Bitcoin‎ > ‎

Secure Wallet

How to Create Secure, Off-line, Cold Storage Bitcoins

One of the first things a person should do before getting too carried away with bitcoins is to create a secure, off-line, cold storage wallet for their incoming bitcoins. If you have bitcoin on a computer infected with trojans or viruses, there is a good chance that your bitcoins will get automatically transferred from your account to some anonymous hacker's account. Since transactions in bitcoin are irreversible, there is no recourse for this outright theft.

1. Download and burn a Linux Live Bootable DVD image. I used Tails because this Linux system contains the needed shared libraries to run the bitcoin-qt binaries straight up without any customizing. It also has a lot of nice features built-in for preserving privacy and anonymity, such as scrubbing your computer's RAM when you shut down. Linux is generally more secure against viruses and trojans than your average Windows system. 

2. Completely power off your computer, then directly boot the DVD. In theory, your computer should now be completely free from the influence of any viruses or trojans that may be lurking on your normal system.

3. Once booted, connect a USB thumb drive and download a copy of the open source JavaScript bitcoin wallet generator from to the thumb drive. You'll have to connect to the Internet to download the page, which is why you need to simply save the page to your thumb drive for now.

4. Completely power off your computer and directly boot the DVD again. This time, do not connect to the Internet at all.

5. Once booted, open the web browser to run the JavaScript page you saved on the thumb drive. From here, you can generate a bunch of public and private key pairs, off-line. There is no way for these private keys to be transmitted to hackers at this point because you are not connected to the Internet at all.

6. Create an encrypted LUKS image on the thumb drive. Save a copy of your newly generated public+private keys to a file inside the encrypted LUKS image. Save a copy of the public keys, with all private keys deleted, to a file outside of the encrypted LUKS image.

7. Unmount the encrypted LUKS image and unmount the thumb drive. Use the "sync" command to make sure everything was saved to the drive. If you lose the encrypted LUKS image, you'll have no way to get your private keys to spend your bitcoins later on. If you have a printer, you could print out a hard copy of your private keys and securely store that as a backup.

Congratulations! You now have a bunch of public key bitcoin addresses you can use to tell people where to send bitcoins. Nobody except you will be able to spend them (unless they can grab the private keys from you somehow).

How to Spend Cold Storage Bitcoins

1. Completely power off your computer and then directly boot a secure Linux Live DVD again.

2. Mount the encrypted LUKS image from your thumb drive and copy out only the private keys that you want to use right now. Unmount the encrypted image immediately after you're done.

3. Connect to the Internet and download the bitcoin-qt binary for Linux.

4. Using the bitcoin-qt program, import your private keys and then spend your bitcoins. This page explains how to import private keys in bitcoin-qt: