How to Create a 99.9% Secure Bitcoin Paper Wallet

Last updated on September 22nd, 2015 at 10:35 am

What is a Bitcoin paper wallet ?

Some people would prefer keeping their private key offline in what is known as Cold Storage. This means that instead of saving that long series of characters known as a private key on their computer they rather print it out and save the paper somewhere safe – hence a paper wallet. Usually this process will be done for the purpose of storing large amounts of Bitcoin since it’s consider safer.

How do I create a non secure paper wallet

Creating a paper wallet is pretty easy, the trick is to secure it correctly. In order to create a NON SECURE paper wallet just head over to BitAddress, create a private key, then choose “Paper Wallet” and print out the results. Your Bitcoins can then be stored through the public address on the left.

Why is this considered non secure ?

First of all you’re connected to the web while doing this, this means that someone may have the ability to see what’s going on on your screen.

Second, if someone was able to hack BitAddress for example, he can collect all of the private keys that people create on the site.

Last but not least, if you’re using Windows you may have been subjected to Malware which you are unaware of. This may put your private key at risk as people may be monitoring your actions.

How to create a SECURE paper wallet

If you’re really serious about safeguarding your Bitcoins you have to make sure you create a secure paper wallet. This process is a bit tedious but is worth the effort.

Why is this process considered secured ?

1. You’re not connected to the Internet while producing your private key.

2. You’re using an “out of the box” operating system which is less prone to Malware.

3. You are using an offline version of BitAddress so no one can “hack” this site.

Download the necessary tools

Ubuntu download (latest version)

LiLi download (latest version)

BitAddress download

Step 1 – Install Ubuntu on your flash drive

IMPORTANT: This step will erase everything you have on the flash drive.

  • Open up LiLi and insert your flash drive.
  • Make sure you’ve selected the correct drive (click refresh if drive isn’t showing).
  • Choose “ISO/IMG/ZIP” and select the Ubuntu ISO file you’ve downloaded in the previous step.
  • Make sure only “Format the key in FAT32” is selected.
  • Click the lightning bolt to start the format and installation process

lili-setup

After the process finished unzip the BitAdrress file you’ve downloaded in the previous step and copy it into your flash drive as well.

Step 2 – Disconnect your computer from the Internet

At this point you would want to disconnect your computer from the Internet whether it’s Wi-Fi or a LAN connection. Make sure there’s no way remote access can be granted to the computer. When finished make sure you are still able to print a test page so you’ll know your printer is good to go.

Step 3 – Run your computer using Ubuntu from your flash drive

By clicking F12 or F1 on computer load you will be able to choose to run your operating system from your flash drive.

load ubuntu from usb

After the Ubuntu operating system load you will choose the “try Ubunto” option.

Step 4 – Setup a printer on the Ubuntu operating system

At this point you will want to set up your printer on the Ubuntu OS:

  • Click on System Settings (a monkey wrench and cog wheel icon)
  • Click on “Printers”
  • Click on “Add”
  • Add your printer
  • Print out a test page

add printer

Step 5 – Open BitAddress and print your new paper wallet

The final step will be to open the copy you have of BitAddress.org and create you own paper wallet locally on your machine.

  • Open private browsing in FireFox (right click -> “Open a New Private Window”)
  • Type in the following in the address bar: file:///cdrom/bitaddress.org-master/
  • Click on the link “BitAddress.org.html”

firefox bitaddress

  • Create your paper wallet by moving the cursor around until the number on the top right reaches 0
  • Choose “Paper Wallet” from the menu
  • Print out your paper wallet

bitaddress print

You can now load your paper wallet by using the public address on the left side.

Ofir Beigel

Owner at 99 Coins ltd.
Blogger and owner of 99Bitcoins. I've been dealing with Bitcoin since the beginning of 2013 and it taught me a lesson in finance that I couldn't get anywhere else on the planet. I'm not a techie, I don't understand "Hashes" and "Protocols", I designed this website with people like myself in mind. My expertise is online marketing and I've dedicated a large portion of 99Bitcoins to Bitcoin marketing.

Leave a Reply

39 Comments on "How to Create a 99.9% Secure Bitcoin Paper Wallet"

Notify of
avatar
 
Sort by:   newest | oldest | most voted
Andrés
Guest
Member
Andrés
Hi, there! Very nice job and thank you for helping us. But I’m new and I don’t get something. People talk about malwares in your computer and stuff, but my thoughts go further. If you have an address and a key, they have to be located on the internet, no doubts. And I can imagine where they are… They are kept in the programme where you generated the address and the key in offline mode, because if not, how the hell some bitcoin clients like blockchain.info can read this info.? That means that hackers can hack the page where you… Read more »
Steven Hay
Member
Member
Steven Hay
Hey Andrés, There are some important differences between the various kinds of wallets: 1) A webwallet, like Blockchain.info, generates your private key on the website side. The private key may be encrypted with a user’s password. From that private key, your public addresses for receiving coins are created. This means that Blockchain.info is in control of your bitcoins. If the site is fully hacked and the user passwords are cracked, then the hacker gets control of the coins. Obviously web wallets are not very secure and should not be used for serious amounts. 2) A software wallet will generate the… Read more »
Tamer
Guest
Member
Tamer
Nice video… newbie questions here if anyone is still following the thread :) 1- Now that I have my paper wallet, private key and public key… how to actually use it? in other words, do I have to plug the public key into a Bitcoin Core software or something? How can I use it to send/receive bitcoins? 2- I have a paper wallet… how can I generate sending/receiving bitcoin addresses for THIS same wallet? I heard that its better to use a bitcoin address per 1 sending/receiving transaction. So how can I generate more bitcoin addresses for the same wallet?… Read more »
Steven Hay
Member
Member
Steven Hay
Hi Tamer, Yep, we follow all these threads! Your questions aren’t stupid at all; we’re all learning and there’s always something new to learn in crypto, even if you’re Satoshi! Let’s see if I can help you out here… 1) To receive payments, it’s enough to just give out the address (which equates to the public key, although it’s really a hashed public key). You can check if payments are made to the address by entering it into any block explorer. As for sending bitcoins, this is where it becomes necessary to import your private key into a software wallet.… Read more »
Tamer
Guest
Member
Tamer

