The tutorial is intended for the Bitcoin Core wallet as it is the most popular.
START WITH A CLEAN SPACE
Before anything else happens the first rule for securing your bitcoins is to start with a clean space that's free of viruses, malware, spyware, or any other threats.
1. Clean you machine of viruses, malware, etc.
2. Update your virus definitions and set a good firewall.
Once you make sure your computer is clean the proceed to the next step.
3. Write down on a piece of paper a difficult to guess passphrase (not just one word, but several words) that contains all of the following:
- At least 16 characters
- Uppercase letters
- Lowercase letters
- Punctuations and symbols
- Misspellings (in case you use words) and punctuation errors
DO NOT use plain words for your passphrase. A passphrase made out of plain words can be cracked simply by plugging a dictionary to a password cracker. Don't use a phrase from a book or from the web either. Those can be cracked as well. If you must use a phrase, apply upper an lowercase letters, numbers, symbols, misspellings and punctuation errors.
UPDATE: DO NOT use popular phrases or cliches such as "takes one to know one" or "lose lips sink ships" just changing the spelling to numbers. A hacker with a book of famous quotes and phrases can plug it into a brute force attack and crack your passphrase easily. Even if the phrase is in a different language, a hacker can get a famous quotes book for different languages. Your passphrase should not be a known phrase and it should make no sense to anyone but you. Also, don't just change the vowels to numbers. If you just switch A to 4, E to 3, I to 1, O to 0, and U to 6, anyone will be able to do the switch automatically. That's why you should use a combination of words, numbers, upper and lowercase, punctuation errors, symbols and and misspelings.
4. Write a list of 10 labels for bitcoin addresses. Any 10 names will do for the labels. You will need these later.
5. Open a new simple text file and save it to a new or reformatted USB thumb drive. Do not save it to the hard drive.
6. Write on the text file the passphrase you just created and the list of bitcoin address labels. Save. Close the file and unplug the thumb drive.
CREATING A WALLET
7. Install Bitcoin Core (formerly Bitcoin-Qt). A wallet.dat file will be created by default. Make sure you know what directory the wallet.dat file is located at. as you will need to know this later. Usually de wallet.dat file is located in these directories:
C:\Documents and Settings\YourUserName\Application data\Bitcoin
Windows Vista and above:
More information on wallet directories can be found here.
You can also do a search for the wallet.dat file in the operating system's search function.
6. Plug the thumb drive again and open the text file with the passphrase.
7. Encode the Bitcoin Core wallet using the passphrase on the text file. Just copy and paste it.
8. Create 10 bitcoin addresses and add a label from your list to name each one of them. Bitcoin Core will ask for your passphrase to do this. Again copy and paste. (NOTE: Labeling the addresses is actually optional, but it helps to remember them easily.)
To create the addresses in Bitcoin Core, click on FILE, then RECEIVING ADDRESSES, and then on the +NEW button on the lowe left corner of the address window. You change the addresses' labels by double-clicking on the labels.
9. Copy each one of the bitcoin addresses and paste them next to its label in the text file. Save the text file.
10. Create a new plain text file on your desktop. Copy and paste to the new file only the addresses and labels. Save the text file and and email it to yourself. That way you will always have access to the addresses. (NOTE: The public addresses are always safe and can be shared without risk. The wallet.dat file, which contains your private key, is the one that should never be made public.)
11. Backup the wallet.dat file to either the same thumb drive, or for paranoid security to a different thumb drive. Rename the file (name)_(date)_wallet.dat where (name) if the name you are giving to this wallet so you can identify it if you have several wallets, and (date) is the current date. That way you will be able to save more backups later and identify the version of the wallet.
12. Close Bitcoin Core.
13. Go to the wallet.dat folder in your hard drive and permanently delete the local wallet.dat file (shift-delete).
You now have a secure, cold storage wallet that is not connected to the internet. Don't worry, the next time you open Bitcoin Core the program will automatically create a new, unencrypted wallet.dat file with one new address.
WHAT TO DO NEXT
You may be wondering "hey, hold on. If I don't have the encrypted wallet. dat file in my hard drive I can't send bitcoins and I can't see how many bitcoins I have."
True. You can't send bitcoins. But at this point the wallet is empty, so there are no bitcoins to send. The point of this exercise is to have a secure, cold storage wallet for receiving and storing bitcoins, not to use it as a day-to day wallet.
With this method you can buy or receive bitcoins and send them to any of the 10 addresses you created earlier for secure, cold storage.
As per looking up your balance, all you need to do is lookup your addresses in blockchain.info so you can see how many bitcoins they have received.
If, however, at some point you feel like moving the bitcoins from the cold storage wallet to somewhere else, or to spend them, here's how you can do it:
1. Get the thumb drive with the encrypted wallet and plug it to a clean, virus free machine.
2. Copy the (name)_(date)_wallet.dat file and paste it in the local wallet.dat file folder. If you are using the local wallet.dat file, rename it wallet_02_(date).dat and back it up to the thumb drive.
3. Rename (name)_(date)_wallet.dat to wallet.dat. Just delete the (name)_(date)_ part.
4. Run Bitcoin Core. Your encrypted wallet will show up. Move your bitcoins using the passphrase you saved to a text file.
