The process is a bit involved, whether you use dice or the app. So why go to the trouble? Because when done right, keys generated in this way are never exposed to an online computer, and therefore not susceptible to online hacking or digital theft.
When you use an offline computer and print your keys for cold storage, then the problem of security for your keys is limited to securing the physical piece of paper on which your keys are printed, which can be much more manageable than trying to secure an online computer system.
You will need…
- A computer
- A live boot CD
- The bitaddress.org files
- A USB printer
- The Bitcoin Key app
- These instructions
Step 1: Create a live boot CD
A live boot CD is an operating system that can be run from a CD or DVD. This is important because when we run a new copy of an operating system from read-only media on a computer that’s disconnected from the network, we have increased confidence that no malicious software is running on it.
There are many options for live CDs; I’ve used Ubuntu successfully. It may take some experimentation to find the right live OS and version that works best with your system.
Step 2: Download bitaddress.org files
Step 3: Prepare your computer
Shut down your computer and disconnect it from the network. If it’s physically plugged in to the network, disconnect the network cable. If it’s wi-fi, flip the radio enable switch to off.
Step 4: Run the live OS
Turn on your computer and insert the live boot CD. Depending on your system and how it’s set up, you may need to interrupt the normal start-up process to select an option to boot from the CD. When the operating system comes up, congratulations! You are now running a pristine OS on an offline computer.
Step 5: Run bitaddress.org
Insert your USB drive with the bitaddress.org files. Locate the bitaddress.org.html file, and open it in a web browser. You will need to move your mouse around a bit in the beginning. Then, click on the “Wallet Details” button. You will enter your private key into the “Enter Private Key” space.
Why is this safe? Your computer is disconnected from the internet and running an uncompromised operating system. There will be no malicious software able to secretly send your private key somewhere. After you’re done, you’ll shut down the computer, and the printout of your private key (below) will be the only copy of your private key.
Step 6: Generate and enter your private key
Using the Bitcoin Key app, move your finger around the screen a bit to add some randomness. Now, as it displays digits, enter them into the “Enter Private Key” space one by one. You will need to enter a total of 64 such hexadecimal (“0” through “9” and “A” through “F”) digits.
Make sure you have entered 64 digits, and then click the “View Details” button. You will see something like this:
This page shows both your public and private keys; the public key is on the upper half, and the private key is on the lower half. The private key on the lower half is what you want to keep secret.
Note that you see two forms of each key: one labeled “Compressed” and one with no special qualifier. Prefer to use the “Compressed” variation unless you have a specific reason not to. In any case, choose to use either compressed or not; never mix using both.
Step 7: Print!
Connect your USB printer, and print the page. Note that we’re using a wired connection to the printer; you don’t want your private keys going to a network or wi-fi printer!
Congratulations, you now have a paper wallet! Print two copies if you want to have a backup copy.
Step 8: Shut down the computer
When you’re done printing your private keys, shut down the computer. Now, the printouts you have are the only copies of your private keys. Don’t lose them! In particular, there are no digital copies of your private keys susceptible to hacking.
Step 9: Test
Use one of the private keys you generated to test the whole process. Send a small amount of bitcoin to the public Bitcoin Address, and then check the balance using blockchain.info. Then make sure then you can retrieve the bitcoins you put there. I can’t overstate the importance of testing! Make sure you confirm that you can get funds out using this process. You wouldn’t want to send a large amount of bitcoin to an address only to later discover that it’s “trapped” there because you don’t know how to get it out.
Step 10: Understand
Know what you’re doing, to prevent misunderstandings. Learn more about paper wallets and change addresses. If you import the private key from your paper wallet into any other wallet, do not use that paper wallet any more! Create a new one. If you spend a portion of the bitcoin in a paper wallet, make sure you know where the change is going!
- Five Ways to Lose Money with Bitcoin Change Addresses
- PSA: Using paper wallets, understanding change addresses
(Thanks to Jitesh D. for the inspiration to write this tutorial!)