Generate Bitcoin Private Key Offline

  • 2Overview of existing solutions
  • 3Setting up an offline wallet from scratch

Is it possible to generate address and private key pair completely offline, using only dice / other random number generators, calculators, paper and pen? How to generate keypair completely offline? Ask Question. Here are instructions to create a Bitcoin address and associated key-pair completely offline. It is straight from the Bitcoin Wiki. May 29, 2019 #AllBitcoinPrivatekeys Print All! The first file is ALL BTC KEYS, it is written in java so you do not need to install anything it works on all offline browsers, weight 1.50 MB https://mega.nz/#F.

  1. A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location.
  2. A tool for converting BIP39 mnemonic phrases to addresses and private keys. Enter your BIP39 phrase into the 'BIP39 Phrase' field, or press 'Generate Random Phrase'. You can save this page, turn off internet and generate private keys as lot as you wish.

Modern operating systems are highly complexity, leading to a large attack surface. They also constantly leak information without the user’s knowledge or consent.

No matter how many precautions you take, it is very hard to ensure your wallets is reasonably secure on an Internet connected computer.

Because Bitcoins can be stored directly on your computer and because they are real money, the motivation for sophisticated and targeted attacks against your system is very high. Previously, only large organizations had to worry about advanced attacks.


The bitcoin ecosystem is still relatively young and unfortunately not many user friendly and highly secure wallets have been developed yet.

Today these are the two best ways to secure your bitcoins against theft:

1. Using a hardware wallet such as TREZOR.

A hardware wallet has two functions - it stores your Bitcoins in a hardened device that is designed to be simple and highly resistant to the usual range of attacks (viruses, hackers, keyloggers).

2. Create a cold storage wallet using BitKey.

Cold storage wallets generates and stores private wallet keys on a clean air-gapped computer.

Used correctly, an air-gapped wallet is safe from all online threats, such as viruses and hackers. It is however still exposed to offline threats, such as hardware keyloggers, extortion, or people looking over your shoulder.

To spend funds from cold storage securely, an unsigned transaction is generated on an Internet connected computer. An unsigned transaction is akin to to an unsigned check. The unsigned transaction is then transfered to the air-gapped computer to be verified & signed with the wallet keys.

Using a cold storage wallet on an air-gapped computer may seem tedious, but remember that security almost always comes at the cost of convenience.

Security warning

When you deposit money at a bank, you let them worry about security. Bitcoins, however, are stored on your computer and that means you are fully responsible for securing them.

Unfortunately, most people are not security experts, which means it's very hard for them to fully understand the risks. They usually don't. This increases the risk of making a fatal mistake that will result in Bitcoin theft.

For example, paper wallets are typically generated by potentially compromised PCs connected to the Internet, then printed for offline storage. This is not enough as malware running on the computer may steal your private keys and then later steal any Bitcoin you send to that address. Many Internet connected printers also save printed documents to memory.

There used to be no other way to setup an offline wallet than to do it from scratch. Today there are solutions such as BitKey that can help simplify the process.

If you're still interested in doing things the hard way, the rest of this guide will instruct you on how to create an offline wallet by hand.

How to Deposit Funds

  1. Sign up for a few different cloud drive accounts such as Dropbox or Google drive.
  2. Create a strong and unique passphrase offline (manually). This passphrase should be TRUELY random. Diceware is a good way of generating the passphrase. It should be at least 12 words long.
  3. Never use this passphrase elsewhere, especially not on the web.
  4. Do not forget this passphrase. Recite it several times a day. It is easy to overestimate your ability to remember a passphrase several months in the future. To be on the safe side, write it down and store the piece of paper in a safe deposit box.
  5. Download Bitcoin-Core Linux binary and save it on a USB drive.
  6. Verify the software's release signatures from an alternative device and internet connection (eg. your smartphone). This makes sure you are not using a malicious program that poses as the bona fide bitcoin-core client.
  7. Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
  8. Disconnect machine from the internet. Unplug any network cables and disable wireless. Verify that wireless is disabled in the icon on the upper right corner (Ubuntu). Double check that machine is disconnected by opening the web browser.
  9. Run bitcoin while disconnected to the internet. The client will show 0 connections and 0 blocks, but it will still generate a wallet.dat file and a bitcoin address.
  10. Encrypt your wallet using the strong and unique password from step 2 above. (Bitcoin Client > Settings > Encrypt wallet)
  11. Copy wallet.dat (found in hidden folder .bitcoin in your home directory) to USB drive.
  12. Save bitcoin address to a text file and copy it to USB drive.
  13. Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.
  14. Backup encrypted wallet.dat file in several places:
    • Send it to your 5 best friends by email attachment and ask them to save it for you.
    • Save it on your cloud drive accounts created in step 1.
    • Save it on several USB drives and CDs and store them in different geographic locations.
  15. Send bitcoins to the address saved on the USB drive. Double check in the block explorer that they have been sent or you can add Watch Bitcoin Address in BlockChain Wallet.

