A Bitcoin wallet is a place where you hold the information required to access your Bitcoin. You need a Bitcoin account or Bitcoin client to send, receive and store Bitcoin. A Bitcoin wallet could be a sheet of paper, a secure note on your mobile phone, a file on your computer or stored in an online service.
Just like you need the address and the key to enter a secure room, a Bitcoin wallet has two important pieces of information.
1. Bitcoin Address
2. Private Key
A Bitcoin address is similar to your email address or phone number that you share publicly to let others reach you, in this case, to send you Bitcoin. It is usually displayed as a long string of characters and numbers, or a QR code, though user friendly Bitcoin addresses may soon become common. All addresses begin with the number 1.
Private key is what allows the user to access a Bitcoin account to send and spend Bitcoin and is generated as a long string of characters and numbers, just like a Bitcoin address. It is essential that it is kept secret by the account owner to safeguard funds in the account.
A private key is generated and recognized by a Bitcoin client, software that allows Bitcoin to be sent via the internet to a recipient. Possession of the private key is what ties the owner of a Bitcoin address to a particular wallet.
Wallets that are stored on your computer or smart phone are called software wallets. Those that are stored online are called web wallets. Generation of a Bitcoin address is extremely easy and free, and no technical knowledge is required to create one. Several wallet services are available online. The popular ones have been listed at the end of this page.
Securing the private key is of paramount importance, as Bitcoin can be stolen by anyone who learns of the private key and address combination. Hard drive crash, cell phone loss or theft and hacking of insecure online accounts are other ways Bitcoin private keys can be lost forever.
These problems can be overcome by choosing reputed online Bitcoin services, storing private data offline on electronic storage devices like pen drives or by using paper wallets and hardware wallets.
Keys to use bitcoin accounts are generated using a cryptography method called Elliptic Curve DSA making it secure to send and receive bitcoins. This public key cryptography system produces a public address and private key which are linked to each wallet generated.
Bitcoin address is similar to your email address or phone number that you share publicly to let others reach you, in this case, to send you Bitcoin. A public address allows us to track activity of the account it is linked to. It is usually displayed as a long string of characters and numbers, or a QR code, though user friendly Bitcoin addresses may soon become common. It is all you need to know to send bitcoins to an account.
Here is an example of an address with zero bitcoins: 1DMwxjgXRKVx7trZrJnL3q7kXHWvPdEKNY
Access to the private key is what establishes the ownership of an account and is known only to the owner. To spend and send bitcoins, you need to know the private key of the account. It is essential that it is kept secret by the account owner to safeguard funds in the account.
Possession of the private key is what ties the owner of a Bitcoin address to a particular wallet.Storing the private key from prying eyes, malware and hackers is very important. Knowledge of the private key is all that is required for someone to steal bitcoins, as the public address can be tracked using the private key as we will see in the section that explains the generation of a paper wallet.
Hard drive crash, cell phone loss or theft and hacking of insecure online accounts are other ways Bitcoin can be lost forever. So, private keys are stored offline in pen drives and hardware wallets or by printing them as paper wallets.
Choice of clients to connect to the Bitcoin network to send and receive coins
You need a Bitcoin client and the wallet information to connect to the Bitcoin network to start sending and receiving coins. Bitcoin client is a software application that can be downloaded from the internet.
Clients allow wallet activity to access Bitcoin but the type of client determines whether transactions are capable of being handled independently or by relying on third party servers.
Downloading a ‘full client’ version results in the transfer of the entire history of every bitcoin transaction that has ever taken place making it a node. A node becomes a part of the Bitcoin system and can initiate transactions, transmit information and validate transactions on the network.
Downloading a ‘light client’ allows sending and receiving bitcoins on a wallet stored on the client, connecting to a service provided by a third party. Electrum is an easy to use Bitcoin wallet that keeps you from losing coins, as your private key can be recovered from a secret passphrase that you can write on paper or recall from memory.
A ‘web client’ uses a web browser to connect to the user’s wallet stored on a third party service.
Types of Wallets
Wallets can be stored as
1. Software wallets
2. Mobile wallets
3. Web wallets
Wallets that are stored on your computer are called software wallets. Examples are Bitcoin-Qt, Electrum. A software Bitcoin wallet or a desktop wallet is a wallet that is downloaded onto your computer. These open-source wallets download the entire blockchain. It is easy to use and provides you full control over relaying transactions.
Bitcoin-Qt, Electrum and Armory are some of the choices available when choosing a software wallet. It takes a few hours for the download to initialize on your computer and synchronize with the network which can take up a lot of your system resources. Though this provides more control than online accounts and can be more easily accessed than offline wallets, it can be compromised by keylogging software and other malware.
