important, they indicate the end of the package list initiated by –install-packages. Also, reflow the command above to one single line, one single command – it’s been split into two lines here simply because it’s too long to display on one.
Move the stick to the online workstation, and run
apt-offline get -d /media/[your USB stick]/apt-offline /media/[your USB stick]/cold-apt.sig
Also, while we’re at it, we’ll download Armory in a flavor appropriate for the offline laptop and store the .deb file on the USB stick.
Move the stick back to the offline laptop. We’re going to install the dependencies and then Armory.
sudo apt-offline install /media/[your USB stick]/apt-offline sudo apt-get install python-qt4 python-psutil python-twisted
And then, let’s finally install Armory on the offline machine.
sudo dpkg -i /media/[your USB stick]/armory_0.90-beta_12.04_i386.deb
If everything went well, you will see !!! Armory successfully installed !!! in the terminal window.
After this, we don’t need the terminal more. Close it.
Create your offline wallet
Start Armory on the offline machine. As you hit the Start button (Windows button on most keyboards) and type “Armory”, you see three versions of Armory, and we’ll be using the offline one. Create your first wallet. Select a password for it (while the computer’s files are already protected by strong full-disk encryption, defense in depth is always good).
Armory will prompt you to back up the wallet. Don’t back up your wallet at this time. The options for backing up the wallet when you create it are severely limited – we’ll be using a much better option.
Close all distracting Armory dialogs and messages so that you come back to the main screen, and select your newly-created wallet. Click “Wallet properties”. In this dialog, we’ll be doing two things: first, we’ll create a watching-only copy of the wallet, which we will move to the online workstation. Create a watching-only copy and save the file to the USB stick. Second, we’ll create a secure paper backup of a type we didn’t have access to when we had just created the wallet.
Click “Backup this wallet”. You’ll be presented with the choice of paper or digital. Choose neither; choose “Other backup options” at the bottom of the dialog.
In the dialog that follows, we have the option of more advanced backup types. We’re going to create a Printable Paper Fragmented Backup. We won’t install a printer to the laptop – it’s not supposed to be connecting to anything, and we’re going to be fundamentalist about that. Instead, we’ll be printing to a PDF file we bring to the online workstation and print from there.
A fragmented backup means that you print five pieces of paper, and need three of them to restore the backup, any three. Or two out of three. Or nine out of eleven. The numbers are up to you. I’d recommend requiring at least three pieces out of any number you choose and placing them in different locations – think disaster recovery; if the offline laptop is in a house fire, you’ll want to have stored enough backup pieces in different locations to recover your wallet.
Check “Secure Print”. Without this option, the PDF contains your entire wallet unencrypted, and since the PDF file will be touching the online workstation and printer while printing it, your unencrypted wallet will be on an online computer without this option – exposing it to hacks. We don’t want that. Check “Secure Print”, then “Print all fragments” in the leftmost box in the middle frame. (You may have to scroll down to see the button again after checking “Secure Print”.)
Generate a PDF that’s to your liking. The offline Armory will present you with a Secure Print code on-screen, to be copied by hand to the individual fragment printouts. Without this code, the backups don’t work, and this is why we can safely print the PDF from the online workstation. Copy the SecurePrint code by hand to a separate piece of paper for now.
Test the backup as instructed if you like, but we’re going to do that in a much more thorough fashion shortly anyway.
Copy the generated PDF to the USB stick, move the USB stick to the online workstation, and print the PDF. Keep the note with the Secure Print code beside the printouts for now.
Install Armory on your online workstation
Download the flavor of Armory that’s correct for your online workstation, and install it. When you first run it, you’ll get the choice of importing/restoring or creating a wallet. We’ll start by importing our watching-only copy of the wallet that was created on the offline laptop. That’s as easy as choosing “Import” and selecting the corresponding file on the USB stick.
It will install as a “Watching-only” wallet. Go into wallet properties, edit the owner, and click “This is my wallet”. That will change its security status to an “Offline” wallet. The only practical difference is whether its funds are listed as yours in the financial summary.
After that, Armory – the online version – will want to install the reference bitcoin client as its back-end and synchronize with the bitcoin network. That will take quite a while, as it loads the entire blockchain. In the meantime, we are going to verify in the harshest possible way that our paper backup works: we’re going to wipe the entire laptop and reinstall from scratch, simulating that the laptop was destroyed in a house fire and that we’re restoring the backup to a new offline laptop, and then verifying that the restored wallet works to send coins.
