Safely eject the flash drive — be sure to leave the laptop on for a minute while we plug the drive into our main workstation to verify both files successfully copied. Make a copy of the files on your computer, and keep the files on the USB flash drive — after you’ve confirmed the files are safely on your workstation and on the flash drive you can turn off the laptop.

Congratulations, you now have a secure cold wallet!

Funding & redeeming

The exported .csv file contains five Bitcoin addresses which you can now use for funding the cold wallet. There is nothing special about them so you can send coins to them as you would any other address, but obviously you should reserve these address longer term secure hodling. Feel free to check the balances of these addresses with online blockchain explorers (take into consideration these services most likely log your IP address & search queries).

Note on watch only addresses. Many people like to generate watch only addresses from their cold storage wallets — personally I’ve never had the need for them, but they can be extremely convenient for a lot of situations. With watch only addresses you can keep track of your cold storage addresses in an active (online) wallet with out the ability to spend the coins as the associated private keys are not present. You can read more about them here: https://bitcoin.org/en/glossary/watch-only-address.

When the time comes to access the funds there are several ways to get the job done. I prefer the safe and conventional approach which is to use Bitcoin Core again. Grab a fresh copy of the wallet software on an Internet connected workstation with enough storage space and sync the node, depending on your set up sync time will vary, but typically on the hardware I use at the time of this post it takes about 2 days. After you’re fully synced close Bitcoin Core and open the data directory which is located by default in ~/.bitcoin — in here you’ll see the wallet.dat file. If this is a fresh install with no Bitcoin sent to the wallet you can safely delete this file, or feel free to move it somewhere. Now we want to grab our cold storage wallet.dat file and move it into this directory, and start bitcoin-qt with the -rescan flag.

The rescan will force the wallet to look for transactions related to the addresses from the cold storage file. At this point you should see your balance and it should be spendable using the phasephrase we encrypted the wallet with earlier. Now that the cold wallet is on an Internet connected device and has been unencryted it’s important to note this is no longer a cold wallet — you will need to repeat the process and completely empty this wallet in the event you need cold storage again.

Note about redeeming. There are other ways to spend the funds from the cold storage wallet without the need to download the full blockchain as I recommend above. You can use Bitcoin Core offline and unsynced to create a raw transaction, sign the transaction, and then use an online machine to push this transaction onto the network using a service such as https://blockchain.info/pushtx. Another option would be to grab the private keys from the cold wallet and import them into a lightweight wallet client such as Electrum. Just be careful, as dealing directly with private keys and raw transactions can be difficult.

Storage considerations

The beauty of this method is that both pieces (passphrase & wallet.dat) are required to access the coins. This makes certain storage scenarios a bit more flexible — just be aware if the wallet.dat and passphrase are stored in the same location, you (or an attacker) has all they need to move the coins.

A possible storage configuration could be to give a trusted family member a copy of the passphrase to store in their secure location (home safe, safety deposit box), and the other copy of the passphrase in your safety deposit box along with recovery instructions for your loved ones. The wallet.dat file should not be stored in either of those locations, rather you can keep copies of that in separate locations as well — one on a flash drive at home, another flash drive at your office, and a third copy in one of your cloud drive accounts. In this configuration if any one of the locations are compromised you’ll have time to react and safely move the coins.

Note on cloud storage. You may think I’m crazy by storing the wallet.dat file online where corporate overlords or the overreaching deep state agencies could potentially grab a copy, but there are a few factors that make me OK with this. First, I know myself — and after a decent amount of time goes by there is definitely potential for me to lose the wallet files. But more importantly, it doesn’t matter if my cloud provider or the gubbermint copies my wallet.dat file — it’s encrypted. Assuming you used a decent passphrase with a high number of entropy bits (>120), it would take the worlds strongest supercomputers trillions of years to brute force, yes trillions of years. You could store the USB drive on a park bench and have no worries. Choose what is right for you.

Be sure not to have a single point of failure on that file. For instance if you only had two USB flash drives with the wallet located in your house — an extreme situation such as a fire could lose your coins forever.

And that’s it, hope you enjoyed it.

Sources:

https://www.ubuntu.com/download/desktop

https://tutorials.ubuntu.com/tutorial/tutorial-how-to-verify-ubuntu

https://bitcoin.org/en/bitcoin-core/

https://www.reddit.com/r/Bitcoin/wiki/verifying_bitcoin_core

https://pgp.mit.edu/pks/lookup?search=0x71a3b16735405025d447e8f274810b012346c9a6

https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x71a3b16735405025d447e8f274810b012346c9a6

https://github.com/bitcoin-core/gitian.sigs/tree/master/0.16.0-linux/laanwj

https://bitcoin.org/en/glossary/watch-only-address

https://blockchain.info/pushtx