Bitcoin Armory is a popular advanced Bitcoin client software and wallet that has many backup and security features and allows cold storage on offline computers.
Multibit is a faster and lighter client because it does not download the entire blockchain. It focuses on ease of use and is favored by non-technical users.
Wallets that are stored on your smartphone are called mobile wallets. As bitcoins is a means of payment in everyday life gains ground, mobile wallets will see an exponential growth in their adoption and use. Mobile wallets to pay at grocery stores and restaurants need to be light and easy to download and access.
Web wallets or online wallets
Bitcoin wallets that are stored online are called web wallets. They provide the huge advantage of being able to access your bitcoin funds from anywhere in the world where Internet access is available. Since the private keys are stored by a third party and online data is vulnerable to hacker attacks, the user has to be careful about choosing a service that has strong security features. Some wallet services give the user hosted control over their money, but maintain an encrypted copy of the wallet information. Security is only as strong as the chosen password. Web wallets where the funds are later moved to cold storage vaults is now a standard security procedure in most exchanges.
Other web wallets completely control user funds and provide useful tools like merchant applications and act as point-of-sale payment terminals.
Wallet services in exchanges in several countries now provide online buying and selling facilities, even in places where regulation regarding purchasing Bitcoin is not very clear. Users need to check if taxes are applicable when buying bitcoins or selling them for profit via verified bank accounts.
Here are some of the most popular exchanges from around the world that offer online web wallets.
Bitcoins can either be stored in a hot wallet or cold storage.
A hot wallet is one where the information to access bitcoins is stored online. This enables service providers like exchanges to dispense buy orders instantly as they are quickly and easily accessible.
The downside to such a storage method is that like any other online data, the funds are highly vulnerable to hacking and theft attempts. Most bitcoin thefts that have occurred in exchanges are due to the fact that a large portion of the investors’ money was stored in hot wallets. Many times, exchanges themselves manage the users’ keys that takes the control of the bitcoins away from the users.
The current safety practice followed by most bitcoin exchanges is to keep a working amount of bitcoin to fill out routine buy-sell orders and move a majority of the funds to cold storage, where they are retrieved as and when necessary.
Cold storage of bitcoin refers to securing the private keys of bitcoin wallets offline, away from viruses and other malware.The private key can be stored in a USB drive, printed or hand written on paper and put away in a safety deposit box, or stored in a hardware wallet.
Storing bitcoins in cold storage is a safe practice, putting the money in the control of the user. However, the user may not have easy access to the private key from anywhere. It is also the user’s responsibility to protect the private key in the cold storage from theft and damage.
As we know, all bitcoin transfers are irreversible and there is no way to force a refund once the transaction has been initiated. A private key accidentally or maliciously exposed, presents a single point of failure for the entire value of bitcoins in the wallet to be emptied. A private key stored in cold storage with advanced technologies is no exception if the security is dependent only on one piece of information. Multi signature wallets or multisig wallets aim at distributing a valid point of entry as a combination of several private keys working together. This approach increases the security of the wallet by several fold.
Users who find their private key compromised need not panic if their account is set up such that more than one private key is necessary to access an account.
In a business setting where multiple approvals are needed for a transfer to be initiated, a multisig wallet will assume importance. Multiple parties can be set up to sign off a transaction, say 3 of 5 parties, for payment to be initiated.
With multisig wallets, online services that manage a user’s private keys can now be in control of only a part of the information required to unlock the funds. Say, a wallet can be accessed with 2 of 3 keys. The user possesses two that can access the wallet, but the online service has only one that needs to be used in combination with at least one of the keys owned by the user. The user avails of fund transfers with one key in combination with the key with the service for routine transactions.
The user can make several backups of all the keys necessary to open the wallet.Should the service turn out to be unreliable or the user loses one of the backups, the user still has access to the bitcoins. If the service is hacked, the attackers cannot access the bitcoins as the other key is held by the user securely.
Armory is a free, open-source desktop application and is considered to be an excellent means to store bitcoins offline securely. Armory is user friendly for beginners, at the same time providing advanced security features to power users.
Armory is also a full Bitcoin client with advanced wallet management features and provides businesses a convenient approach to adopting Bitcoin. For the purposes of the discussion of cold storage, this section only deals with using Armory for securing bitcoins offline.
Armory bitcoin wallet is trusted by investors who store huge values of bitcoin. However, a new user is advised to get comfortable with the process of creating and operating Armory wallets before moving valuable amounts into their account.
