Sweeping Paper Wallets to Casa App

Paper wallets were one of the earliest ways in Bitcoin's history to secure Bitcoin. While they have since fallen out of favor and replaced by more secure storage solutions, some Casa customers have Bitcoin they have stored on an older paper wallet, and would like to move them to their Casa multisig keyset. 

This guide will walk you through a step-by-step process to securely transition your funds from a paper wallet to Casa, while ensuring that your private keys are not compromised.

Requirements

  • 1 or more paper wallets - this guide assumes bitaddress.org or similar
  • 1 ONLINE laptop with Electrum, GPG, and the Tor Browser installed
  • 1 OFFLINE laptop running Electrum with GPG installed 
  • Mobile phone with the Casa app installed and a camera
  • (Optional) Unopened USB flash drive from a major manufacturer to load Electrum onto offline laptop 

1. Download and Verify Software

We’ll use the open source Bitcoin client Electrum to create and sign the transactions that will send your funds to your Casa account, and Tor Browser to push them to the network.  There have been documented attacks on various open source software applications, so it’s important to verify the code before we use it. 

GPG

GPG (short for GnuPG) is a cryptography toolkit that we will use to verify our Electrum download.

Ubuntu:

Open a terminal with CTRL+ALT T, then run the following commands:

sudo apt-get update

sudo apt-get install gnupg2

MacOS:

Open a terminal from Applications/Downloads or using Spotlight search, then run the following commands:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

brew install gnupg

Electrum

  1. Download Electrum and the signature file for your version
  2. Download the developer’s PubKey
  3. Open Terminal and navigate to your Downloads folder
    • To locate your terminal, search in Spotlight, or press CTRL+ALT+T in most Linux distributions
    • On Mac and Linux, type: cd ~/Downloads
  4. Verify the application file by running the following commands in your Downloads folder:

gpg --import ThomasV.asc

gpg --verify [electrum-signature-filename.asc] [electrum-application-filename]

You should get an output that looks something like this:

Screen_Shot_2021-04-20_at_5.26.18_PM.png

     5. Repeat this process on your second laptop, or - if you have a USB flash drive and are using the same OS - copy the verified file to your offline machine using the flash drive

Tor Browser

  1. Download Tor Browser and the signature file for your version on your ONLINE laptop
  2. Open Terminal and navigate to your Downloads folder
  3. Verify the application file by running the following commands in your Downloads folder:

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

gpg --verify [electrum-signature-filename.asc] [electrum-application-filename]

2. Securing your offline laptop

During this transition, it is critical that your private keys are held on a computer that is completely offline.  This way, even if your machine were to be compromised, an attacker will not be able to spend your Bitcoin.  To ensure this, we will turn off all networking services.  Depending on your threat model, you may want to consider additional steps that include modifying your hardware as well.

To disable WiFi on your Linux laptop, enter the following commands:

sudo nmcli radio wifi off

sudo nmcli networking off

sudo service bluetooth stop

Alternatively, you can physically remove the WiFi and Bluetooth cards.  Search YouTube or iFixit for “replace WiFi/Bluetooth card [make and model of your laptop].”  For the full tinfoil experience, you can also consider disabling your speakers.

3.  Generating a transaction using the public keys

Now that both machines are ready to go, it’s time to generate your transaction.  We’ll do this using your online laptop, since Electrum will need to find your UTXOs to get started.

  1. Open Electrum on your ONLINE laptop, click ‘File’ in the menu bar, and select ‘New/Restore’
  2. Choose a name for your wallet - we suggest something like paper_pubkey_01
  3. Select ‘Import Bitcoin address or private keys’

WARNING - Be careful not to type or scan your PRIVATE KEY on your ONLINE laptop accident!

  1. Type or scan a PUBLIC KEY addresses into Electrum
  2. Encrypt the file with a strong password using a password manager
  3. On the next screen, you should see your wallet balance and previous transactions.  Click ‘Send’ from the top of the screen, tap the camera icon, and confirm access to your laptop’s webcam
  4. From your Casa app:
    • Open the ‘Assets’ tab
    • Select ‘Bitcoin - Secured by Casa Key Shield’
    • Click ‘Request’ to generate the QR code
    • Hold the QR code up to the camera
    • Verify that the address in Electrum matches what is displayed in the Casa App 
  5. Input the amount of Bitcoin you would like to send in this transaction set the fee level, and click ‘Preview’
    • Note: It is best to spend everything in each UTXO at once if possible  
  6. The next screen will show the ‘Sign’ and ‘Broadcast’ buttons as unavailable, because this machine doesn’t have your private keys.  Click the QR icon to generate the unsigned transaction’s QR code.  Take a photograph of this QR code with your phone.

4.  Signing transactions

We now have a raw unsigned transaction ready for your private key, saved in the form of a QR code.  The next step will be to transfer this data to your air-gapped computer and add a signature from your private key.

  1. Open Electrum on your OFFLINE laptop, click ‘File’ in the menu bar, and select ‘New/Restore’
  2. Choose a name for your wallet, I suggest something like paper_privkey_01
  3. Select ‘Import Bitcoin address or private keys’

ALERT - You are about to enter your PRIVATE KEY!  Do not insert or remove any media into this machine or connect to the Internet until all funds from this wallet have been spent to your Casa multisig account.

  1. Type or scan the corresponding PRIVATE KEY addresses into Electrum
  2. Encrypt the file with a strong password using a password manager
  3. Click ‘Tools’ from the top menu bar, scroll down to ‘Load Transaction’, select ‘From QR code’, and scan the photograph you took of the unsigned transaction
  4. IMPORTANT: Verify the output address matches the one in the Casa App
  5. Click ‘Sign’, then click the QR icon, and take a picture of the updated code

5.  Broadcasting your transactions

Your transaction is now signed!  The last step is to bring the signed transaction back to a connected computer and broadcast it to the network.

  1. Open Electrum on your ONLINE laptop and repeat step 6 above, this time scanning the signed QR code
  2. IMPORTANT: Verify the output address matches the one in the Casa app

ALERT - To maximize privacy, do not click ‘Broadcast’!

  1. Select ‘Copy’ at the bottom left, 
  2. Open Tor Browser to one of the following URLs, and paste the raw transaction hex into the text box.
    1. Blockstream - https://blockstream.info/tx/push
    2. Blockcypher - https://live.blockcypher.com/btc/pushtx/

That’s it!  Check the Casa app - you will see a new pending balance.   You can now generate a new receive address and repeat this process as many times as you would like.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share