Any cryptocurrency donation that ends up on a KYC exchange, sold for fiat, and transferred to a bank account can end up like this. I'm not saying bitcoin privacy doesn't need improvement, but the way you describe it is misleading.
In 1933, when US President Roosevelt issued the famous Executive Order 6102, it was easy to steal gold from citizens as most of it was held by banks. How is it not worrying to see all the hype about lightning custodial and ecash solutions?
https://m.primal.net/LMyw.jpg
Tutorial - Bitcoin Core Create a watch-only wallet and sign transactions offline
Before we begin, you may be asking yourself:
-An airgap setup? Why not use a HW? All the cool kidz on twatter use it!
Most of the cool kidz on twatter are paid chillz, some of the hardware wallets they promote are not even FOSS and as soon as they release a new model they stop supporting the older ones. This setup will give you better security and privacy than most HW, I am not selling you anything and it will not cost you shit.
-Why Bitcoin Core? Other wallets like Electrum are easier for an airgap setup.
I have nothing against Electrum, in fact I really like it, but I choose Bitcoin core because it is the most reviewed client. No more questions? Let's get started!
These steps can be done with 2 PCs (recommended), or if you only have one PC you can use a Linux distribution like tails.
The first step will be to download Bitcoin Core, verify the signatures and transfer it to a USB flash drive (since the second PC or when booting with tails will never be connected to the internet).
----------------------------------------
Offline PC or with Tails
Double click on bitcoin-qt which is located in bitcoin-22.0/bin/.
Bitcoin-qt will start and ask us where to save the data, just click ok, nothing will be downloaded as we are not even connected to the internet.
https://image.nostr.build/4b175c3a2e32b8c64b8ff0b9d9cd87f3cf2365ef78f86eeaa1a72820e6fd1ff1.jpg
Create a new wallet, choose encryption and descriptor wallet:
https://image.nostr.build/76847b5599995569daf9a30990c10767d21b96aac01ee0de6e0004543c41d130.jpg
After creating the wallet, make a backup and save it to another device like a USB flash drive (if you are using tails, everything will be deleted after shutdown). To make a backup, just click on File -> Backup Wallet
Now we will get the information we need to create a watch wallet only.
Open the console (Window → Console or Ctrl+T) and type
listdescriptors
Note: This command is available since version 0.22.
https://image.nostr.build/7589213541331a6c078640bd1d0d5c9d2e4477758ac8b92cd06e337b9da5afba.jpg
This command will give us a list of 6 descriptors in total. We will use those with path derivation 84'/0'/0. (We will use this derivation for native segwit, bech32 but you can copy the whole list and export all the descriptors.).
Copy both to a text file and save it to the USB stick, in this example my .txt file will look like this
{
"desc": "wpkh([66bb13d5/84'/0'/0']xpub6CtDSW4S3XVd5uYp9CgsLTZKQcKieJSmjehcvfVJBSy1rPbkKNU3T6UmZ3mn7DoSsTsM6uH8ZKem7LQh3PHyrBAtZopSvF2tonEE7foTWFe/1/*)#a9twa6j5",
"timestamp": 1647182091,
"active": true
"internal": true
"range": [
0,
999
],
"next": 0
},
{
"desc": "wpkh([66bb13d5/84'/0'/0']xpub6CtDSW4S3XVd5uYp9CgsLTZKQcKieJSmjehcvfVJBSy1rPbkKNU3T6UmZ3mn7DoSsTsM6uH8ZKem7LQh3PHyrBAtZopSvF2tonEE7foTWFe/0/*)#v3w0q0zv",
"timestamp": 1647182091,
"active": true,
"internal": false,
"range": [
0,
1000
],
"next": 1
}
One descriptor has the value internal:false, the other internal:true. Internal false provides the information needed for the watch-only wallet to generate receiving addresses, while internal true is for the change addresses.
We can now shut down the PC/Tails.
----------------------------------------
Online PC.
Your online PC must have Bitcoin Core installed and synchronized.
Create a watch wallet only: Select Disable Private Keys, Create Blank Wallet and Create Descriptor Wallet.
https://image.nostr.build/a2b21d8c1c09ab7b18823f274fbc4ba3b430c5fe32077f49e4ee1f6a8ab1af93.jpg
Open the .txt where you saved both descriptors, go to the console and import both descriptors with their timestamps using the importdescriptors command.
