Introduction

I've seen it go around and around that the most secure and reliable way of cold storing your various cryptocurrencies are hardware wallets. I've seen people get ridiculous safes and put their little hardware wallet inside of them. This is, however, NOT the best way to store your crypto currency. Hardware wallets are great if you want to be able to use your crypto in large quantities frequently, however there is no reason to use one for true 'cold storage.' It goes against everything that cryptocurrency is built on. It's in the name--cryptocurrency is based on cryptography, and if you believe in cryptocurrency in general to succeed then you also must believe in open-source cryptography, since that is the backbone of what every cryptocurrency is based on. In this article I'll outline why a hardware wallet, paper wallet and safe is not the best way to store your cryptocurrency, and go over what I believe is the best way to store it.

What's Wrong with Hardware/Paper Wallets?

The issue with hardware and paper wallets is two-fold. First, the issue of location. If you are storing your hardware or paper wallet in one place, then if that location is compromised, so are your funds. Basic robbery or theft will compromise your hardware wallet. Even if you store multiple in separate locations relatively close to each other, you are still at risk of a natural disaster like a fire, flood, tornado, etc. destroying multiple locations at once. In the case of a hardware wallet, the fallback is a mnemonic peg that you get when you receive your device that will allow you to recover your funds cryptographically. This is a good solution, but only if used properly. If you stored this peg on paper and in a similar location, that could be gone as well. If you stored it on your computer in plain text, then you are wasting your time with a hardware wallet anyway, because your money is as vulnerable as your computer is, which is what you were trying to avoid. The only solution is to send multiple copies to geographically significant distances from each other, but this is both expensive and introduces multiple extra attack vectors for a possible attacker. Your money is only as safe as the weakest storage location that you put a copy of your paper or hardware wallet.Second is the issue of how physically safe the storage of your hardware wallet is. It is vulnerable to being stolen just like any other valuable item you have, and is as vulnerable as the safe you put it in. While safes are generally quite, well, safe, they are nowhere near as safe as what can be accomplished with cryptography if used properly. This especially applies to models of safes that are cheaper and not cost-prohibitive for people not storing tens or hundreds of thousands of dollars worth of crypto. Even for those people, though, I will argue that this is not the best option, because of the reasons listed above. In this case, extra caution should be taken to verify each step of the process I will go through below.A third thing I will mention is cost. A hardware wallet plus a nice safe worth its salt could easily be a significant percentage of the amount people will be storing in crypto for a beginner. For larger sums, this is obviously less of an issue, but is still worth mentioning. A very secure cryptography-based solution can be had for free and if you want to be ultra paranoid, can be done for much less than multiple hardware wallets plus effective safes in multiple locations to put them in.

How to Store Your Coins the Right Way

* Disclaimer: This method is provided as-is, and I am not responsible for any possible loss of money. There are many places that error is possible, and no method is 100% immune to un-forseen attack vectors. 

The method I will propose takes advantage of freely available open source cryptography, using the same standards that are used to encrypt the most highly classified/secret documents in governments all over the world.The basic idea is as follows:    

    1. Securely generate a wallet--a public address and private key pair on a trusted and air-gapped* computer (*an air-gapped computer doesn't need to be a completely separate computer. It simply means disconnected from the internet. We'll accomplish this by installing a verified version of Tails on a USB key and using it as an amnesiac computer that can be air-gapped simply by unplugging it or turning off the wifi)    

    2. Encrypt the private ("secret") key of the generated key-pair using an officially supported algorithm or openssl using salted AES-256 with a strong passphrase that will need to be remembered (ideally) or stored in a trusted password manager

    (optional) 3a. For extra reliability (not security), encrypt the chosen passphrase using an implementation of Shamir's Secret Sharing    

    (optional) 3b. Distribute the pieces of the secret to trusted places, which can be later reassembled to regain access to the original password    

    4. Store the encrypted private key on multiple secure* cloud storage platforms

* Note: we are not relying on the security of these platforms, we are only using them as contingency to make sure we never lose access to the encrypted private key.

These steps sound simple, and in theory they are, but there are still some possible attack vectors when using this method improperly. In this tutorial I will provide a detailed method that minimizes the possible attack vectors. 

