How to Create a 99.9% Secure Bitcoin Paper Wallet

Last updated on January 2nd, 2018 at 12:00 am

What is a Bitcoin paper wallet ?

Some people would prefer keeping their private key offline in what is known as Cold Storage. This means that instead of saving that long series of characters known as a private key on their computer they rather print it out and save the paper somewhere safe – hence a paper wallet. Usually this process will be done for the purpose of storing large amounts of Bitcoin since it’s consider safer.

How do I create a non secure paper wallet

Creating a paper wallet is pretty easy, the trick is to secure it correctly. In order to create a NON SECURE paper wallet just head over to BitAddress, create a private key, then choose “Paper Wallet” and print out the results. Your Bitcoins can then be stored through the public address on the left.

Why is this considered non secure ?

First of all you’re connected to the web while doing this, this means that someone may have the ability to see what’s going on on your screen.

Second, if someone was able to hack BitAddress for example, he can collect all of the private keys that people create on the site.

Last but not least, if you’re using Windows you may have been subjected to Malware which you are unaware of. This may put your private key at risk as people may be monitoring your actions.

How to create a SECURE paper wallet

If you’re really serious about safeguarding your Bitcoins you have to make sure you create a secure paper wallet. This process is a bit tedious but is worth the effort.

Why is this process considered secured ?

1. You’re not connected to the Internet while producing your private key.

2. You’re using an “out of the box” operating system which is less prone to Malware.

3. You are using an offline version of BitAddress so no one can “hack” this site.

Download the necessary tools

Ubuntu download (latest version)

LiLi download (latest version)

BitAddress download

Step 1 – Install Ubuntu on your flash drive

IMPORTANT: This step will erase everything you have on the flash drive.

  • Open up LiLi and insert your flash drive.
  • Make sure you’ve selected the correct drive (click refresh if drive isn’t showing).
  • Choose “ISO/IMG/ZIP” and select the Ubuntu ISO file you’ve downloaded in the previous step.
  • Make sure only “Format the key in FAT32” is selected.
  • Click the lightning bolt to start the format and installation process

lili-setup

After the process finished unzip the BitAdrress file you’ve downloaded in the previous step and copy it into your flash drive as well.

Step 2 – Disconnect your computer from the Internet

At this point you would want to disconnect your computer from the Internet whether it’s Wi-Fi or a LAN connection. Make sure there’s no way remote access can be granted to the computer. When finished make sure you are still able to print a test page so you’ll know your printer is good to go.

Step 3 – Run your computer using Ubuntu from your flash drive

By clicking F12 or F1 on computer load you will be able to choose to run your operating system from your flash drive.

load ubuntu from usb

After the Ubuntu operating system load you will choose the “try Ubunto” option.

Step 4 – Setup a printer on the Ubuntu operating system

At this point you will want to set up your printer on the Ubuntu OS:

  • Click on System Settings (a monkey wrench and cog wheel icon)
  • Click on “Printers”
  • Click on “Add”
  • Add your printer
  • Print out a test page

add printer

Step 5 – Open BitAddress and print your new paper wallet

The final step will be to open the copy you have of BitAddress.org and create you own paper wallet locally on your machine.

  • Open private browsing in FireFox (right click -> “Open a New Private Window”)
  • Type in the following in the address bar: file:///cdrom/bitaddress.org-master/
  • Click on the link “BitAddress.org.html”

firefox bitaddress

  • Create your paper wallet by moving the cursor around until the number on the top right reaches 0
  • Choose “Paper Wallet” from the menu
  • Print out your paper wallet

bitaddress print

You can now load your paper wallet by using the public address on the left side.

Leave a Reply

68 Comments on "How to Create a 99.9% Secure Bitcoin Paper Wallet"

avatar
 
  Subscribe  
newest oldest most voted
Notify of
John
Guest
Member
John

What is to prevent malware from infecting the ubuntu ISO post download?

