1# Cold Wallet Storage Device
2
3A Cold Wallet Storage Device (CWSD) is a device (duh) used to store keys and sign transactions which never touches the internet, or indeed any communications channels excepting those solely for basic user interaction. The use of such a device is pretty much necessary for storing any large sum of value or other blockchain-based asset, promise or instrument. For example, a device like this has been used for operating blockchain-based keys worth many millions of dollars.
4
5For this how-to, we'll assume that the CWSD is a simple Ubuntu-based computer (a netbook works pretty well) with cpp-ethereum preinstalled as per the first chapter; I will assume that you've taken the proper precautions to avoid any malware getting on to the machine (though without an internet connection, there's not too much damage malware can realistically cause).
6
7### Kill the network
8
9The first thing to do is to make sure you've disabled any network connection, wireless or otherwise. Maybe compile a kernel without ICP/IP and Bluetooth, maybe just destroy or remove the network hardware of the computer. It is this precaution that puts the 'C' in CWSD.
10
11### Generate the keys
12
13The next thing to do is to generate the key (or keys) that this machine will store. Run `aleth-key` to create a wallet and then again to make as many keys as you would like to use. You can always make more later. For now I'll make one:
14
15```
16> aleth-key createwallet
17Please enter a MASTER passphrase to protect your key store (make it strong!): password
18Please confirm the passphrase by entering it again: password
19> aleth-key new supersecret
20Enter a passphrase with which to secure this account (or nothing to use the master passphrase): password
21Please confirm the passphrase by entering it again: password
22Enter a hint to help you remember this passphrase: just 'password'
23Created key 055dde03-47ff-dded-8950-0fe39b1fa101
24  Name: supersecret
25  Password hint: just 'password'
26  ICAP: XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ
27  Raw hex: 0092e965928626f8880629cec353d3fd7ca5974f
28```
29
30It will prompt for a password and confirmation for both commands. I'm just going to use the password "password" for both.
31
32This "supersecret" key has an address of `XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ`.
33
34### Signing with the keys
35
36Signing with the keys can happen in two ways: The first is to export a transaction to sign from e.g. AlethZero, perhaps saving to a USB pendrive. Let's assume that is what we have done and we have the hex-encoded transaction at `/mnt/paygav.tx`.
37
38In order to sign this transaction we just need a single `aleth-key` invocation:
39
40```
41> aleth-key sign supersecret /tmp/paygav.tx
42```
43
44It will prompt you for the passphrase and finally place the signed hex in a file `/mnt/paygav.tx.signed`. Easy. If we just want to copy and paste the hex (we're too paranoid to use pen drives!) then we would just do:
45
46```
47> echo "<hex-encoded transaction here>" | aleth-key sign supersecret
48```
49
50At which it will ask for your passphrase and spit out the hex of the signed transaction.
51
52Alternatively, if we don't yet have an unsigned transaction, but we actually want to construct a transactions locally, we can do that too.
53
54Let's assume our "supersecret" account has received some ether in the meantime and we want to pay somebody 2.1 grand of this ether (2100 ether for those not used to my English colloquialisms). That's easy, too.
55
56```
57> aleth-key sign supersecret --tx-dest <destination address> --tx-gas 55000 --tx-gasprice 50000000000 --tx-value 2100000000000000000 --tx-nonce 0
58```
59
60Note the `--tx-value` (the amount to transfer) and the `--tx-gasprice` (the price we pay for a single unit of gas) must be specified in Wei, hence the large numbers there. `--tx-nonce` only needs to be specified if it's not the first transaction sent from this account.
61
62### Importing the key
63
64You may want to eventually import the key to your everyday device. This may be to use it directly there or simply to facilitate the creation of unsigned transactions for later signing on the CWSD. Assuming you have a strong passphrase, importing the key on to a hot device itself should not compromise the secret's safety too much (though obviously it's materially less secure than being on a physically isolated machine).
65
66To do this, simply copy the JSON file(s) in your `~/.web3/keys` path to somewhere accessible on your other (non-CWSD) computer. Let's assume this other computer now has our "supersecret" key at `/mnt/supersecret.json`. There are two ways of importing it into your Ethereum wallet. The first is simplest:
67
68```
69> aleth-key import /mnt/supersecret.json supersecret
70Enter the passphrase for the key: password
71Enter a hint to help you remember the key's passphrase: just 'password'
72Imported key 055dde03-47ff-dded-8950-0fe39b1fa101
73  Name: supersecret
74  Password hint: just 'password'
75  ICAP: XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ
76  Raw hex: 0092e965928626f8880629cec353d3fd7ca5974f
77```
78
79A key can only be added to the wallet whose address is known; to figure out the address, `aleth-key` will you to type your passphrase.
80
81This is less than ideal since if the machine is actually compromised (perhaps with a keylogger), then an attacker could slurp up your passphrase and key JSON and be able to fraudulently use that account as they pleased. Ouch.
82
83A more secure way, especially if you're not planning on using the key directly from this hot machine in the near future, is to provide the address manually on import. It won't ask you for the passphrase and thus potentially compromise the secret's integrity (assuming the machine is actually compromised in the first place!).
84
85To do this, I would remember the "supersecret" account was `XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ` and tell `aleth-key` as such while importing:
86
87```
88> aleth-key importwithaddress XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ supersecret
89Enter a hint to help you remember the key's passphrase: just 'password'
90Imported key 055dde03-47ff-dded-8950-0fe39b1fa101
91  Name: supersecret
92  Password hint: just 'password'
93  ICAP: XE472EVKU3CGMJF2YQ0J9RO1Y90BC0LDFZ
94  Raw hex: 0092e965928626f8880629cec353d3fd7ca5974f
95```
96
97In both cases, we'll be able to see the key in e.g. AlethZero as one of our own, though we will not be able to sign with it without entering the passphrase. Assuming you never enter the passphrase on the hot machine (but rather do all signing on the CWSD) then you should be reasonably safe. Just be warned that the security of the secret is lieing on the network security of your hot machine *and* the strength of your key's passphrase. I really wouldn't count on the former.
98