Safely Transfer Bitcoin from a wallet.dat File to Anywhere, Using Air-Gapped Offline System, Bitcoin Core, and Electrum

From Bitcoin Wiki
Jump to: navigation, search

This guide is intended for former users of Bitcoin Core who wish to very securely transfer Bitcoin from an archived wallet.dat file into a new secure storage target (e.g. hardware wallet) using a process that keeps all private keys off of any online computer.

WARNING

Before reading this page, users should note that directly manipulating ECDSA private keys is dangerous and can result in losing bitcoins[1][2].

Goal

  • Safely sweep Bitcoin from a wallet.dat file and send to a new address.
  • Never allow wallet.dat or any private keys to touch online computer.
  • Use GUI tools that minimize complication and potential for mistake.

Why

  • You are paranoid and don't trust the security of your online computer.
  • You have a hardware wallet or other secure means of storing Bitcoin.
  • You like doing things in a more complicated way than otherwise necessary by more trusting folk.
  • You aren't comfortable manually building Raw Transactions from UTXOs and playing with big opaque hex strings.

Read This First

Less paranoid people may find the following article simpler and easier, which also describes in more detail obtaining the relevant software and other basic topics:

Less paranoid people seeking to move Bitcoin from a wallet.dat to another address may also simply use Bitcoin Core itself directly, bypassing all complexity of offline transactions.

Ingredients

The following ALL-CAPS terms are introduced here and used below consistently.

  • NET-PC  : An online computer with potential malware.
  • OFFLINE-PC : A secure offline computer without network access.
  • USB-STICK  : A USB stick to transfer files over air gap.
  • WALLET.DAT : A high value wallet.dat file stored offline.

Software (always verify signatures!)

Instructions

  1. OFFLINE-PC [Bitcoin Core] Dump addresses from wallet.dat using at least (NOTE: this part needs review - how best to simply and reliably list all addresses?):
    1. listreceivedbyaddress 0 true
    2. listaddressgroupings
  2. Copy addresses to NET-PC via USB-STICK.
  3. NET-PC [Electrum] Create "Watch Bitcoin Addresses" wallet using exported addresses. See which have balances.
  4. OFFLINE-PC [Bitcoin Core] Dump each private key from wallet.dat: dumpprivkey "$ADDR".
  5. OFFLINE-PC [Electrum] Create "Standard Wallet" with "Use public or private keys" using (copy/paste) desired private keys.
  6. NET-PC [Electrum] Generate transactions and save them to USB-STICK.
  7. OFFLINE-PC [Electrum] Sign transactions and save them back to USB-STICK.
  8. NET-PC [Electrum] Broadcast transactions from USB-STICK.
  9. OFFLINE-PC: Wipe drive.

Simplifications for sweeping a paper wallet

If you have a paper wallet (with private key and address written on it) instead of a wallet.dat file, you may simplify the instructions as follows:

  • No need to install Bitcoin Core on OFFLINE-PC.
  • Skip steps 1 and 2, and use address directly in step 3.
  • Skip step 4, and use private key directly in step 5.

References