Cold Wallet Walk-through using Ripplerm Wallet

[Kakoyla]

Intro

If you follow this, you will be able to:

• create an new wallet address and secret key
• test that you have the correct address and secret key on paper before sending a payment
• activate wallet
• use offline signing to make sure your wallet is able to send out before moving all of your intended holdings over to it
• Send XRP from your Cold Wallet without ever entering your secret key on an online computer 
  • create raw transaction on offline computer
  • sign transaction on offline computer
  • easily move the signed transaction blob over from the offline computer to an online computer using a QR code
  • submit signed transaction blob to a ripple server

I haven’t audited the code on @ripplerm ’s wallet because I do not know how, so trusting it is up to you.  I think his wallet is great, it is easy to install, pretty easy to use and it has a lot of great options. The QR code for the transaction blob is extremely helpful for offline signing (if you don't know what i am talking about this is for you).

I did the following on a raspberry pi B+ with raspbian installed via noobs (https://www.raspberrypi.org/downloads/noobs/). There is no on-board wifi on this model, so I didn’t have to worry about shutting it off. I bought a 16gb micro sd card just because it was on sale for $8, you can use 8gb without a problem. You can also get them with noobs already installed on amazon if you want to go the raspberry pi route but this will work with whatever computer you use. It’s just up to you to make sure whatever you are using won’t go online again. This is why I think pi’s are perfect, you can take the sd card out and your whole OS is gone. You could also go the linux on a usb stick road but you will have to ask google about that.

The rest will assume you have both an offline computer ready to go and an online computer ready to go, preferably in the same room.

 

Useful Links

Hosted Wallet

Check out  the wallet or practice without downloading anything (don't use this hosted version for sending any real transactions, i.e. DON'T put your secret key in):

http://ripplerm.github.io/ripple-wallet/

You can practice by switching network to test (top left).

You can use this test-net account for practice:

ADDRESS :r479Q1f3xm4VfAxNLoXAVKhSN1E8FArztD

SECRET: saUxhRNFjsa9H45VfFeDxSYYRUbhD

If someone ruins it for everyone else and uses all the XRP, you can generate new test accounts which include 10,000xrp here:

https://ripple.com/build/ripple-test-net/

 

Download Wallet

To download wallet, open below link , click green clone or download, click download zip

https://github.com/ripplerm/ripple-wallet

 

Setup

First download the wallet(https://github.com/ripplerm/ripple-wallet). Put the contents of the zip file on a usb stick, bring that stick to your offline computer and drop the folder onto the desktop or somewhere good for you.

There should be three files in the folder: index.html, package.json, readme.md

Open index.html, this will open the wallet and you are ready to proceed

 

Create Wallet Address/Secret Key

First you need to create a new wallet address and secret key. Since we already have ripplerm wallet on an offline pc, we will use it.

Open the wallet and go to the Tools Tab, then within that tab go to the Account-Generator tab(middle one) and click the Random button

I am a level lower than noob when it comes to cryptography, but I have read on this forum that the longer you let your computer run before doing this the more entropy (lack of order or predictability; gradual decline into disorder).

After clicking Random you will be able to see your secret key (seed/secret -under SEED) which begins with a small “s” and also your wallet address (Address:  - under ACCOUNT) which begins with a small “r”

Write your secret key on a piece of paper, underline any CAPITAL letters to help avoid confusion later. Double check each digit one by one.

Follow the same process as above for your Wallet Address but on a separate sheet of paper.

Test that you have written the address and secret key down correctly

We will now check to see if you wrote them on your paper correctly.

You should still be on the tools tab, click the RAW TXN tab

Fill out the following Fields:

*Account: enter your wallet address here

*Sequence: 1  ( it is important to enter correct sequence number normally,  but we are just checking your written info)

*fee: 12 **see above

 

Under Transaction Types:

Choose the payment tab

Fill out the following Fields:

*Destination: enter your wallet address here (you can just copy it from above this time)

*Amount: 1

As you scroll down you will see a blue button with a “sign” label. Hover your mouse cursor over it, you will see the cursor change from an arrow to a blocked hand - it is not available, this is because not all required fields are filled out correctly or they are not filled out at all. In this case we still have to enter the wallet secret key.