Steven Hay
Member
Member
Steven Hay

Hi John,

This is a good question. The first thing is the file type, ISO files are not usually targeted by malware as they are container files which require special programs to open. Secondly, you should verify the ISO file by checking its hash against the hash provided by the website.

Here is the guide to verifying that the files are the same on your hard drive as on the website, as taken from the Ubuntu site:

https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu#0

Yho
Guest
Member
Yho

Hi! Please, For which other crypts do paper wallets exist? (Ada, Miota, Xem … anyway). Thanks

Steven Hay
Member
Member
Steven Hay

Hey Yho,

In theory, it should be possible to create a paper wallet for all cryptos which use the private key – public address cryptographic system. However, guides are not available for creating a paper wallet for all cryptos. If you get into the code or ask the developers, it should be easy enough to figure out how to produce a paper wallet for the crypto in question.

Dean
Guest
Member
Dean

But how is the private key verified in transacations if it doesn’t exist on a server somewhere?

Steven Hay
Member
Member
Steven Hay
Hi Dean, Good question. I’m not an expert in cryptography but I’ll give you my best understanding of how it works… A private key is not like a password to a website. When you enter your password to your email account, then yes it gets compared against the password stored on the email server somewhere. However, in Bitcoin there are no official servers and having one would totally defeat decentralization! A private key is different. When your wallet uses your privkey to authorise a transaction, what it does is produce a mathematical proof that your privkey was associated with the… Read more »
Rino
Guest
Member
Rino
Hello, I have many doubts about the safety of the crypto currencies …. I am interested in Bitcoin but I want to protect the Altcoins on which I have invested …. I really liked the article on the paper wallet and I want to put it into practice immediately but first I have 2 questions to ask: 1) Instead of opening private browsing in FireFox, can I use Chrome’s incognito navigation ??? Is it the same or can it create problems ??? 2) In addition to downloading the archive “Bitaddress.org-master.zip” I can also use “Walletgenerator.net-master.zip” from https://github.com/MichaelMure/WalletGenerator.net and above all,… Read more »
Steven Hay
Member
Member
Steven Hay

Hi Rino,

1) Well, I’m not sure that Chrome will be part of the Live environment distribution. I believe Firefox is mentioned specifically because that’s the browser which is included with Ubuntu. As such, you should only be able to use Firefox once you get to that step.
2) I’m not sure of that archive, sorry. I believe the safest would be to use the one recommended in this article.

Rino
Guest
Member
Rino

Hi Steven,
I will try to follow the path step by step, …. The problem is that the archive of “Bitaddress.org-master.zip” I believe contains few currencies. I go ahead if I have problems I’ll let you know. Thank you for your answer.

Guest123
Guest
Member
Guest123

Is there a possiblity that the website creator already has these pub keys + secret keys stored and just basically random it away those instead of just actually “Generate” them?
And they could just randomly check which one got coins in it then search for our secret keys in their database and fuck us all?

Steven Hay
Member
Member
Steven Hay
Hey Guest123, That is a good question as it demonstrates “adversarial thinking.” By asking these sorts of questions, you can find the weaknesses in services and methods. In this case, the check against pre-determined generation is that the code of the website is open source. This means that you can download the website’s code off Github and read through it line by line, to look for anything suspicious, before running the code. If you don’t have the time or knowhow, you can rely on the fact that those who do have probably performed this process and not discovered any flaws.… Read more »
hello
Guest
Member
hello

Hi Steven Hay, how can we be sure that these kind of sites doesnt store our private keys and public keys somewhere??
Is there a way to create our own keys without using these kind of sites?
I’m having trust issues here
Thank you

Steven Hay
Member
Member
Steven Hay

Hello x2

Well, you can be sure the site doesn’t store your keys because the site is run offline, on a machine which never goes online and has no way to store data for later retrieval or transmission…

You’re therefore not running a website, because it’s not a site on the web. It’s a site on your personal hard drive, which never communicates with the web.

Hope that explanation helps.

