tl;dr: If you don’t want the explanations, just follow the bolded instructions.
Some of us want to store a sizable amount of bitcoins as a long-term investment or savings. We need a way to store our keys (the pieces of data that give us, and only us, access to our coins) that will be safe from both loss and theft; but we do not care about them being easily usable on a daily basis. A great way to do this is paper wallets – storing our keys on printed pieces of paper.
Following this tutorial will allow you to create your very own paper wallet.
1. Go to https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html. This is essentially a program that allows you to create keys (and corresponding Bitcoin addresses) in an easily printable form. Ignore the text you see when visiting the page.
2. In your browser’s menu, choose “Save page as” to save this file somewhere on your computer. All browsers have an option to do this, even if differently named. if you can’t find it try simply pressing Ctrl+S.
3. Disconnect your computer from the internet. This is very important. Your secure, offline paper wallet will be of no use if the generated keys are sent to an attacker by malicious software through an internet connection.
4. Open the file bitaddress.org.html you saved earlier (by double-clicking it). You’re not going to get your keys from the website’s server – rather, the page you’ve downloaded contains the program needed to generate the keys locally on your computer, using your browser. For this, it is best to download a copy of the page. Preferably, you should disable any addons running on your browser, for example, by running in incognito mode.
5. Go to the “Bulk Wallet” tab. The site contains many different options for generating paper wallets, but I find this one to be the best. It’s no-nonsense and allows you to print many addresses at once.
6. Choose the number of addresses you wish to print (e.g., 50), fill it in “Rows to generate”, and click “Generate”. Use as many as you can fit in a printed page in big enough letters to be easily readable.
7. Connect a printer with a USB cable. Of course you will need a printer for this. It’s safest to disconnect the computer entirely from any network, so this leaves USB for the connection. (I’m assuming you’re not using a parallel port for this…)
8. Click the page’s “Print” button to print several copies of a paper with the keys and corresponding addresses.
9. Create a file with the Bitcoin addresses (the shorter strings starting with “1”).
10. Make sure you have not saved the private keys (the longer strings starting with “5”, “K” or “L”) anywhere on the computer.
11. Clear your browser cache. This will decrease the chance that your browser keeps the keys. Instructions on how to do this on various browsers is available at http://www.wikihow.com/Clear-Your-Browser%27s-Cache.
12. Reset the computer. This will prevent malware from sending keys it has stored in the computer’s memory.
13. Reconnect the computer to the internet. It is safe to do so now with any trace of the keys erased.
14. Store the paper copies in multiple secure locations – a safe in your house, a relative, a safety deposit box, etc. Keep in mind that if a thief that understands Bitcoin gets his hand on one of the copies, the coins are gone. If all of the papers are lost or damaged to the point of illegibility, the coins are gone.
15. Send the bitcoins you’re saving to addresses in your paper wallet. You could send all of them to one address, but there are several advantages not to store too much on a single address. Split the coins however you see fit. You can always add more coins to any of the addresses. You can save most of the addresses you printed for future use. Keep in mind – once you send from an address, it is no longer secure and you will need to store your funds in the other addresses.
16. Eventually, you’ll want to actually use the funds stored on the paper wallet. That’s a problem for future you, but it is still useful to try this out so you know you can. Most clients have a feature for “importing” a private key – including Bitcoin-QT, blockchain.info and some hosted wallets. Try this option in your client of choice. The most secure method is to import the key into an offline wallet – for example, using Armory. This is fairly complicated now, but hopefully by the time you want to do it, the software and hardware to make it easier will exist.
Extra credit: As the title implies, this procedure will allow you to create a reasonably secure paper wallet. I’ve avoided some cautionary measures that I deemed would deter most users – perfect is the enemy of the good. If you do, however, want a more secure wallet, here are some more things you could do:
1. Make sure bitaddress.org is what it should be. In theory, the website from which you download the generation software could be hacked and replaced with malicious content. A simple way to protect against this is to search the web for mentions of “bitaddress was hacked”. A harder one is to compare the webpage’s SHA1 hash against the digitally signed hash.
2. Use a Linux live CD. Linux is less vulnerable to malware than Windows. This is true regardless of whether the reason is Linux being inherently more secure or hackers not bothering writing malware for it. If you don’t already use Linux, you don’t even have to install it – you can run it directly from the installation disc. For example, you can use Ubuntu for this – burn an Ubuntu live CD, and follow the procedure after booting from it.
3. Use a multi-factor system, such as multisig, SSSS or key encryption. You can encrypt your keys before printing them, so that stealing the paper will be useless without the password. However, a password strong enough to offer meaningful protection will be too hard to remember – you’d probably want to write it down; so this is really a primitive version of SSSS. Shamir’s Secret Sharing Scheme allows you to split the keys into n pieces, so that m pieces are required to recover the key. You can place the pieces in different places knowing that several pieces will need to be stolen to compromise the coins. The security of this, however, still relies on the computer in which the key is generated and split and on which it is combined and used. Using a multi-signature address is more secure, but also more complicated.
4. Don’t trust your printer – printers have memory which, combined with malicious firmware, could send their copies to an attacker once connected to the network. I don’t think this is a very serious risk, and I don’t know of countermeasures other than forgoing the printer and hand-writing the keys.
1. Not all fonts are created equal. In some it is difficult to tell capital letters from small ones, which may create problems when you try to import the keys. Choose a clear font.
2. Consider laminating the papers, or using similar measures to protect them from damage.
3. bitaddress.org also allows creating QR codes for the keys. This is more space-consuming, but allows easier import.
Disclaimer: Use at your own risk! Even with the best security practices there can be failures; and these suggestions aim to balance security with accessibility rather than maximize security. I offer absolutely no warranty or guarantee and will take absolutely no responsibility if this guide leads, either directly or indirectly, to loss of coins or any other harm.