Permission is hereby granted, free of charge, to any person obtaining a copy of this guide and associated documentation files (the "Guide"), to deal in the Guide without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Guide, and to permit persons to whom the Guide is furnished to do so, subject to the following conditions:
The above permission notice shall be included in all copies or substantial portions of the Guide.
THE GUIDE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE GUIDE OR THE USE OR OTHER DEALINGS IN THE GUIDE.
How to secure your crypto currencies ?
First I believe that you will do all this step from a linux system (I did not try it on Mac nor windows).
Second, read all this guide before starting !
Download a secured Live linux system to boot on (even if you are on a fresh install of linux...).
I recommend LinuxMint Mate Edition, but any linux live system with a modern firefox navigator will be OK.
Download your ISO image.
Verify the authenticity of the downloaded ISO.
Download UnetBootIn and create a USB bootable system from the ISO with it.
Download offline public/private key generation tools for your currencies.
Here is a list that looks good for me, but you should check for yourself that those repos have not been hacked, that the code is authentic and does actually generate random Public/Private.
If needed install it by executing this in a terminal:
sudo apt-get install git
use git to clone each repository.
look for an html file inside.
each of this repos contain html pages that you can open offline on your secure usb live system.
- for bitcoin:
git clone https://github.com/pointbiz/bitaddress.org.git
- for litecoin:
git clone https://github.com/litecoin-project/liteaddress.org.git
- for peercoin:
git clone https://github.com/peercoin/bitaddress.ppc.git
- for eth:
git clone -b gh-pages https://github.com/kvhnuke/etherwallet.git
rename it to ethwallet:
mv etherwallet ethwallet
- for etc:
git clone -b gh-pages https://github.com/ethereumproject/etherwallet.git
rename it etcwallet:
mv etherwallet etcwallet
Create a "crypto-tools" folder on your USB disk.
Copy all the folders above into that folder
Do not do any of this in the physical presence of somebody else.
Do not take pictures of your screen while doing any of the step of this guide.
You should consider leaving your phone down or in your pocket while following this guide ( it has 2 cameras)
You should do all the above operations (especially typing your passphrase) on a trusted keyboard, like a really old one, I know, key loggers are everywhere...
Reboot on your USB key.
Stay offline !
Do not activate networking !
Set your keyboard correctly (default is English qwerty US) by clicking "menu" (down left), then "control center", then " keyboard", then "layout", then " add" and add your layout. Now remove the layouts that you don't need so only one remain.
You can setup more config if you wish from the control center.
Click on the "computer" icon on your desktop. Choose "file system", then "cdrom", then "crypto-tools".
You can now open the paperwallet generator of your choice by doing a right click on the HTML file, "open with other application" and choose Firefox. If there is more than one HTML files, choose the "index.html" one.
Generate your PaperWallet using a passphrase and print them (on a secure printer at home with a cable connection) and clean the printer queue afterward.
Generate your Public/Private Keys wallet unencrypted and save them into a txt file (on the desktop for example) that you will encrypt. Optionnaly, you can make another file where you remove all the private keys and give it a .pub extension.(you will not need to encrypt this one)
To encrypt, open a terminal (menu>terminal) and type :
gpg --cipher-algo AES256 --compress-algo zlib --output wallets.gpg --symmetric --armor wallets.txt
you will be asked for a passphrase. Use a strong one ( 12 words with no connections whatsoever between them that you write on a piece of paper, or more than 30 random chars)
test the decryption
gpg --output wallets-test.txt -d wallets.gpg
See that wallets-test.txt has the same content as wallets.txt
On sucess delete wallets.text and wallets-test.text, then copy wallets.gpg and wallets.pub to a safe storage (when you shutdown this live session everything will be lost). This mean that you will need a safe second USB stick or an external USB drive.
Do not copy wallets.txt outside of your live session ! (it will defeat all the purpose of doing all this...) Backup your wallets.gpg on as many encrypted disks as you want. You can even print it on a piece of paper if you want to.
Remember, never decrypt your wallet nor type you passphrase on an unsafe environment ! (only manipulate your private keys and your decrypted files on live offline linux system )
Done, your wallets are safe (until you loose your paperwallet, passphrase, or damage the encrypted file, in those cases the wallets and all the money in them will be LOST FOREVER) !
You can now start to send your coins from your online exchange to your new wallets.(send to the public keys)
I recommend you that you start by sending a small amount of coins on your safe wallet and test that you are able to send it back from your safe wallet to your exchange.
I also recommend you to use your paperwallet as "burners": as soon as you import your paperwallet into an app to spend it, spend it all and send the remaining coins to a fresh safe paperwallet that has never been used. So when you are at it, generate more wallets than you need and keep some fresh and unused one for this purpose.
If you liked this guide, you can tip me on these addresses: