How does a bitcoin paper wallet work?

A bitcoin paper wallet is simply a public and private key printed together. It is an offline wallet, and is usually regarded as a type of cold storage, although it has some important differences that make its presence in that category debatable (more on this further down).

As the name suggests, paper wallets are usually made out of paper, although technically they could also be made of plastic or any other substance on which information can be durably printed.

bitcoin paper wallet
via bitaddress.org

What is printed on the paper wallet are the private and public keys, usually in QR form, with the latter also serving as the address. You could just copy and paste the keys onto a text document and print that out (erasing the copy on the computer afterwards). Or you could use one of the free web services that generate the printable wallet for you. The key generation is usually done in your browser, so they are never transmitted on the internet. To be safe, you should clear your browser after printing.

Some paper wallet services have a nifty design that you can cut, fold and seal, making them a lightweight and relatively secure form of storing bitcoins offline. You send your bitcoins to the public address displayed on the wallet, and then store it in a secure place.

What makes paper wallets secure is that they are totally offline. They are not within the reach of hackers, and your bitcoins are never trusted to a third party. As long as the paper wallet is secure, the bitcoins are secure.

But, therein lies the relative lack of security. Someone could find your hiding place, take your printout, spend all the bitcoins associated with those keys, and return the paper, so you would never know.

A more secure version would involve folding the paper so that the private key is hidden from sight, taping the fold with a seal that can’t be broken and replaced (just search for “tamper evident seals”, there are many different providers and models), and making sure that the private key cannot be seen even if the folded paper is held up to the light.

bitcoin paper wallet
image from bitcoinpaperwallet.com

Even that is not particularly secure. What if the folder, drawer or box that you keep it in floods? Sure, it’s unlikely, but when you’re securing a lot of bitcoins, it pays to think of worst case scenarios (and hey, what with climate change and all…). So, a tightly-sealed plastic bag would help. Or, if for whatever reason you have a machine that seals things in plastic, that would also be a good option (we may be verging on the surreal here, but some people do have them!).

So, how do you protect a paper wallet from fire? I have no idea. Keep it in the freezer? (That definitely would be “cold storage”, he he.)

Also, paper itself is not the most durable of substances. Apart from the obvious risks of fire or water damage, the ink could fade with time, making the keys unreadable. No readable keys, no bitcoin.

You can check your balance at any time using blockexplorer.com or blockchain.info (just type your public key into the search box).

 

bitcoin paper wallet
screenshot from blockchain.info

Most online wallets allow you to import your paper wallet data. To spend those bitcoins, you will be asked to type in the private key information, or scan the private key QR code (sometimes called the “spend” QR code). Because the private key will have now “touched” the internet, that does (however slightly) compromise its security, and it is advisable to move any remaining bitcoin to a new paper wallet.

Right there you have the main difference between paper wallets and other cold storage methods. With dedicated cold storage devices, the private key never touches the internet. With paper wallets, you do need to input the private key to sign the transaction. And, while steps can be taken to limit the danger, it is possible that the key can be intercepted. (Unlikely, but possible.)

It is worth remembering that the bitcoins are not actually stored in the wallet, they are on the blockchain, associated with those public and private keys – no-one can spend them without the private key, which is why it is important to keep that part of the paper wallet especially secure, and away from prying eyes.

bitcoin paper wallet
screenshot from bitaddress.org

Some good paper wallet generators:

Bitaddress.org and Walletgenerator.net are open-source random address and key generators that uses your browser’s JavaScript engine, so no keys are sent over the Internet. They’re simple and quick, and have a very cool random generator function in which you move your mouse around the screen to mix up the characters in a long string. That random sequence is then used to generate your public and private keys, which are displayed on the next screen, for printing.

Bitcoinpaperwallet.org will create a printout of a colourful paper wallet, with the appropriate fold lines, and will sell you tamper-evident stickers for sealing it shut.

Mycelium offers an original and even more secure way to generate paper wallets, with a USB dongle that you plug directly into your printer. The device generates a paper wallet that automatically gets printed out, without ever having touched your computer.

mycellium entropy bitcoin paper wallet

No doubt others will also come up with ingenious ways to make paper wallets even more reliable. Meanwhile, the current offerings are ingenious, relatively simple, and provide an additional step in bitcoin security. Of course, care needs to be taken. You can’t go scribbling phone messages on the back of your wallet printout if you have bitcoins associated with it. But, following the security measures and advice given above, paper wallets offer a relatively easy way to keep your bitcoin safe and away from hackers and digital thieves. Paper is not the most durable of materials, though. So for serious bitcoin safety, you’re better off with a dedicated cold storage device.

(For more on how Bitcoin works, see Bitcoin Basics.)

4 thoughts on “How does a bitcoin paper wallet work?

  1. Newbie question. Does bitaddress.org “notify” the Blockchain of my newly created Public Key and the Private Key that can unlock it? Or how does it work?

    1. I found my answer. The Private Key is “connected” to the Public Key at creation through an secret algorithm.

      1. Hi! You’re right, the private and public keys are created together, but they’re not published to the blockchain, nobody is notified. If you want someone to pay you in bitcoin, you let them know your public key (which works as your address). It’s that simple. Your private key never touches the blockchain directly – you only use it for signing a transaction, such as a bitcoin payment to someone. Ideally, your private key would never touch the internet, even. Someone could be spying on your computer, and if they figure out your private key, they could take all the bitcoins associated with that address. That’s why paper wallets are relatively secure – your keys are stored offline. (Not that paper is that secure, but you get the idea… ) However, to spend bitcoins stored in a paper wallet, you do need to type in (or scan) your private key at some stage, and when you do so, that private key becomes vulnerable to hackers or spies. So, recommended practice is to switch to another paper wallet once you’ve used yours. (Long answer to a short question, right?) 🙂

        1. Very helpful. Thanks. Yes, it seems that it is one and done with a Private Key. Once used it is better to create a new Paper Wallet with a new Public and Private Key.

          Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *