Secure Cold storage wallet for Monero

in #monero7 years ago (edited)

This is a followup post for Tomshwom's Security Guide. I suggest to follow that post to create a bootable Tails OS USB for all your offline crypto wallets. You can use any offline computer if you are too lazy :-) .

logo.png

Generate offline wallet using monero wallet command line

  • First you need to download monero's command line wallet pack from https://getmonero.org/downloads/

  • Copy it in a USB drive and plugin to your offline machine and extract it there. If your offline system is linux, then use

tar jxvf monero-linux-x64-v0.10.3.1.tar.bz2
  • From the extracted folder execute the wallet command
$ cd monero-v0.10.3.1/
$ ./monero-wallet-cli
  • Provide the wallet name, Select Yes to create the wallet file, select the seed language ( 0 for english )
$ ./monero-wallet-cli 
Monero 'Wolfram Warptangent' (v0.10.3.1-release)
Logging to ./monero-wallet-cli.log
Specify wallet file name (e.g., MyWallet). If the wallet doesn't exist, it will be created.
Wallet file name (or Ctrl-C to quit): MoneroWallet
No wallet found with that name. Confirm creation of new wallet named: MoneroWallet
(Y/Yes/N/No): Y
Generating new wallet...
Enter new wallet password: ********
Confirm Password: ********
List of available languages for your wallet's seed:
0 : English
1 : Dutch
2 : French
3 : Spanish
4 : German
5 : Italian
6 : Portuguese
7 : Russian
8 : Japanese
Enter the number corresponding to the language of your choice: 0
Generated new wallet: 45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
View key: 6ee9dd26f3767f883475cf730452e83b8473b7673064c6d268deb2c9cf80eb0c
**********************************************************************
Your wallet has been generated!
To start synchronizing with the daemon, use "refresh" command.
Use "help" command to see the list of available commands.
Always use "exit" command when closing monero-wallet-cli to save your
current session's state. Otherwise, you might need to synchronize 
your wallet again (your wallet keys are NOT at risk in any case).


PLEASE NOTE: the following 25 words can be used to recover access to your wallet. Please write them down and store them somewhere safe and secure. Please do not store them in your email or on file storage services outside of your immediate control.

journal nuance cistern apart history situated together beyond
scamper jeopardy oval ahead algebra session wiring madness
sedan village nuance puzzled mesh certain rewind sapling beyond
**********************************************************************
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Background refresh thread started
[wallet 45QFUC]:
  • Take a look at the 25 words. KEEP THAT SECURE. If you are following the Tail OS guide mentioned early, then keep the wallet password and this seed in a new KeePassX entry.
journal nuance cistern apart history situated together beyond
scamper jeopardy oval ahead algebra session wiring madness
sedan village nuance puzzled mesh certain rewind sapling beyond
  • Type exit to save all files
Background refresh thread started
[wallet 45QFUC]: exit
$ 
$ ls -l MoneroWallet*
-rw-------  1 unni  staff  189 Aug  9 16:59 MoneroWallet
-rw-------  1 unni  staff   95 Aug  9 16:51 MoneroWallet.address.txt
-rw-------  1 unni  staff  825 Aug  9 16:51 MoneroWallet.keys
  • Thats it. Your offline wallet is ready.

Verify your offline wallet.

  • Access the wallet and check the public address
$ ./monero-wallet-cli --wallet-file MoneroWallet
Monero 'Wolfram Warptangent' (v0.10.3.1-release)
Logging to ./monero-wallet-cli.log
Wallet password: ********
Opened wallet: 45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
**********************************************************************
Use "help" command to see the list of available commands.
**********************************************************************
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Background refresh thread started
[wallet 45QFUC]:
  • Type command address to get the public address to which anyone can send monero coins.
[wallet 45QFUC]: address
45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
[wallet 45QFUC]:

Copy that one and exit.