Hello
Guest
Member
Hello

hmm, I was talking about the bitadress.org but nevermind I just saw the title that it says “non secure paper wallet” my bad..
So the real question is now Why Ubuntu? is Windows & other os not safe?

Thank you sir :)

Steven Hay
Member
Member
Steven Hay

So the purpose of using this specific OS is that it operates as a Live Environment, ie. it runs off the CD or USB drive but never saves any information to the hard drive. This means that there will be no traces of the wallet creation process left once you reboot the machine. This makes it safe to use the machine on a network / the internet after having created your wallet… Even if someone is able to access your machine, there will be no traces of your private key to discover.

Jose
Guest
Member
Jose

How is it possible for public and private key to be added to the blockchain if you are offline?

Steven Hay
Member
Member
Steven Hay

Hi Jose,

Well, it isn’t possible. Using Bitcoin requires a connection to the internet to see if your addresses receiving any new funds or to spend coins from your addresses. Note that while your address (which is a hash of your public key) is visible on the blockchain (once it has received a transaction anyway), your private key is intended to be kept by you alone and is never transmitted. When authorising a transaction spend, your wallet uses your private key to do so but never shares the actual private key.

Val
Guest
Member
Val
I am having a really hard time understanding this whole bitcoin thing. Okay, your idea is to basically create an offline paper wallet using clean or offline machine. I get that, makes sense. But then how will you access your funds even single time without entering your password/key into the web? There is no such thing as magic, for every transaction you will need to enter a key somehow, which still means you need to share it with some web service again. Creating a wallet is only half the challenge, using it securely is a totally different thing and is… Read more »
Steven Hay
Member
Member
Steven Hay
Hi Val, Bitcoin takes time to understand, there’s no denying it. You’re quite right in what you say. We have a guide to spending from a paper wallet: How To Send Bitcoins From A Paper Wallet This will expose your private keys to an online machine for the duration of sending the transaction. It’s then recommended that you create a new paper wallet and send any remaining funds to it. I believe it’s safer to move all funds off the old paper wallet, spend what you need to, then move all the remainder to a new paper wallet. There are… Read more »
Abraham
Guest
Member
Abraham

Hi Ofir! Thanks a lot for your post, it has been very helpfull. I have a question about the BIP38 Encrypt option that appers on the bitaddress page, What is it for? Does it add more security to my wallet?

Thank you in advance for your time….

Steven Hay
Member
Member
Steven Hay
Hey Abraham, Hope you don’t mind my answering for Ofir. Glad the article helped you. Essentially Bitcoin Improvement Proposal (BIP) 38 is a standard for encrypting your private key. It doesn’t necessarily add more security, it acts like 2FA on an account. In other words, to steal your bitcoins, a thief would have to access your physical paper wallet (for the privkey) AND access wherever you stored the password to that privkey. A BIP38 password makes your privkey more secure against such a thief (and also a potentially flawed private key generation process, I believe) but also raises the risk… Read more »
Dan
Guest
Member
Dan

Hi there ! The content you just presented is amazing and it really helped me (as a newbie in crypto) to understand what a paper wallet is. However, doing the tutorial step by step, it all goes really smooth until I need to insert the link into firefox in order to open bitaddress.org . It just says that the file can’t be found and I’m really stuck here. Can you please give any kind of advice?

Steven Hay
Member
Member
Steven Hay

Hi Dan,

Can you navigate to that address on the CD ROM / other storage device and verify that the .html page for BitAddress is there? It’s probably just a case of the directory being slightly different in your case. Just point the browser to wherever you copied the webpage and it should find it. Hope this helps!

Christian
Guest
Member
Christian

Would this method work using vbox or vmware instead of a flash drive?

Steven Hay
Member
Member
Steven Hay

Hey Christian,

Yes, it would, but it’s not nearly as secure. If your main OS has a software keylogger or screenlogger or some kind of malware like that, then I believe that everything you do inside the VM will be logged too. Booting to a live OS defeats any kind of software-based malware, although not something like a hardware keylogger. Such advanced hacks or malware are rare and unlikely to have affected your system though.