What You Need

• Two USB sticks, at least 4GB each
• A paper wallet generator for your chosen cryptocurrency
• A decent internet connection
• Enough time to go through this guide carefully

How to Make Your Secure Wallet

I will be walking you through how to do this for For Ethereum, and I'll be using MyEtherWallet.

To generate the wallet securely, we'll be using Tails. Go ahead and follow the instructions to install tails here. Make sure you're downloading using BitTorrent, which will cryptographically verify what you've downloaded is legitimate. Alternatively, or in addition, you can use GPG to verify it as well if you know how. 

Next, boot up Tails and open up the web browser. Now we'll grab the software we need to do our wallet and passphrase generation. First, navigate to the MyEtherWallet github releases page and download the latest version as a zip file. It should be called dist-vX.X.X.X.zip.

Next,  open a new terminal window and issue the following commands. We are downloading and trusting the GPG signing keys for the author of the next piece of software, the passphrase generator, so that we can reference them later for verification.

> gpg2 --keyserver pgp.mit.edu --recv-keys 0x63608B66C0929A67 0x37B8284B4B3EBE74 0x2C4C3C144301224F 0x7FFCB72A6522542E
> gpg2 --edit-key FCDD20FDD083C84A5C6404052C4C3C144301224F

At the prompt that comes up type trust then enter a decision of 4 for I trust fully and finally type quit at the subsequent prompt like so:

gpg> trust

pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: unknown       validity: unknown

[ unknown] (1). Glenn Rempe (Code Signing Key)

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 4

pub  rsa4096/2C4C3C144301224F
     created: 2015-12-27  expires: never       usage: SC
     trust: full          validity: unknown

[ unknown] (1). Glenn Rempe (Code Signing Key)

Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit

Repeat the same process at the prompt that comes up for this key as well:

> gpg2 --edit-key 1C01711C3A0F691D11A9D8BE63608B66C0929A67

Now, clone git repository by running the following commands:

> cd ~/Downloads
> git clone https://github.com/grempe/diceware

Then check the code signature by running

> cd diceware
> git log --show-signature

You should get a message that says gpg: Good signature from "Glenn Rempe (Code Signing Key) . If so, you're good and can continue onto the next steps. Now we can start the process of actually creating the wallet and securing it. At this point, you should disconnect your computer from the internet by either disabling it in Tails or physically unplugging it if you have a wired connection.

First, navigate to your Downloads folder and open the diceware folder. Double click on index.html to load the password generator in the browser. Click on one of the green buttons to generate a password of that word length. You should generate a password of at least 7 words, and more if you'd like to be even more careful. Feel free to regenerate as many times to find a set that you like. However, NEVER select words you like from each and assemble them together to create your own because you think they'll be easier to remember or for any other reason. You MUST choose an entirely generated set for this to work. If you want to read more about how this generator works or the rationale behind it, feel free to scroll down and read the rest of the page. If not, find one you like and then copy the password with dashes separating the words.

At this point, you can temporarily write down the password on paper as you learn to memorize it, but you will eventually want to destroy any copies that you have of it. See this and this for information on how to memorize the password easier. You should also periodically test yourself to exercise your memory and make sure you remember the password. One way of doing this would be writing it down on paper and then destroying the paper.

Next, navigate back to your downloads folder and unzip the dist-vX.X.X.X.zip folder that we downloaded earler by double clicking on it. Then, open the resulting folder and double click on the index.html file contained inside. This will open the MyEtherWallet interface in your browser. Click on the New Wallet tab in the upper left corner. Paste your previously generated password into the space provided and hit the Generate New Wallet button.

At this point, you have two options. The first option is to use the default encrypted UTC/JSON Keystore file that is produced by MyEtherWallet. The second option is to save your private key and encrypt it/unencrypt it yourself every time you want to use the wallet. The advantage of the former is that it is easier to import into MyEtherWallet/Mist/Geth in the future as it is a standardized format. The advantage of the latter is you can determine the encryption algorithm and can use a stronger one than the one that is required in the standard format. You can also store the encrypted private key in a more innocuous manner than a UTC/JSON keystore file, which adds an extra layer of protection. The disadvantage of the latter is that it is more tedious to unencrypt manually each time, however this will also help force you to use best practices like not unencrypting your cold storage wallet on a potentially untrusted computer.

