Creating the safest ETH paper wallet with a Raspberry Pi

with a printer and without an internet connection

Posted on 2017-06-22

Get new posts by email (~ one email every couple of months & no spam)

Since I got asked the question about safe storage of ETH a lot I thought I'd make a tutorial for Ethereum beginners.

From time to time major exchanges get hacked and milions of $ and € go down the drain to people who shouldn't have them.

Luckily if you follow the following simple rules you can be somewhat safe. I recommend this to everyone who has at least 1000€ or $ of coins.

TLDR: Download MyEtherWallet and print your paper wallet. Steps to be much more secure found below.

Rule 1: Don't store your coins on websites or apps

If they get hacked, your phone dies or your account is frozen for some reason, you lose everything. Even storing them on a computer can be dangerous if you forgot the password or lose the encrypted file.

Rule 2: Use Addresses only once

Whenever you use an address to send transactions you're using your private key to open up your wallet to the Ethereum network. To be safe just use them once and if you have coins left, put them on a new wallet

Rule 3: Use a paper wallet for storing larger amounts of coins

Let's face it. Computers and smartphones can get infected with malware and the last thing you want is to have a keylogger or trojan spying on you while using or creating your wallet.

So let's create the safest paper wallet possible

What's a paper wallet?

This is a paper wallet

A paper wallet is basically just a piece of paper with your Ethereum Address (public key) and your Password (private key). If you want people to send you ETH you need to tell them your Address (public key) and when you want to send someone your coins, you need the password (private key).

Ok so I need a computer to create the paper wallet, how's that safe?

Good question! The awesome thing about paper wallets is, that you don't need to be connected to the internet while creating your paper wallet!

How is that possible? How does the network know that I have created my address when I'm not connected to the internet?

We're starting to scratch the surface of the awesomeness of crypto currencies. You see the network doesn't have to know you have created an address, it just has to know that it's a valid address. The blockchain only cares about your address when you receive coins for the first time.

The blockchain also doesn't know (and doesn't care) if an address has an owner, it just cares about balances and addresses (and a bit more).

Awesome, let's create the safest paper wallet there is

You only need two things:

  1. A fresh linux image
  2. A printer

You're gonna need a printer if you want to print a paper wallet

First rule of creating paper wallets: We don't trust our computers

It doesn't matter if you're using MacOS, Windows or Linux, there is always a possibility that you somehow got infected with something nasty somehow. Even Chromebooks can be infected with malicious browser extensions so only a really fresh OS is safe.

Step 1: Boot a fresh Linux

You can use any Linux or Rasberry Pi
You can use a Raspberry Pi with a freshly flashed SD card or boot your favorite Linux distro from USB.

Since we're going to print our paper wallet we need to connect our printers to the RasPi or your Linux machine. Luckily there are many tutorials on the subject.

Step 2: Get the paper wallet generator

We'll be using MyEtherwallet but not the online version for obvious reasons. Awesomely the devs of MyEtherwallet allow you to download the whole site for free!

  1. Head over to https://github.com/kvhnuke/etherwallet/releases
  2. Download the dist-v3.9.4.zip file (or whichever is the newest)
  3. Unpack the zip file

Step 3: Disconnect the internet from your device and connect the printer via cable

Disconnecting from the internet is the safest option to circumvent possible attacks that have live access to your system. If you are really paranoid you could disconnect your home internet router and destroy the SD card or USB stick when you're finished.

If your printer has wifi, disable it first.

Step 4: Create the wallet and print it twice

Creating the wallet is fairly simple. You just open the index.html file of the dist.zip you downloaded and extracted and follow the instructions

This is what you see after opening the index.html file. Just enter anything as a password, you won't have to remember it since we just want to print the wallet

MyEtherwallet wants you to download the JSON file before we can continue. Just click on the Download button and then cancel the download. Now you can click the "Continue" button

The website now shows you your private key. You could write it down but let's just print the nice looking paper wallet by clicking "Print"

Just to be safe let's validate that the generated private key is actually valid. Open the index.html in another tab and go to "View Wallet Info", choose "Private Key" and see if it shows you the same address as on your paper wallet (thx /u/JTW24)

Your newly created paper wallet. Print it twice and afterwards you can shutdown and destroy your SD card/USB stick

Step 5: Store it in a safe location

The smartest thing to do is to put it in your safe and give the second copy to your parents or other people you trust to put it in their safe.

If either of the homes are broken into you should immediately create a new wallet and put your money there using the private key from the other copy. Usually burglars don't know much about paper wallets but just to be safe you should move it then.

That's it. Now you know everything to make the safest paper wallets that never touched the internet.

In my next turorial I'll teach you to make safe multisig wallets where you need more than one key to use the account.


Comment using SSH! Info
ssh fe036@ssh.blog.haschek.at

    Tags: ethereum | crypto | blockchain | 101

    1ChrisHMgr4DvEVXzAv1vamkviZNLPS7yx
    0x1337C2F18e54d72d696005d030B8eF168a4C0d95