Using Offline Wallets in Armory Rock-Solid Security for the Masses

Using Offline Wallets in Armory

Rock-Solid Security for the Masses

Armory provide a first-of-its-kind interface for easily managing offline wallets. You can create your wallet on a computer that never touches the internet, yet still manage the wallet from an online computer with minimal risk of an attacker stealing your funds. By keeping all the private-key data on the offline computer, only someone with physical access to the offline computer can steal your Bitcoins.  And even if someone physically stole your offline system, it might take centuries for them to get through the advanced wallet encryption!  There is just no safer way to manage large sums of Bitcoins, and there is no simpler way to achieve this level of security than using Armory!

Armory offline wallets give you the convenience of a normal wallet for receiving Bitcoins and verifying payments, while giving you the ability to spend them in the simplest way possible.  When you want to spend money from an offline wallet, Armory provides an intuitive interface with clear directions.  It does not require synchronizing the blockchain with the offline computer, and does not require any data on the offline computer except for the Armory software and your wallet file.

If you are holding thousands of dollars worth of Bitcoins, it could be worth purchasing a low-end netbook just for this purpose! Something like the Eee PC from Asus costs between $200 and $300, yet can save you thousands of dollars in potential thefts, while also providing yourself with the peace of mind that your Bitcoins are not accessible to attackers.  Craigslist and Ebay are also good options for getting an inexpensive, used laptop.  Anything with 256 MB of RAM will work.

When you create an offline wallet and use a watching-only copy of it on an online computer, here’s what capabilities each one has:

How do offline wallets work?

You generate a wallet on the offline computer the same way that you do on an online computer. You then make a “watching-only” copy of that wallet to be used imported on the online computer.  Using this watching-only wallet, you can generate addresses and monitor payments exactly the same as any other wallet.  In order to send money, you will be doing the following:

1. Create unsigned transaction (online).
2. Sign it (offline).
3. Broadcast it (online).

With a little practice, you will be executing offline transactions completely securely, in less than one minute!  Until then, the interface is loaded with instructions and descriptions of what you are doing, at every step.  You might not even need the following tutorial to help you!

Using an offline wallet in Armory:

NOTE(1):  There is no special version of Armory needed for the offline computer, and it does not need to be the same operating system as the online computer.   As long as you can install Armory and use USB drives, it will work.

NOTE(2):  You must be in “Advanced” or “Expert” usermode to use offline wallets.  “Advanced” is the default mode when you first install Armory, but some users change to “Standard” to simplify the interface.  You can switch modes from the main window menu under “User”.

First and foremost, you will need a computer that you don’t mind keeping disconnected from the internet. Such a computer does not have any particular resource requirements: pretty much any computer that boots into Windows or Linux, can run Armory in offline-mode.

Once you have Armory installed on the offline computer, you create a new wallet.  Don’t forget to print or copy by hand a paper backup!   Then you “create a watching-only wallet” and load it on the online computer (this part only has to be done once).  The nature of Armory wallets is that the online computer will always generate the exact same addresses as the offline computer, but the online computer cannot spend any of the funds!

1. Load Armory on the offline computer
2. Create a new wallet (with or without encryption)
3. Important: Make a paper backup!  Connect a printer via USB or copy the paper backup information by hand.   Make one or two copies, and store in a secure place.  This is a permanent backup of every address your wallet will ever create!
4. Double click on the wallet and click on “Create Watching-Only Copy” on the right menu
5. Save the file to the USB drive, eject, insert into online computer
6. Load Armory on online computer, and select “Import Wallet” in the upper-right corner of the main window.  Import the wallet file on the USB drive.
7. In the wallet-properties dialog, click on “Belongs To“, and click the checkbox that says “This wallet is mine“.  This makes sure that any funds in this wallet are part of your global balance.

Now that the wallets are setup, you can use the watching-only wallet exactly the same way as a regular wallet, except Bitcoins cannot be sent from it.   Use the “Receive Bitcoins” button to generate addresses for receiving payments, and incoming transactions will show up in the ledger with a slightly different color than your other wallets.