To Use Default Encrypted Keystore Format:

Next, click the Download Keystore File button and save it to your downloads folder. This is your encrypted private key. Since it is encrypted, there is no way to use it without also knowing the password. Therefore, in theory, feel free to put this anywhere you wish. Write it down, print it out, upload it to the internet wherever you want, etc. As long as you made a password as described above and did not ever put it somewhere it could be stolen, your money will be safe. However, this isn't the most advisable solution, as it is advertising yourself as a target for others. What I propose to do with it, as one extra layer of security, is to upload this to semi-secure file hosting services like Dropbox, Google Drive, etc. To do so, copy your encrypted keystore file from the downloads onto another flash drive and bring it to another computer and upload it to whichever of these sites you wish. You may also want to name it something innocuous so that it's not obvious for a potential attacker what it contains.

Now, click Continue. Do not save your private key file, even though it advises you to do so. Also do not print out this paper wallet, as it is not encrypted. Just click Save Your Address. Now, select the Keystore File option and then select the file you saved earlier.  It will ask you for your password, which you should enter and then click unlock. After a successful decryption, you will be able to scroll down and view your "public" ethereum address. This is where you will send ether to in order to fund your account.

To Use Custom Encryption:

Click on the Download Keystore File button. We are not going to be using the keystore file, but it requires us to download it in order to move to the next step. Now, click Continue.

You will see your Private Key displayed in the text box. To save it, highlight and copy it, then go to a terminal and do the following commands, replacing my example private key with the one you just copied:

> cd ~/Desktop
> echo d02833449ec2a2bc76ab6efa712d6fa29c868056cd7a4a9cdbc038afae3e08c8 > eth_private_key.txt

You should now have a text file called eth_private_key.txt on your desktop. Open this file and ensure that the text contained inside matches the private key displayed on MyEtherWallet. Now, we will encrypt the private key using AES-256. To do this, issue the following command in the same terminal window:

> openssl enc -aes-256-cbc -salt -in eth_private_key.txt -out eth_private_key_encrypted.enc

It will then prompt you to enter your password twice. I would recommend attempting to type it from memory both times. Nothing will show up in the terminal window so it will seem like you aren't typing, but you are. Press enter when you're done with each entry. You have to get both the same for it to encrypt.

You should now have a new file on the desktop called eth_private_key_encrypted.enc, which is your encrypted private key file. This is your encrypted private key. Since it is encrypted, there is no way to use it without also knowing the password. Therefore, in theory, feel free to put this anywhere you wish. Write it down, print it out, upload it to the internet wherever you want, etc. As long as you made a password as described above and did not ever put it somewhere it could be stolen, your money will be safe. However, this isn't the most advisable solution, as it is advertising yourself as a target for others. What I propose to do with it, as one extra layer of security, is to upload this to semi-secure file hosting services like Dropbox, Google Drive, etc. To do so, copy your encrypted keystore file from the downloads onto another flash drive and bring it to another computer and upload it to whichever of these sites you wish. You may also want to name it something innocuous so that it's not obvious for a potential attacker what it contains.

In order to decrypt it, issue the following command. Replace eth_private_key_encrypted.enc with whatever you decide to rename the file to if you do. You can also just drag the file into the terminal window after typing -in and it will automatically enter the path to the file for you.

> openssl enc -d -aes-256-cbc -in eth_private_key_encrypted.enc

It will then ask you to enter your password. I would recommend again attempting to enter it from memory. In fact, do this several times to help build your memory and test yourself. Make sure you're able to do this, because if you aren't able to in the future then you won't be able to access your money.

Now, back in MyEtherWallet, don't print a paper wallet and then click click Save Your Address. On the next screen, select the Private Key option. Go through the steps to decrypt your private key again as I outlined above. When you've decrypted it, copy and paste it from the terminal window into the box in MyEtherWallet and then click Unlock. After this, you will be able to scroll down and view your "public" ethereum address. This is where you will send ether to in order to fund your account.

Test Your Wallet Before Sending Large Sums!

You should try sending a small sum of ethereum to your new public address, reloading the wallet from scratch and unencrypting it again, and make sure the funds show up. Then, transfer a small amount of ether to another wallet and make sure the funds show up in the proper wallet after the transfer. Once you have confirmed your ability to do both of these, you can then be confident in transferring large sums into the account.