It’s important in this context that Armory uses so-called deterministic wallets. That’s nerdspeak for a wallet backup containing all the addresses that a wallet has generated so far, along with all the addresses the wallet will ever generate. There’s no need to re-issue a backup of a particular wallet, ever, just because you have generated more addresses. All the addresses that the wallet will ever contain are embedded in the initial backup.
This restore process is a confidence and security exercise. Don’t skip it. In case of disaster, you want first-hand knowledge that the backup of your many-figures-wallet works, and you want to have used the backup once before so you know how to do it.
Wipe and reinstall the offline laptop
Using the USB stick, repeat the Ubuntu Linux install. Wipe the disk completely. Install again with full disk encryption and a strong “staple horse correctly to batteries” password. Install apt-offline and get the packages, then install Armory again, repeating the above steps.
When you start Armory on the second fresh install, it will ask again whether you want to “Import/Restore” or “Create” a wallet. This time, we’ll pick “Restore”, and restore a paper fragmented backup.
You’ll be presented with a very technical dialog where you have the option of entering data from fragments. Type the backup data from as many fragments as needed, enter the Secure Print code, and click Restore. You’ll be asked for a new password for the wallet as it’s restored – here, do note that the paper backup is unencrypted. While this can be a comfort in itself if you forget the password, that also means that the problem shifts somewhat from protecting your online computer, to protecting a set of pieces of paper.
The wallet should restore fine. Give it a more friendly name than “HckfrPlrRT (Restored)”. With the wallet restored, we’ll try sending some funds to it – and more importantly, from it.
At this point, the online workstation is probably still synchronizing with the bitcoin network. You may want to take a break here and go for lunch or so. When you do, don’t lose sight and control of your paper backup fragments. They must stay completely under your control until properly distributed – if you leave them on a desk or café table, you’re leaving your wallet unguarded on that table.
Test your offline wallet
When the online Armory has finished synchronizing, send the value of a beer or so to your new wallet’s first address. It should appear in the online Armory on broadcast, or if Armory wasn’t running during the broadcast, as soon as its first confirmation arrives. Wait until six confirmations have passed, so we can send the money back somewhere.
When six confirmations have passed, we’re going to send the coins back (minus the small bitcoin transaction fee). Remember now, these are coins in cold storage. We’re going to test the cold storage – and not just that, we’re going to test that it works when restored from backup. The originally created wallet was simulated to be destroyed as we wiped and reinstalled the laptop.
To send the coins from cold storage, click “Send Bitcoins” on the online workstation and enter a recipient address and amount. Choose “Create Unsigned Transaction” and confirm the summary. Choose “Save as File”, and save to the USB stick. Don’t close the dialog, but leave it waiting for us to click the “Next step” button.
Move the USB stick to the offline laptop. Running Armory, select “Offline Transactions” and “Sign Transaction”. Load the file with the unsigned transaction, verify its contents as displayed on-screen, and click “Sign”. Enter the wallet passphrase. The offline Armory will remove the unsigned transaction file on the USB stick and replace it with a signed transaction file.
Move the USB stick back to the online workstation, and click “Next step”. Click “Load file”, and load the signed transaction from the USB stick. Transaction details will display. Click “Broadcast” to execute the signed transaction.
You can verify in the blockchain that the transaction has been executed, and you know by your actions that it was signed on the offline computer, which has no connection whatsover to the Internet, nor will ever have one.
After this, your setup is complete, and you can move funds into cold storage at a pace you’re comfortable with, probably along with further testing of your new cold storage. Just one important step remains.
Distribute the backup fragments
As stated above, your backup contains all the addresses that have been generated and will ever be generated by the wallet you’ve created in Armory, thanks to its deterministic wallets. There’s no need to ever issue a renewed backup of this wallet just because you add more addresses to it.
Depending on your security strategy, you’ll need to choose a way to distribute the paper backup fragments. If they’re intended for a restore by your family in case you’re incapacitated, you’ll want to copy the Secure Print code onto them. If they’re intended only for your own use, you may want to memorize the Secure Print code instead (provided you can trust your memory to recall it in the extreme stress of a disaster recovery situation).
Just remember that having observed enough fragments in combination with the Secure Print code is enough to gain access to all your wealth in cold storage without further safeguards or passwords, and devise your backup strategy from there. (It’s not necessary for an adversary to be in physical control of a fragment – having observed its data with a camera is enough.)