  • Remove all wallet related files
$ rm -vf MoneroWallet*
MoneroWallet
MoneroWallet.address.txt
MoneroWallet.keys
  • Use the 25 seed words to re-generate the wallet. Use a text editor and make all those words in one line like journal nuance cistern apart history situated together beyond scamper jeopardy oval ahead algebra session wiring madness sedan village nuance puzzled mesh certain rewind sapling beyond and use it. Use the default blockchain height.
$ ./monero-wallet-cli --restore-deterministic-wallet
Monero 'Wolfram Warptangent' (v0.10.3.1-release)
Logging to ./monero-wallet-cli.log
Specify a new wallet file name for your restored wallet (e.g., MyWallet).
Wallet file name (or Ctrl-C to quit): WalletTest     
Confirm wallet name: WalletTest
(Y/Yes/N/No): Y
Generating new wallet...
Specify Electrum seed: journal nuance cistern apart history situated together beyond scamper jeopardy oval ahead algebra session wiring madness sedan village nuance puzzled mesh certain rewind sapling beyond
Enter new wallet password: ********
Confirm Password: ********
Generated new wallet: 45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
View key: 6ee9dd26f3767f883475cf730452e83b8473b7673064c6d268deb2c9cf80eb0c
**********************************************************************
Your wallet has been generated!
To start synchronizing with the daemon, use "refresh" command.
Use "help" command to see the list of available commands.
Always use "exit" command when closing monero-wallet-cli to save your
current session's state. Otherwise, you might need to synchronize 
your wallet again (your wallet keys are NOT at risk in any case).


PLEASE NOTE: the following 25 words can be used to recover access to your wallet. Please write them down and store them somewhere safe and secure. Please do not store them in your email or on file storage services outside of your immediate control.

journal nuance cistern apart history situated together beyond
scamper jeopardy oval ahead algebra session wiring madness
sedan village nuance puzzled mesh certain rewind sapling beyond
**********************************************************************
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Restore from specific blockchain height (optional, default 0): 
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Background refresh thread started
[wallet 45QFUC]:
  • Execute command address and make sure that the public address is the same.
[wallet 45QFUC]: address
45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
[wallet 45QFUC]:
  • If the address are same, then we completed verifying the wallet.

Create watch wallet to keep track of balance in online computer and if needed, withdraw funds.

  • Access the wallet again, if you exited.
$ ./monero-wallet-cli --wallet-file WalletTest
Monero 'Wolfram Warptangent' (v0.10.3.1-release)
Logging to ./monero-wallet-cli.log
Wallet password: ********
Opened wallet: 45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
**********************************************************************
Use "help" command to see the list of available commands.
**********************************************************************
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or restart the wallet with the correct daemon address.
Background refresh thread started
[wallet 45QFUC]:
  • Execute save_watch_only command.
[wallet 45QFUC]: save_watch_only
Password for new watch-only wallet: ********
Confirm Password: ********
[wallet 45QFUC]:

  • That will create a key file with password you provided.

  • Rename the file with extension key and copy it to a USB disk to move to online computer.

$ mv WalletTest.keys-watchonly WalletTest.keys-watchonly.keys
  • Now in online computer, download and extract the monero commandline wallet and use it to access the watch wallet.

Monero client needs access to the block chain to check balance. There are two options, you can run the monero daemon in the extracted folder and wait for it to sync around 15GB blockchain or use a remote machine already running monerod with blockchain synced

I am using an online open node from https://moneroworld.com/#nodes . They can see your IP, so use Tor or other tools to hide your identity for privacy.

Monero client will sync the transaction from the remote node, since I dont want the details of all blockchain transactions, I am using the option to restore from specific blockchain height. You can use the BC height on the day you did first transaction on the wallet.

https://moneroblocks.info/block/1350000

$ ./monero-wallet-cli --daemon-host node.xmrbackb.one --restore-height 1350000 --wallet-file WalletTest.keys-watchonly
Monero 'Wolfram Warptangent' (v0.10.3.1-release)
Logging to ./monero-wallet-cli.log
Wallet password: ********
Opened watch-only wallet: 45QFUCYcC2CeiFDDUugmDQgAzdDM8S9SEYpbUWaiHnxTUs2XoddfgFzVyXywmbJvKigBua9bqPXY43LfZ53uVQegDbUjmey
**********************************************************************
Use "help" command to see the list of available commands.
**********************************************************************
Starting refresh...
Height 12746 / 1372800

  • It will take some time to sync the data. Using restore-height will make the process faster.

  • Use command balance to view the wallet balance.

  • Now you have your actual wallet in offline machine and watch only wallet in online system.

I'll write another article about doing transfer from watch only wallet.

#cryptocurrency #secure #wallet #offline
7 years ago in #monero by
$0.00
    Reply 2
    Sort:  
  • Trending
    • [-]
     7 years ago  

    Great post !! The most secure method in my opinion to save your Monero coin !

    Thanks a lot