How to Retrieve Funds

  1. Boot from Ubuntu liveCD, as in step 5 above.
  2. Insert USB drive.
  3. Run bitcoin client and close it again.
  4. Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
  5. Connect to the internet.
  6. Restart bitcoin client.
  7. Wait for blocks to download (optional).
  8. Send bitcoins.

How to Setup Watch Bitcoin Address

Watch Bitcoin address is a way for you to check your cold storage balance online without exposing your private key.

  1. Create an wallet account at https://blockchain.info/wallet/
  2. Go to import/export.
  3. At 'Add Watch Only Bitcoin Address', add your bitcoin address.
  4. Wait for the balance to synch.
  5. You can also download the mobile version at Google Play, Apple Store

Notes

Generate bitcoin private key offline free
  • This procedure is only secure if you perform steps 1-15 in this exact order.
  • Perform one or two trial runs of the above procedure with a few bitcents, and make sure that you know how to successfully retrieve them, before making a bulk transfer.
  • Every time you retrieve bitcoins from your savings wallet, create a fresh savings wallet by repeating the above procedure, and send all your remaining savings balance there.
  • There is more than one way to do it. Similar procedures have been suggested on the forums here and here.
  • Beware that even savings wallets have limited lifetimes. New, backwards incompatible versions of bitcoin might come out in future, AES might be broken, bit rot might destroy your wallets, etc. Pay attention to updates in the Bitcoin world and update to fresh savings wallets every couple of years, or as needed.
  • See How to import private keys for an alternative way of retrieve your coins.
  • Bitcoin Cold Storage In Plain English by David Perry
Retrieved from 'https://en.bitcoin.it/w/index.php?title=How_to_set_up_a_secure_offline_savings_wallet&oldid=66512'

What is a Bitcoin private key?

A Bitcoin private key is a secret number which every Bitcoin wallet has. This 256-bit number can be represented in several formats: in hexadecimal – 256 bits, in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F, Base64 string, a WIF key, or a mnemonic phrase.

Here is an example:

E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262

First method

The simplest way of generating a 32-byte integer is to use an RNG library in the language you know. Here are a few examples in Python:

bits = random.getrandbits(256)

# 30848827712021293731208415302456569301499384654877289245795786476741155372082

bits_hex = hex(bits)

# 0x4433d156e8c53bf5b50af07aa95a29436f29a94e0ccc5d58df8e57bdc8583c32

private_key = bits_hex[2:]

# 4433d156e8c53bf5b50af07aa95a29436f29a94e0ccc5d58df8e57bdc8583c32

However, normal RNG libraries are not the most secure options of generating a key. As the generated string is based on a seed, the seed represents the current time. And if you know the time, several brute-force attacks can be applied to it.

Cryptographically strong RNG

In addition to a standard RNG method, Programming languages provide a RNG for specific cryptographic tasks. As the entropy is generated directly from the operating system, this method ensures more security.

It makes this RNG more difficult to reproduce as you can’t determine the time of generation or the seed because it lacks one. No seed is required as it’s created by the program itself.

In Python, you can implement the cryptographically strong RNG in the secret module.

bits = secrets.randbits(256)

# 46518555179467323509970270980993648640987722172281263586388328188640792550961

bits_hex = hex(bits)

# 0x66d891b5ed7f51e5044be6a7ebe4e2eae32b960f5aa0883f7cc0ce4fd6921e31

private_key = bits_hex[2:]

# 66d891b5ed7f51e5044be6a7ebe4e2eae32b960f5aa0883f7cc0ce4fd6921e31

Specialized sites

There are several sites which can generate these numbers randomly for you. Random.org is a site which randomly generates numbers for various purposes. Another popular site is bitaddress.org specifically designed to generate Bitcoin private keys.

As you have no way of knowing if random.org keeps or records any of the generated numbers, it is not such a secure option.

Bitaddress.org, however, is an open source, which means you can check its code to see what it does, and you can also download and run it on your computer in offline mode.