To send Bitcoins from your offline wallet, do the following:

1. On the online computer, click the “Offline Transactions” button on the right, below the logo.  Select “Create New Offline Transaction.”  Alternatively, you can just select “Send Bitcoins” and select the watching-only/offline wallet.
2. Create the transaction as you normally would but the “Send” button will be grayed out since the watching-only wallet cannot sign transactions..
3. Click the button “Create Unsigned Transaction” on the left side.
4. A window will open with the unsigned version of the transaction.  Press the “Save to file…” button to save a *.unsigned.tx to the USB key
5. Insert USB key in offline computer, and click “Offline Transactions“, then select “Sign or Broadcast Tranasaction.“
6. Load the file from the USB key, then press the “Sign” button.   A confirmation window will appear.
7. Verify the confirmation details before you sign it!   The benefits of an offline wallet are lost if you don’t make sure the details are correct!
8. Click “Save to file…”.  It will overwrite the original *.unsigned.tx file with a *.signed.tx file.
9. Eject the USB key and plug it into the online computer.  If the original window is still open, you can click on “Next Step” to get to the broadcast window.  If you closed Armory since then, you can use the same “Offline Transactions” button on the main window, and select “Sign or Broadcast Transaction“.  Once the file is loaded, some green text should appear telling you that the signature is valid and the “Ready to Broadcast!” button should become available.
10. Press the button and you’re done!

Guidance is given at each step within the Armory software, so you may be fine without referring back to this page. And once you do this a few times, it will become a breeze!

Note: At no point in this process is any private data exposed through the transaction data.  It is perfectly safe to transfer the signed or unsigned transaction via email.  The biggest threat to an offline wallet is a USB-key virus that executes when plugged in.  However, such viruses would have to be highly targeted, and can be mostly mitigated by disabling USB-auto-run on the offline computer.

I’m Scared!

It’s natural to be uncomfortable using new software to store your precious savings, especially with such advanced features.  But you know that if you could trust it, it’s a feature you would love!   So, how do you calm your nerves about using such advanced features?

Try it out with small amounts of Bitcoins.  Any time you think to yourself, “Do I really trust this program?”  just pull out your USB key and execute a small offline transaction to yourself (or to make a donation to Armory developers!).  Whether it takes you a day or a year, you will eventually come to realize that offline transactions really do work.  Every time!

Step 1:

Make a new wallet as described above, but you must make a backup.  A paper backup is preferred, because you can visually verify that it is intact, and it’s easier to store (but it will require plugging your computer into your printer via USB cable).  A digital backup is fine if you make a couple copies, just in case one becomes corrupted.

Generate some addresses by clicking on “Receive Bitcoins” a few times.  Write down the first few letters of each address generated.

Step 2:

DELETE YOUR WALLET.  Why did we just delete it?  Because you’re about to prove to yourself that your backup works!  If you can restore the backup once, you can always restore the backup at any time in future.  Just don’t lose it!

On the main Armory window, click on “Import Wallet” in the upper-right corner, and select the type of backup you are restoring.  If it’s a paper backup, you’ll have to type it in manually — the time it takes to enter the wallet information is completely worth the peace of mind you get out of it.

Generate some addresses with the new wallet.  Check that they are the same as the addresses you wrote down earlier.

Step 3:

Using the wallet properties menu, click on “Create Watching-Only Copy” and save the file to a USB key.  Import the watching-only wallet on your online computer.  Generate a few addresses and compare to the ones you wrote down earlier.  I bet you are starting to feel better…

Transfer 0.5 BTC to one of these addresses.  Wait for a few confirmations.

Step 4+:

Whenever you are near your computer, you may ask yourself “Am I ready to trust this thing?”  If the answer is “No,” then get out your USB key and execute an offline transaction.  Follow the directions above to create an unsigned transaction for 0.01 BTC to one of your online wallets, transfer it to the offline computer, sign it, then bring it back and broadcast it.  You are now one step closer to realizing, it really does work!

If the answer is “Yes, I do trust the offline wallets,” well then you’re done!  Congratulations on having mastered the most secure Bitcoin wallet functionality in existence!

You’ll not only calm your nerves, but you’ll learn how to use the feature efficiently.  Once you get the hang of moving transactions around via USB drive, you should be able to execute an offline transaction in less than one minute!

If you do get this far, please consider sending a donation to the Armory developers (the donate button works for offline transactions, too!).  This feature was the prime motivation for creating Armory, and took many months of hard work to make it available to you, for free.  There are lots of new, innovative features planned, but it won’t be possible without you!