Right above the blue “sign” button is the SIGNING area, enter your secret key into the “secret:” box

If you have entered the correct secret, when you move your mouse over the “sign” button you will see it lights up and you are able to click it. If you are not able to click the button, it means you entered one of the above entries wrong. First check the easy stuff, then check your secret to your paper and finally your wallet to the paper.  If all of these match, you probably wrote either the secret or wallet address wrong. Luckily if you click back to the Account- Generator tab they will both still be there so you can see where you went wrong. Once you are able to click the sign button, go ahead and click so you can see what it will look like,  if you were successful you will see a tx blob and QR code for that blob.

Now that we know you have a your secret and wallet address written correctly, it will be up to you where you store it and how many copies of them you make. You can put your wallet address on your online computer, but never put the secret key on any online computer (this is a cold wallet, just keep it on paper).

Activate your newly create wallet address

Keep your offline computer running, but move to a separate online computer to:

Activate the new address you just created by sending  21 XRP to it from another account, you do not need a destination tag.

Check to see if your address has been credited using either of the following:

https://bithomp.com/explorer/ or https://charts.ripple.com/#/graph

If it’s not there I don’t know where you went wrong, up to you to find out (hint exchange accounts take longer for sending, as an example Polo takes about 5 mins during the week and 30 on the weekend).

Preparation for signing tx and sending tx blob

You should already have the ripplerm wallet on your online pc, open the index.html file so you have the wallet opened and ready for later.

Get on your phone and install a QR code reader app, I don’t have any recommendations, anyone should work.

Before sending your whole stash over to your cold wallet, lets make absolutely sure that you have the correct info written by sending a small payment out - might be overkill, but you can see how to use offline signing, and you don’t want to have a billion dollars that you can’t get out.

Create and sign payment on offline computer

Go back to your offline computer.

Go back to the Raw Txn tab under TOOLS

Your address should already be in there if it is not re-enter it.

Sequence number: 1   

This is 1 because this the first tx you have processed for this account, next time it will be 2. If you ever forget where you left off you can put your address (do not enter secret) into this wallet on the online computer, and go to the info tab. You will see a  “Next Sequence:” field which tells you what your sequence should be.

Fee: this depends on what the fee is when you are doing this. This is entered in DROPS (1XRP = 1,000,000 drops)

You can see at the top of the wallet screen in the middle next to “Server S1.ripple.com” there is “Fee:##” You will need to look at what the wallet on your online computer shows for the fee, as your offline computer will not be updated. If there is a lot of action, you might have to go pretty high, or you can wait for things to calm down. As I am typing this the fee is jumping from 12 up to 8000+, 8000 is equal to 0.008000 XRP. Whatever the fee is at that time is what you will need to put as a minimum, you probably want to go a bit above the current fee, because it will take a few minutes for you to get to submitting it and the fee will most likely change during that time

 

Under Transaction Types:

Choose the payment tab

Fill out the following Fields:

*Destination: enter the address you had originally sent the 21XRP from to activate your new cold wallet, we are going to send a little back

*Amount: 400000  (4 hundred thousand)

This is in drops and equal to 0.4XRP  (1XRP = 1,000,000 drops). For more info see: https://ripple.com/build/rippled-apis/#specifying-currency-amounts

In the  SIGNING area, enter your secret key into the “secret:” box

Click the blue “sign” button

By doing this you are signing the transaction offline. This will generate a blob of text and an QR code representing that text  which can then be moved to an online computer and submitted safely.

Move signed tx blob to online computer

Either Scroll down so only the QR code is showing and your secret key is no longer visible on the screen, or just clear out the secret field so it is empty (you don't want to take a picture of it by accident).

Get out your phone and open the QR code app, scan the code, it should convert it back into your tx blob. Copy the blob, email it to yourself or use any other method you can think of to get that blob from your phone to your online computer without having to manually key it in (I use google keep).