The program uses your mouse or key movements to generate entropy. This makes it highly improbable to reproduce your results.

Then, the private key is delivered in a compressed WIF format, but we will make the algorithm return a hex string which will be required later on for a public key generation.

Bitaddress first initializes a byte array, trying to get as much entropy as possible from your computer. It fills the array with the user input, and then it generates a private key. The service uses the 256-byte array to store entropy. This array is filled in cycles, so when the array is filled for the first time, the pointer resets to zero, the array is filled out again.

After an array is initiated from Window.crypto, it writes a timestamp to generate 4 additional bytes of entropy. It collects data such as the size of the screen, your time zone, information about browser plugins, your locale, among others to add another 6 bytes.

Then after initialization, the program repeatedly waits for the user input to rewrite initial bytes. When the cursor is moved, the position of the cursor is written. When buttons are pressed, the char code of the pressed button is written by the program.

The accumulated entropy to generate a private key of 32 bytes by using an RNG algorithm is called ARC4.

The DIY Version

You can also create your own version of Bitaddress. We will not be gathering data regarding the user’s computer and location. The entropy will be generated only by text, as it’s rather difficult to initialize a position of the cursor via a Python script.

The byte array will be initialized with a cryptographic RNG, then the timestamp will be filled, followed by the filling with a user-generated string.

After filling the second seed pool, the library will allow you to create the key.

Initializing the pool

We insert several bytes from cryptographic RNG and a timestamp. __seed_int and __seed_byte are two methods that will help insert the entropy into the pool array. We will also use the secrets module in our example.

def __init_pool(self):

Windows 2013 product key generator. Office 2013 Product Key is not just used by the businessman, as a result of its advanced level features and latest tools students can also use it for performing several types of tasks given by their instructor. Without the doubt, the computer plays the significant part in any field of life. Its one of the better and most utilized program available into the world as every 3rd person is performing their job by getting and installing this application. Microsoft Office 2013 Product Key is a complete solution for different issues. This has most of the tools and features obtainable in it that are significant for completing all kinds of office work.

for i in range(self.POOL_SIZE):

random_byte = secrets.randbits(8)

self.__seed_byte(random_byte)

time_int = int(time.time())

self.__seed_int(time_int)

def __seed_int(self, n):

self.__seed_byte(n)

self.__seed_byte(n >> 8)

self.__seed_byte(n >> 16)

self.__seed_byte(n >> 24)

def __seed_byte(self, n):

self.pool[self.pool_pointer] ^= n & 255

Generate Bitcoin Private Key Offline Free

self.pool_pointer += 1

Generate Bitcoin Private Key Offline Windows 10

if self.pool_pointer >= self.POOL_SIZE:

self.pool_pointer = 0

Here, we insert a timestamp and then we input each character of the string.

def seed_input(self, str_input):

time_int = int(time.time())

self.__seed_int(time_int)

for char in str_input:

char_code = ord(char)

self.__seed_byte(char_code)

Generating the private key

In order to generate a 32-byte number with our pool, we have to use a shared object that is employed by any code that is running in one script.

To save our entropy each time a key is generated, the state we stopped at will be remembered and set for the next time a key will be generated.

Now we just need to ensure that our key is in range (1, CURVE_ORDER), which is required for ECDSA private keys. The CURVE_ORDER is the secp256k1 curve’s order.

We will be converting the key to hex, and remove the ‘0x’ part.

def generate_key(self):

big_int = self.__generate_big_int()

big_int = big_int % (self.CURVE_ORDER — 1) # key < curve order

big_int = big_int + 1 # key > 0

key = hex(big_int)[2:]

Generate Bitcoin Private Key Offline Free

return key

def __generate_big_int(self):

if self.prng_state is None:

seed = int.from_bytes(self.pool, byteorder=’big’, signed=False)

random.seed(seed)

self.prng_state = random.getstate()

random.setstate(self.prng_state)

big_int = random.getrandbits(self.KEY_BYTES * 8)

self.prng_state = random.getstate()

return big_int

In order to use the library, you can generate a private key using the following code:

kg = KeyGenerator()

kg.seed_input

kg.generate_key()

# 60cf347dbc59d31c1358c8e5cf5e45b822ab85b79cb32a9f3d98184779a9efc2

You will notice that each time you run the code you will get different results.

Conclusion

Varying in terms of the level of security and ease of implementation, there are many methods that can help you generate your private keys.