Optional Extra Step: Gain greater reliability using Shared Secrets

What we will be doing here is creating a set of files that can be assembled to recreate your password if you forget it or lose it, or if you die and you want family or someone else to be able to recover your funds. The way this works is you will make a number of files, N, of which a threshold number, T, of those files must be assembled in order to recover the original password. If any less than that number are assembled then you will know nothing about the original file, in our case the password. To do this, we will use ssss-split to split our shared secret. Issue this command, replacing the number after -t with how many shares you want to require in order to re-assemble the password, and the number after -n with how many shares to generate total:

> ssss-split -t 6 -n 10

This will create 10 shares, with 6 required to reassemble the secret. You will then be prompted to

Enter the secret, at most 128 ASCII characters:

At which point you will want to paste in the password you used to encrypt your wallet. It will give you an output that looks something like this:

01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
02-fe5bfdec37dba02ee0d3740d615f36bb6c3789f03fd20ba2b513f828ee1a34b5504ecb7499bab9d62dfb537989b9aec4572c8f1d4c0531b5b0c9bdcb02bbcad4aade
03-f6e63b213b729471e41b42317603072d2ba093af510314aa759ac0f5f43630216b2d6381b3a3ba3854b414fe61c69f812728edd15b996b978031308468270951fce9
04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
07-1c94cd5ab39ae4709f14ed6960b3f7e35a1310cb232e01bda9e8dac30c0eb5d2e55377c32c152507a4e46f425682ad220edb20d31a54ef660b9b811a8b8560c8db04
08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4
09-63088deb5acd7995fc2ddbc3868a3dd71153b5d63ac40eb131f17299ed3dd3416ffe0ec2cc1fd4a907eb88c36aff1f513b14d099cfa8a5b54b66cba5efb96ca2ced2
10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414

Each of these, including the numbers at the beginning, are the shares. To save them, you may simply store them in text files. One way to make these files is by doing this for each share, copy/pasting the text of each share and incrementing the share number each time:

> echo 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41 > share1.txt

You should then verify that the text contained in these files are correct. At this point, you should print each one out and store them in secure locations scattered around a large geographical area. You could also distribute them to trusted people or family members to take care of if you wish. If you aren't yet ready to do so, you can save these files to a flash drive and distribute them later, but be VERY CAREFUL that they are never connected to a computer that is exposed to the internet, or a computer that you believe might be compromised. In order to reassemble the shares, issue the following command, replacing the number after -t with the number of required shares just as you did in the split process:

> ssss-combine -t 6

It will then prompt you to enter the shares like so. The order does not matter:

Enter 6 shares separated by newlines:
Share [1/6]: 10-f92b3ba59f811549878d8a1a7ff89770cc0053d394d99c2a8b60b0d33b21d07f281b3a05aa673c9975ad7b82d52358c2b62d6236e47bd30ec9accac79d4f64183414
Share [2/6]: 06-e7adf8a93cc974a3aeecc19c1b1ac8a70196017cfa017a6104026325abc881c0eb2b2db4d0f18b7f1c20a169d70b3bbcf16b8a2f7348759951e8d68805d8090bffcc
Share [3/6]: 05-d10464bd05da3dd37bf035c7305bf24e467dba6e022b58d8655fd0c8961c09f037dfc848321cf7015ffb5b43dcd63043f06f22186bc3e7806b96261c65ab2062d8bf
Share [4/6]: 08-b1abe846c9af1bf9e781efdf88129007992772807a797637af2e0634aa55e0b28276542c9514c1fff2a9ef00d495dd673cacd7da578c39d3f3d1f332a69bbf262bd4 
Share [5/6]: 01-4b9a7ffdb35b1029ccca991e367e37a9de0bac675ac90b04321879318b8446ec9796ac301e4b6c30512b8d337b56a7589089fa160256339868f4eeb3ddefcc29fc41
Share [6/6]: 04-0fc4139f04eea838a39d54b6b9ad07296980cb76ca48c0dc1cc9c5401647171ae8a7b770097eceb1385a7acd4d95dc5eda40a9bf3789092be69282ac4f6f3df64601
Resulting secret: safari-create-pummel-theater-thermal-jolliness-charbroil-cathedral

You can try out how this process works at the ssss demo page here, but please do not use actual sensitive information on the web version. Just use it to make sure you understand how it works before doing it for real. 