**EDIT: or as @ripplerm mentions below (much easier)  you can simply submit the signed-transaction with the mobile-phone... via https://ripplerm.github.io/ripple-wallet/

Once you have the blob on your online computer, go to the Tools tab and the Submit tab below.

Paste the blob you created into the tx_blob box, and hit submit.

Check the address you are sending to, to verify that you received the 0.4 XRP. If it is there you are good to go, you can proceed to sending the rest of your XRP  over to your cold wallet as you were able to receive into and send out of it and know you have the correct key and address info written down.

Why is this safe?

I had questioned why is this blob is safe to send, and how could it be accepted by a rippleD server without exposing my secret key, I assumed it was some kind of encryption magic but @mDuo13  help me understand with the following :

 

Actually the blob itself isn't encrypted or hashed. It's easy (well, relatively speaking) to take a binary transaction blob and turn it back into a JSON format with transaction instructions and a signature.

But don't worry. The real answer to your original question is that a "signed" transaction doesn't have your secret, just your signature. It's the power of digital signatures! The basic idea of digital signatures uses the same principle as hashes and other cryptography, that some calculations are easy to do but hard to reverse. In the case signatures, you use your secret key and a message to create a signature. Anyone with your public key and a message (which is also attached to the signed transaction) can verify that the signature is legit and it's for the exact message in question, but they can't figure out what your secret key is or make signatures for any other, even slightly different, message. In this case, the transaction instructions are the message.

So "offline" signing is less a question of whether you're actually "online" or "offline" when you make the signature; it's a matter of who does the calculations to create the signature. "Online" signing means giving your secret to a rippled server (probably hosted on someone else's computer) so it can calculate the signature for you; "offline" signing means doing the signature yourself without sending your secret to another computer. In either case, the resulting signature can only be used once. The problem with online signing is that if you send someone your secret, they (or anyone who intercepted the message with your secret in it) could remember it and use it to create new signatures for any message/transaction they want.

 

Hopefully this helps someone, if you see any errors please let me know so i can fix them

Edited August 12, 2017 by Kakoyla
Clean Up

[PunishmentOfLuxury]

Quote

@Kakoyla wallet will require a web server to be installed on the Rasbian installation before it will run locally since it is HTML and web language based. Rasbian does not come with a webserver built in so the Newbie will need that too before that wallet will function.

https://www.xrpchat.com/topic/4591-creating-a-cold-wallet-computer-under-construction/?do=findComment&comment=44127

@KakoylaIs that the case? If so, how to install a webserver?

[Kakoyla]

@PunishmentOfLuxury there is no need to install a webserver. 

Edited May 18, 2017 by Kakoyla

[PunishmentOfLuxury]

59 minutes ago, Kakoyla said:

@PunishmentOfLuxury there is no need to install a webserver. 

Confirmed, with Ubuntu Mate running on Rpi

[ripplerm]

On 5/13/2017 at 5:28 AM, Kakoyla said:

Get out your phone and open the QR code app, scan the code, it should convert it back into your tx blob. Copy the blob, email it to yourself or use any other method you can think of to get that blob from your phone to your online computer without having to manually key it in (I use google keep).

you can simply submit the signed-transaction with the mobile-phone... via https://ripplerm.github.io/ripple-wallet/

[mrbooly]

Hi,

I created a new account using a random seed + account number XXXX. Now the secret seed doesn't change although the public/private keys and address change.

After the account is activated, when I try to sign a payment transaction with the (unchanged) secret seed and submit the transaction I get: tefBAD_AUTH_MASTER: Auth for unclaimed account needs correct master key.

why ?

[RationalD]

On 13.5.2017 at 8:28 AM, Kakoyla said:

Setup

First download the wallet(https://github.com/ripplerm/ripple-wallet) , also get a copy of firefox (https://www.mozilla.org/en-US/firefox/) in case the default browser on your setup doesn't play nice. Put the contents of the zip file and firefox on a usb stick, bring that stick to your offline computer and drop the folder onto the desktop or somewhere good for you.

