Transfer cold storage data to paper
In this section, you’ll move the cold storage data you generated in Section I from the quarantined computing environments onto physical paper. This will be done using a combination hand transcription and QR codes.
- Transfer the private keys to paper.
- Write each private key on a separate piece
of TerraSlate paper (one key per page).
- Do not write anything else on the paper unless specifically instructed (such as “Bitcoin”, “Glacier”, “private key”, etc.) In the event the key is seen by someone untrustworthy or stolen by a random thief, such clues help them understand the significance of the key and give them an incentive to plot further thefts or attacks.
- Transcribe by hand. Do not use QR codes or any other method to transfer.
- Private keys are case-sensitive.
- Write clearly.
- Use care when transcribing “o” (lower-case “o”). Note that private keys do not contain “O” (upper-case “o”) or “0” (number zero).
- Use care when transcribing “1” (number one). Note that private keys do not contain “I” (uper case “i”) or “l” (lower-case “L”)
- Use care to distinguish between “t” and “+” (private keys do not contain plus signs)
- Use care to distinguish between “2” and “Z”
- Use care to distinguish between “5” and “S”
- Use care to distinguish between “6” and “b”
- Use care to distinguish between “6” and “G”
- Use care to distinguish between “K” and “k”
- Use care to distinguish between “5” and “S”
- Use care to distinguish between “u” and “v”
- Use care to distinguish between “U” and “v”
- Double-check that you transcribed all private keys correctly. If you make a mistake, you’ll have to redo a lot of work.
- Label each page with:
- Today’s date
- The version of Glacier used (listed on the front page of this document)
- Write each private key on a separate piece of TerraSlate paper (one key per page).
Visually hide all critically sensitive data.
We’ll be using a smartphone with a live Internet connection to read QR codes from the quarantined computer screens. Any malware (or a malicious QR reader app) could steal sensitive data if it is not visually hidden.
This step is important. Failing to execute it properly creates a substantial security risk.
- Put your handwritten private keys out of sight (don’t just turn them face down; paper is not completely opaque). This prevents a smartphone camera from accidentally seeing them.
- Delete all text from the Quarantined Scratchpad on the Q1 and Q2 computers.
- On the Q1 computer:
- Type “COLD STORAGE ADDRESS” into the Quarantined Scratchpad.
- Copy-paste the cold storage address from the terminal window to the Quarantined Scratchpad.
- Type “REDEMPTION SCRIPT” into the Quarantined Scratchpad.
- Copy-paste the
redemption scriptfrom the terminal window to the Quarantined Scratchpad.
- Enable line wrapping so the entire redemption
script can be seen.
- With the Quarantined Scratchpad window active, go to the menu bar at the top of the screen.
- Select Edit.
- Select Preferences.
- Select the View tab.
- Uncheck “Do not split words over two lines”.
- Clear the terminal windows on the Q1 and Q2 computers.
- QR reader setup
- Remove a smartphone from the Faraday bag and turn it on.
- If the smartphone doesn’t already have a QR code reader on it, install one.
- Transfer the cold storage address to a
- On the Q1 computer, display the
cold storage address as a
QR code on the screen:
- In File Manager, navigate to the “Home” folder, then the “glacier” folder, and double-click “address.png”.
- Use the smartphone’s QR code reader to read the QR code. When the QR code is successfully read, the smartphone should display the text cold storage address.
Verify the cold storage address on the smartphone matches the cold storage address in the Quarantined Scratchpad.
If it does not match, do not proceed. Try using a different QR reader application or restarting the Deposit Protocol. Seek assistance if discrepancies persist.
- Use the smartphone to send the cold storage address to yourself using a messaging app which you’ll be able to access from a laptop. (E-mail is not recommended for security reasons.)
- On the Q1 computer, display the cold storage address as a QR code on the screen:
Repeat the previous step for the redemption script, stored in “redemption.png.”
When comparing the redemption script shown on the smartphone to the redemption script in the Quarantined Scratchpad, it’s sufficient to check the first 8 characters, the last 8 characters, and a handful of characters somewhere in the middle.
- Power down the smartphone and return it to the Faraday bag.
- Shut down both quarantined computers entirely. As a precaution against
side channel attacks, the quarantined computers should not be active except
when they absolutely need to be.
$ sudo shutdown now
The recommended Acer laptop may require you to hold down the power button for several seconds to complete the shutdown.
Create Cold Storage Information Pages.
Using any Internet-connected computer:
- Access the copies of the cold storage address and redemption script you sent yourself from your smartphone previously.
- Open an empty document in any text editing application. This will be used to create the Cold Storage Information Page.
- Put the following information into the document:
- Copy-paste the cold storage address
- Copy-paste the redemption script
- Type today’s date
- Type the version of Glacier used (listed on the first page of this document)
- Do not put anything else in the document (such as “Bitcoin”, “Glacier”, “private key”, etc.)
- Save an electronic copy of the Cold Storage Information Page in a “conventionally secure” location of your choosing, such as a “Secure Note” in 1Password or a comparable password manager. Because the Cold Storage Information Page contains moderately-sensitive data, there are some privacy considerations with keeping and electronic copy of it. See the Sensitive Data subsection for details.
- Print N copies of the Cold Storage Information Page.
- Shut down the computer. (It has a camera, and you will be working with critically sensitive data in a moment.)
- Prepare Cold Storage Information Packets
- Put each handwritten private key page along with one Cold Storage Information Page in its own opaque envelope. While this obviously won’t deter a determined thief, it makes it quite difficult for a thief to steal a key without leaving evidence they have done so – and noticing theft of a single key gives you a chance to move your funds away before the thief can steal a second key.
- Each pair of pages will be referred to as a Cold Storage Information Packet.
- Put your Cold Storage Information Packets somewhere out of sight for the moment.