How to Properly Use Your New Secure Wallet

In order to properly use your new secure cold storage wallet, you should never unencrypt your wallet on an online computer. This means that in order to use it, you need to go through a few extra steps and use the Send an Offline Transaction feature of MyEtherWallet.

What you need

• A USB Key with Tails installed
• Another USB Key with to put your encrypted private key/keystore onto

How to do it

First, before booting tails and in your normal operating system, go to the main MyEtherWallet site and click on the "Send Offline" tab. Enter the public address of your wallet (the wallet where the funds you want to send are coming out of) in the "Step 1: Generate Information" box. Click Generate Information. Write down the Gas Price and Nonce it provides you.

Now, reboot into Tails.

1. Download a backup of your enrypted private key from whichever cloud storage platform you have it on and put it onto your second USB key.
2. Go to the MyEtherWallet github releases page and download the latest version.
3. Unzip the dist-vX.X.X.X.zip file you just downloaded and copy the resulting folder onto the same flash drive with your encrypted private key/keystore.
4. Unplug that USB key from the computer.
5. Reboot Tails again, this time disconnecting it from the internet by either removing the ethernet cord or disabling Wi-Fi immediately after booting it up
6. Plug the USB key containing your encrypted private key or keystore back in
7. Copy the encrypted private key or keystore and the dist-vX.X.X.X folder from your flash drive onto the desktop

Now, if you have an encrypted private key instead of a keystore, look at the instructions above on how to unencrypt it if you don't remember. If you have a keystore file, then you don't need to do anything to unencrypt it yet.

Open the dist-vX.X.X.X.zip file on the desktop and double click on index.html to open MyEtherWallet. Then,

1. Click on the Send Offline tab again.
2. Scroll down to Step 2
3. Input the address that you want to send the Ether to. Be very careful to check for typos multiple times
4. Input the amount you want to send
5. You can generally leave the Gas Limit at its default value
6. Enter the data you generated and wrote down earlier for Gas Price and Nonce
7. Leave the Data field blank unless you know specifically you need to put something in it. If you do, then you'll probably need to up the gas limit.
8. Scroll down and select the correct option to unlock your wallet. In this case, either Keystore File or Private Key
9. If you chose Keystore File, select the keystore file on the desktop and then enter your password into the box. If you chose Private Key, paste your unencrypted private key into the box.
10. Click Unlock, then scroll down and press Generate Transaction.
11. Select all the text in the "Signed Transaction" box and copy it.

Open a terminal window and input the following, pasting the signed transaction text you just copied where it says, WITHOUT the square brackets surrounding it

> cd ~/Desktop
> echo [PASTE SIGNED TRANSACTION HERE] > transaction.txt

You should now have a file called transaction.txt on your desktop. Copy this file onto the flashdrive that you have your encrypted wallet and the MyEtherWallet code stored on. You can now eject and remove this flash drive from the computer.

Now, reboot the computer into your normal operating system and reconnect to the internet. Again go to the main MyEtherWallet site and click on the Send Offline tab. Scroll down to "Step 3: Send/Publish Transaction". Connect the flash drive you were using before and open the transaction.txt file. Copy the text inside it and paste it into the "Signed Transaction" box under Step 3 in MyEtherWallet and then press Send Transaction.

You're done!

Conclusion

Making a wallet that is securely encrypted using a properly-generated and secure password will allow you to do truly secure "cold storage" of your cryptocurrency without the downsides of having to spend lots of money on hardware wallets and safes that could be compromised by traditional theft or natural disasters. Using this method, you can be confident that your coins will be safe from brute force attack. This means that unless someone gains access to your password (through bad practice in handling your password), or gains access to the proper threshold of your shared secret shares (which would hopefully be preventable once you know one or more of the shares is compromised), then your coins will be safe. A traditional safe or bank vault may seem to provide more peace of mind at first glance, but in reality, when properly executed, a cryptographic approach is much more secure and reliable.

I hope this helps someone! If you see any errors or have comments, or if you have any questions about something that wasn't clear enough, please feel free to leave a comment.