There should be three files in the folder: index.html, package.json, readme.md

Open index.html, this will open the wallet and you are ready to proceed

I install the firefox from mozilla on my rpi2 and it gives me an error when I try to run it. After some googling I realized that the problem is due to the fact that the firefox I downloaded isn't compiled for ARM processor, I searced but I didn't  find a suitable version.  How did you overcome this problem?(sorry for the newbie question)

[Kakoyla]

@RationalD

I used the default browser which comes with raspian. 

 

[RationalD]

I tried to install Firefox because Chromium didn't behave well. after trying to install it for 2-3 hours I decided to try different approach and "fix" Chromium . I realized that I actually need a web server in order to read the wallet correctly(most of it is on html) like my fellow noticed few posts before.(I'm using Raspbian)

Luckily I found a quick and offline  solution for this problem:

1) In the command line, go to the top directory of the wallet (e.g /home/pi/ripplermIsHere/)

2)write : python3 -m http.server  <port(OPTIONAL)>    ---- An http server will be created on this directory. Notice: if you won't define a port so the deafult one will be 8000

3)Find your  rpi's ip (open new command line window and write 'ifconfig')

4) Open Chromium and just write at the address : http://<your ip>:<8000/<chosen port>    e.g http://1.2.3.4:8000

This procedure should take 2 minutes and you can run ripplerm on your rpi2 offline without need for any connection to the web.

[Guest]

 @ripplerm Does your wallet still work?

I've download the zip file and transferred to a cold computer but I get no functions or features when I open the .html file.

Using windows 7. 

Edited May 9, 2018 by Guest

[KarmaCoverage]

On 8/12/2017 at 4:36 AM, RationalD said:

I tried to install Firefox because Chromium didn't behave well. after trying to install it for 2-3 hours I decided to try different approach and "fix" Chromium . I realized that I actually need a web server in order to read the wallet correctly(most of it is on html) like my fellow noticed few posts before.(I'm using Raspbian)

Luckily I found a quick and offline  solution for this problem:

1) In the command line, go to the top directory of the wallet (e.g /home/pi/ripplermIsHere/)

2)write : python3 -m http.server  <port(OPTIONAL)>    ---- An http server will be created on this directory. Notice: if you won't define a port so the deafult one will be 8000

3)Find your  rpi's ip (open new command line window and write 'ifconfig')

4) Open Chromium and just write at the address : http://<your ip>:<8000/<chosen port>    e.g http://1.2.3.4:8000

This procedure should take 2 minutes and you can run ripplerm on your rpi2 offline without need for any connection to the web.

Well I spent a lot more than 2-3 hours trying to screw around with Firefox.

Did this and it worked great. Thank you!

[Flintstone]

@KarmaCoverage @Trusty-X @Kakoyla @PunishmentOfLuxury So what's your opinion of this wallet? Is it still functioning ok?

Edited August 11, 2018 by Flintstone

[Guest]

41 minutes ago, Flintstone said:

@KarmaCoverage @Trusty-X @Kakoyla @PunishmentOfLuxury So what's your opinion of this wallet? Is it still functioning ok?

Didn't use it. I've been using Toast offline transactions with QR codes, works a treat.

Edited August 11, 2018 by Guest

[Kakoyla]

12 hours ago, Flintstone said:

@KarmaCoverage @Trusty-X @Kakoyla @PunishmentOfLuxury So what's your opinion of this wallet? Is it still functioning ok?

I still use it,  it's already on my offline pc and has always done what I needed so no need to try anything new. There are a lot more options available now, and Toast seems to be a crowd favorite. 

[Flintstone]

On 8/12/2018 at 12:35 PM, Kakoyla said:

I still use it,  it's already on my offline pc and has always done what I needed so no need to try anything new. There are a lot more options available now, and Toast seems to be a crowd favorite. 

Was you using Chromium browser on the Pi? I've just extracted Ripplerm wallet onto the desktop and opened the index.html with Chromium but the GUI is unresponsive for me.

Edit: Going to try Toast offline in the meantime.

Edited August 24, 2018 by Flintstone