Thank you so much Steven… it looks like I have a LOT of reading ahead :)

Simply Connected
Guest
Member
Simply Connected
As a follow up to my post above I installed the Brother HL-1110 A4 Mono Laser Printer on my Linux USB Flash Drive system (Ubuntu v14.04.5). However unlike before with my Wi-Fi enabled HP OfficeJet 3831 printer, Ubuntu could not easily install the printer within Printers, by selecting the ‘recommended’ driver. Only blank pages were printed out (as many people online have found in the same situation). Fortunately though Brother provide Linux drivers and I got these to work OK. (This is a great little printer for the price by the way, and very compact). To install them for Ubuntu… Read more »
Simply Connected
Guest
Member
Simply Connected

Postnote: I found the ‘Pre-required Procedures’ above were not necessary and the printer driver installation worked without them – all you need to do is run the two commands :-
gunzip linux-brprinter-installer-*.*.*-*.gz
sudo bash linux-brprinter-installer-*.*.*-* hl1110
(entering your password if asked).

Simply Connected
Guest
Member
Simply Connected

I would just add also – the above driver installation also works fine on a ‘Live’ Ubuntu USB drive, so you can try it out there first before building a permanent Ubuntu USB drive. Of course everything is lost on rebooting the ‘Live’ drive as it uses a RAM drive for storage.
Sometimes it can be awkward getting a PC to boot from one of these ‘Live’ USB drives and in that case just press the ‘boot override’ option of your PC when the ‘BIOS’ logo message appears – on my ASUS system its the F8 key.

Simply Connected
Guest
Member
Simply Connected
An overall very good method. But here’s for the 0.1% INSECURE part. Its the last place you would think of – the PRINTER. Any modern computer printer can easily permanently store on an internal flash drive every single page that it ever prints, for its entire lifetime. Whilst using your “air-gapped” system running Linux from a USB Flash Drive that confidential data containing your private Bitcoin keys cannot be sent to a web server somewhere because there is no internet connection. HOWEVER when you boot up to your normal Windows PC with that same printer, then it will have a… Read more »
bruno
Guest
Member
bruno

how bad is it if i follow all the steps, but insted of using an offline printer i use the printer at my office which is always connected to internet? (i can’t get a printer for my own to print the wallets completely offline)

Zsofia Elek
Admin
Member
Zsofia Elek

Hi Bruno, the point of having an offline printer is to make sure no one can access your private key, as when connected to the internet an infected machine could send out information about your paper wallet. This is to make sure it only you can see the private key.

alex
Guest
Member
alex

I want to ask you how do you know that this code was not wrote to give you private keys that are in a list that someone already have created.The wallet was created off line and this “scam keys generator” is just showing you private keys that already was created by other else and someday this person can use this wallet…
Răspunde

renzo
Guest
Member
renzo

I was wondering the same thing, the code is opensource but if you are not a programmer, all you can do is to just trust the developers.

Sebastian
Guest
Member
Sebastian

Is it possible as well to use a virtual machine on Mac with linux and disconnected from internet?S

Zsofia Elek
Admin
Member
Zsofia Elek

Yes, you just need to make sure the PC use to print the wallet is not connected to the internet.

pavan
Guest
Member
pavan

hi ofir,
i would like to know if it is definitely necessary to have a printer for getting the wallet setup? or can i just save it as a pdf file on a usb stick? and print it another time. in the meanwhile maybe write down the keys on a paper by hand?
thanks

Zsofia Elek
Admin
Member
Zsofia Elek

Hi Pavan, you can save the file as a pdf, however the point of using a printer on an offline PC is to avoid any possibility to have that information stolen online. If you have it in a file, you have to make sure it is never exposed to the internet.

bruno
Guest
Member
bruno

Zsofia, but what if delete the pdf after printing the wallets? if the private key is encrypted there is no risk because they would also have to know the password. is it correct what i am saying?

Steven Hay
Member
Member
Steven Hay
Hi Bruno, If you ticked the “BIP38 Encrypt” option and entered a passphrase when creating your paper wallet, then yes, your private key will be encrypted. In this case, instead of a 52 character string marked “Private Key”, your backup should display a 58 character string marked “Encrypted Private Key (Password required). Even if your privkey’s encrypted, it’s still a very bad idea to let anyone access your backup, whether it’s in paper or digital form. If it was stored as a PDF (or other) file before printing, I’d recommend deleting that file with an app like BleachBit or File… Read more »
Zsofia Elek
Admin
Member
Zsofia Elek

Hi Bruno, when you print out the pdf your private key is not encrypted, this is why you have to keep it safe.

Shaz
Guest
Member
Shaz

What happens to bitcoin in paper wallets after a fork?

I have rad that the paper wallet number could become void? is this true?

I don’t fully understand.

Erez
Guest
Member
Erez

Thanks Ofir. Very helpful.

wpDiscuz