In my example the command will look like this
first descriptor:
importdescriptors "[{\"desc\": \"wpkh([66bb13d5/84'/0'/0']xpub6CtDSW4S3XVd5uYp9CgsLTZKQcKieJSmjehcvfVJBSy1rPbkKNU3T6UmZ3mn7DoSsTsM6uH8ZKem7LQh3PHyrBAtZopSvF2tonEE7foTWFe/1/*)#a9twa6j5\", \"range\": [0, 1000], \"timestamp\": 1647182091, \"internal\": true, \"watchonly\": true, \"active\": true}]"
Second descriptor:
importdescriptors "[{\"desc\": \"wpkh([66bb13d5/84'/0'/0']xpub6CtDSW4S3XVd5uYp9CgsLTZKQcKieJSmjehcvfVJBSy1rPbkKNU3T6UmZ3mn7DoSsTsM6uH8ZKem7LQh3PHyrBAtZopSvF2tonEE7foTWFe/0/*)#v3w0q0zv\", \"range\": [0, 1000], \"timestamp\": 1647182091, \"internal\": false, \"watchonly\": true, \"active\": true}]"
https://image.nostr.build/eafb1c69e51bd86646d99f36991ea635ab2c5e219532cbc808f43e7eb313c983.jpg
This will import the descriptor with an initial keypool of 1000 (which is the default), any new addresses you request will come from their descriptors. If all is correct it will return "success": true
After this, only our watch wallet will be fully functional, allowing us to receive payments and create unsigned transactions.
Before receiving any payment in the watch wallet only, please make sure you have the wallet.dat backup of the offline wallet.
When you want to spend your money, just do it as usual, enter the address to pay to, set the fees, click Create Unsigned and save. This will generate a .psbt file which we will copy to a USB stick to sign with the offline wallet.
----------------------------------------
Offline PC or with Tails
If you are booting with tails, you will need to copy the bitcoin client, copy the backup of wallet.dat into the bitcoin folder ~/.bitcoin/wallets/wallet.dat
File→Load PSBT from file
Review the information and click Sign Transaction.
Once the transaction has been signed, click Save and save the signed PSBT file to the USB flash drive.
----------------------------------------
Online PC
File→Load psbt from file
Click Broadcast Tx and Done
If you're already running a bitcoin node with solutions like nixbitcoin, raspiblitz, start9, etc., you may not want to run another node. Instead, you can follow all the "online steps" with electrum or sparrow by importing the descriptors.
Very useful the new RPC createwalletdescriptor in the latest bitcoin core 28.0 release
It allows you to add new non-existing descriptors as taproot (if you have an old wallet), and since it recreates the descriptors using your actual hdkeys, it doesn't make your old backup useless, you can always restore everything by recreating your descriptors.
It's good that you remind us that we really are slaves, because "the best slave is the one who thinks he's free", and once you're aware of that, you can start fighting for your freedom.
Thank you, this is a very interesting initiative, looking at the web vpn's section I found Snowstorm, I wasn't aware of this project and I see that they are in beta. Have you tried it and if so can you share your thoughts?
Has the android demo version been released? Discovered this project by listening to Vlad's podcasts, seems like cartridge is sold out but since I don't have a game boy I was looking for a way to get the android version.
Oddbean new post about login | logout
Notes by TracaChang | export
If you use nix-bitcoin you can run Bitcoin Knots as alternative to BItcoin Core. Just edit the configuration.nix file and add: -------------------------- services.bitcoind.package = let pkgsUnstable = import (builtins.fetchTarball { # nixpkgs-unstable as of 2023-12-12 url = "https://github.com/NixOS/nixpkgs/archive/666fc80e7b2afb570462423cb0e1cf1a3a34fedd.tar.gz"; sha256 = "1j4ahdm49pbw5s1sw0vc0l12s1zxlnw0sjvnljxhdjbsvgbjsl7m"; }) {}; in pkgsUnstable.bitcoind-knots; -------------------------- https://github.com/fort-nix/nix-bitcoin/issues/664#issuecomment-1851831390 https://image.nostr.build/c37aae2afb9697bba6a83468c0c25bd9f1c2b6151ab53ab62c987416760914dc.jpg