Bitcoin Armory is one of the most secure cold storage solutions available today to users as it provides them a 2-fold protection when it comes to using the private key. A watching-only wallet contains the public address and the private key is stored on an offline computer, removing the threat of of online hackers from getting hold of the private key. Another important feature is that Armory uses a deterministic wallet, meaning all the public and private key pairs that have been created and will be ever be created by a particular wallet are derived from a unique combination of numbers and letters called a seed. Keys derived from a deterministic wallet can also be used on other wallet implementations. The seed is generated by Armory by the use of an algorithm. In this case, only the seed needs to be backed up once, securely. In case of loss of the wallet info, all the public and private key pairs that were lost can be regenerated with the seed.
To start using Armory for offline storage, you need two computers and a removable storage device, such as a USB drive. The term ‘watch-only wallet’ means a wallet that can receive bitcoins and track the balance, but does not have the ability to send bitcoins. This wallet can only create an unsigned transaction, which needs to be signed separately by a private key stored offline to become usable and broadcast-ready.
The online ‘watching only’ wallet can give out receiving addresses to generate transactions. When you spend bitcoin from your online wallet the wallet generates an unsigned transaction file that you take to your offline computer on a USB key. You import the unsigned transaction into your offline wallet and sign with your private key, then take the signed transaction back to your online wallet and broadcast the signed transaction. Because your offline wallet never connects to the internet your bitcoins are as secure as possible.
1. Computer A, an offline computer, one that will never connect to the Internet and preferably does not have the ability to connect with wi-fi or any other means. Any old or used one will do.
2. Computer B, a computer that can connect to the Internet to download Armory and can transfer the wallet creation software to the USB drive, which is later installed on the offline Computer A. This leads to the online computer hosting the watch-only wallet created by the offline computer to receive bitcoins and broadcasting a transaction after it has been signed by the offline computer.
3. A USB drive, preferably a brand new piece. The USB drive is used to move the Armory wallet management application downloaded from the online computer to the one offline and to store the details of the newly created watch-only wallet and move it to the online computer
Creating a wallet with Armory and receiving bitcoins
Step 1: Copy downloaded Armory wallet installation file onto the USB drive. Use the USB drive to install Armory on the offline computer A. Downloading the Bitcoin Core is not necessary in offline mode.
Step 2: Click on ‘Create Wallet’ button to create a new one. Enter a strong passphrase in the space provided for encryption.
Very important: Make a paper backup of the newly created wallet, preferably multiple copies and store safely.
Change the wallet properties setting to “Create Watching-Only Copy.” Save the file to the USB drive.
Click on ‘Create Paper Backup’, and take a printout or write the displayed info by hand on paper and store in a secure place.
Step 3: The USB containing the key is now moved to the the online computer B which has Armory installed.
On the online computer, click on “Import Wallet” and “Import Wallet from File” and select the watching-only wallet from the USB. Now, the online computer scans the blockchain and displays the watch-only wallet.
On this online computer, click “wallet properties”. Click on “Belongs to:” and check the box that says “This wallet is mine.”
Step 4: Click on Receive Bitcoins after selecting the name of the wallet. The public address and the associated QR code are displayed, which can be used to request payment. A clickable link is also provided for convenience.
Sending bitcoins with Armory
As mentioned earlier, the watch-only wallet on the online computer can only receive bitcoins. To send bitcoins, the following steps are taken:
An unsigned transaction is created on the online computer. Click on ‘Create new unsigned transaction’. In the dialog that opens, enter the amount , the receiving address and an optional comment. Click on ‘Create unsigned transaction’. The transaction data is generated and displayed on the screen.
The transactions details are transferred via USB to be securely signed by the offline computer. Choose ‘Offline transactions’ on the offline computer and choose ‘Sign offline transactions’. Load the file from the USB drive. Details regarding the amount and the recipient’s address can be confirmed. Click on ‘Sign transaction’ which requires entering the passphrase that was used to install Armory. Click on ‘Unlock’. You transaction is now signed and you can save the file back to the USB drive.
Open the file from the USB on the online computer and load it. Select the transaction and click on ‘Broadcast’. The transaction is broadcast across the network.
Bitcoins are easy to send and receive, but so far, the real challenge has been to prevent losing them to malicious hacking attempts. Hardware wallets are used for storing the private key of a wallet in a hardware device ensuring that it can never go online. This approach completely eliminates online malware from ever touching the wallet info on the device.
Most popular hardware wallets in the market are
Trezor – a single purpose mini computer to make secure bitcoin transactions, even on a compromised or vulnerable computer. It holds the private key to sign transactions. Each Trezor has a PIN code and cannot be used even if it is stolen.
Pi wallet – The Pi-Wallet combines features of the Armory bitcoin client like offline transaction signing with a small computer such as a Raspberry Pi.
BitSafe – BitSafe provides multisignature support. It is waterproof and comes with a QR Code scan camera.
Hardbit – This device works both online as a payment solution and offline as a storage device. To receive payments, a payment request can be scanned and QR code generated.