5. Backup the wallet to the thumb drive and rename it (name)_(date)_wallet.dat with the current date. If it's empty, you can re-use the addresses or you can create new addresses for future use. Just make sure you copy the public addresses so you can have access to them.
6. When you are done, close Bitcoin Core and delete the wallet.dat file from the hard drive.
7. Rename wallet_02_(date).dat to wallet.dat.
Don't delete the old cold storage wallet, as you can use it again for receiving bitcoins directly into cold storage.
A Reddit user suggested adding the following to the tutorial:
There is no reliable way to "clean you machine of viruses, malware, etc.". Please suggest booting into a clean OS (e.g. a trusted LiveCD or live USB stick) instead.My response:
Please suggest disconnecting the computer from the Internet while generating the wallet, and most importantly, whenever the password is entered or is present in the memory. Also, a reboot must be done before connecting again.
Humans are generally not capable to come up with a 16-character strong password. Please suggest including enough of truly random characters in the password (generated by throwing dice, taking cards from a shuffled deck etc).
The text editor may write the password in a temporary file and/or a swap file on the hard drive even if the user only saves the file on the USB drive. Even if it removes the temporary file, the data stays on the media and may be recoverable. Again, booting from CD or USB and not mounting the hard drive is safer.
Once the cold wallet is brought into an on-line computer, it becomes a hot wallet and can't reliably be turned back into a cold wallet again. All funds must be spent or sent to a new cold wallet.
1. Actually there is a way to clean the machine; with a reformat. But seems too cumbersome just to use bitcoin.
2. I agree with the suggestion of disconnecting the computer from the web while generating the wallet.
3. I beg to differ. I think humans are perfectly capable of generating a good 16-character password.
4. A possible solution to the text editor issue is to generate the password/passphrase in a different device not connected to the web.
5. The cold/hot wallet suggestion is a good observation. Possible solution; create several cold wallets and use a new one every time the cold wallet becomes a hot wallet.
EXTRA: USING AN OLD IPOD, SMARTPHONE OR TABLET
I'm adding this as an "extra" only because it is an option, but not necessarily the best option for a cold storage wallet.
If you have an old iPod touch, iPhone, Android, iPad, etc, with a relatively current operating system (not the latest, but not the oldest either), you may be able to use them as cold storage devices.
If you have an iPod touch with iOS 7.1, for example, you can install BreadWallet or Hive Wallet. On Android you can install Hive Wallet. We're choosing these wallets because they connect directly to the bitcoin network, so the coins are not stored in a server, and because they are hierarchycal deterministic, meaning the private keys to the wallets can be recovered in another device using a secure passphrase.
Once installed, create a new wallet and write down the recovery passphrase. DO NOT LOSE THIS PASSPHRASE as you will need it to recover the coins if something happens to the mobile device.
Write down the public key (bitcoin address) where you can receive bitcoins just in case you want to receive coins without turning on the mobile device.
Transfer your bitcoins to the wallet on the mobile device. Check that the coins were received and disconnect the device from the web.
Turn off the device and put it away.
That's it. You now have a cold storage wallet that can be used to receive and spend bitcoins.
1. The coins will be kept in cold storage but in an emergency you can access them quickly simply by turning on the device and connecting to the web.
2. If something happens to the device (gets stolen, broken, etc), you can recover the coins by installing the wallet from iTunes or Google Play in another device and entering the passphrase. Again, hierarchycal deterministic wallets are designed to be created from a passphrase, so you don't need to save private keys.
1. If you leave an unencrypted backup for the iOS device in a computer, and somebody cracks it, you may lose your coins. Possible solutions: Set iTunes to encrypt the backup or delete the backup from the hard drive. Or don't make one to begin with.
2. Mobile devices can be stolen as they are quite conspicuous. Unlike a paper wallet, you can't just stick it inside a book somewhere. Therefore, use this method at your own risk. This is the reason why we don't think this is the best possible method for creating a cold wallet. The device won't be accessible from the web if it is turned off, but if it gets stolen and you don't notice right away, the thief may have enough time to figure out your PIN for accessing the wallet.
Another posssible solution is to install the wallet app (BreadWallet or Hive), wirte down the passphrase, create a bitcoin address, write it down, and then delete the app, storing on paper only the passphrase and the address. You will be able to receive coins at the address, but you won't be able to send anything because there's no app in the device. If you want to send coins later on, just install the app again and recover the wallet with the passphrase.
HOWEVER, if you want to try this we suggest doing a trial run first.
1. Create the wallet and write the passphrase and address.
2. Delete the app.
3. Send a small amout of bitcoin to the address. Say, 0.001 bitcoins (about a few cents worth of coins).
4. Check in blockchain.info if the coins made it to the address.
5. If the coins made it, install again the app and recover the wallet with the passphrase.
6. If you see the coins in the wallet, then the trial run was a success and you may delete the wallet again from the device.
7. The passphrase and the bitcoin address written on paper are now a cold storage wallet, so don 't lose them.
Feel like adding extra security to the passphrase for storing it in a thumb drive? Encrypt it using PGP or an encrypted RAR file with a long passphrase in a computer not connected to the web. That way if you lose the paper, you may recover it from the RAR file. That is, if you remember the passphrase to the RAR file.
Found this tutorial useful? Tip us!
Click here to get some FREE BITCOINS.