Here is a typical usage with testnet coins.
Generate keys (offline computer)
This part is identical to using a paper wallet or any sapling enabled HD wallet.
[hanh@archlinux zec]$ zcash-coldwallet generate >keys.txt [hanh@archlinux zec]$ cat keys.txt Seed Phrase: crew hen auto reject cart eternal abandon machine raven fortune cargo arena rival increase ribbon correct zoo ability oil siege victory chat liquid deer Derivation Path: m/32'/1'/0' Secret Key: secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud Viewing Key: zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96 Address: ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v
Obviously, the secret key should be kept safe.
Initialize Db (online computer)
We switch to the online computer and setup the watch-only wallet.
[hanh@archlinux zec]$ zcash-coldwallet init-db
Initialize Account (online computer)
[hanh@archlinux zec]$ zcash-coldwallet init-account zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96
Initial Sync (online computer)
[hanh@archlinux zec]$ zcash-coldwallet sync Starting height: 1288000 Synced to 1292576 Scan completed [hanh@archlinux zec]$ zcash-coldwallet get-balance Balance: 0
There is no balance at this point since we didn’t receive any coin in our wallet.
Tap test faucet
Let’s use the test faucet to get 1 tZEC.
Go to https://faucet.testnet.z.cash/ and request a test ZEC to
Sync (online computer)
After 3 confirmations, check that we have received the tZEC.
[hanh@archlinux zec]$ zcash-coldwallet sync Starting height: 1292577 Synced to 1292579 Scan completed [hanh@archlinux zec]$ zcash-coldwallet get-balance Balance: 1
Prepare spending transaction (online computer)
Now we are going to send 0.5 tZEC to the same address. The balance remains the same minus the transaction fee (0.00001 tZEC).
[hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json Not enough funds: 0 < 0.50001 ZEC
Coins have to mature 10 blocks before they can be spent. We need to wait longer.
[hanh@archlinux zec]$ zcash-coldwallet sync Starting height: 1292580 Synced to 1292588 Scan completed [hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json
The transaction is stored in the file
tx.json. We copy this file to the offline computer (using a USB stick) and continue there.
Sign transaction (offline computer)
This signs the transaction with our secret key.
[hanh@archlinux zec]$ zcash-coldwallet sign secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud tx.json tx.raw Payment of 0.5 ZEC to ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v
The signed transaction is in
tx.raw. We copy this file back to the online computer and finish up there.
Broadcast signed transaction (online computer)
[hanh@archlinux zec]$ zcash-coldwallet submit tx.raw Success! tx id: "ed19603c432f2bb89380a6516dd51513665447ad68ea52a660c8cd1802c2955c"
The transaction can be checked on a testnet explorer. For example: https://explorer.testnet.z.cash/tx/ed19603c432f2bb89380a6516dd51513665447ad68ea52a660c8cd1802c2955c
Let’s resync to update our wallet.
[hanh@archlinux zec]$ zcash-coldwallet sync Starting height: 1292589 Synced to 1292619 Scan completed [hanh@archlinux zec]$ zcash-coldwallet get-balance Balance: 0.99999
As expected, we just lost the transaction fee of 0.00001 tZEC
Thanks for this, @hanh! It’s very clear how you would execute this project, thanks for that.
The ZOMG have had a discussion. We like anything that is related to better security.
Could you help us understand what the use case is, and what demand would be like for this could be? We want to make sure that if this is built, it has the potential to be well-adopted.
Separately, for which other crypto assets have you done this? Just for our background.
This should be useful until shielded hardware wallets arrive. Security and privacy should not be mutually exclusive and offline shielded transaction signing is important to help ensure that.
@ml_sudo At this moment, hardware wallets (ledger and trezor) do not support shielded addresses. I have been following the work of the company zondax about zcash on ledger. It is promising but unfortunately, they won’t be ready for a while. So currently, if you want to use shielded addresses, you must use zcashd, lightwalletd or a wallet based on these two.
These products store the secret key in a local file. Even though it can be encrypted, the fact that the machine is online remains a concern (in my opinion). A hacker could install a keylogger or replace the wallet executable with a version that sends him the key once it is decrypted.
Many other cryptocurrencies offer a cold wallet that eliminates this problem by keeping the secret on an offline computer. For example, bitcoin has electrum. Ethereum has MEW offline. As a matter of fact, all exchanges use cold wallets nowadays.
I wrote a cold wallet for bitcoin before Electrum had this feature. GitHub - hhanh00/offlinesig: Cold storage BIP 44 wallet
Thanks @hanh! I’ll bring this back to the ZOMG.
Cold wallets seem to cover a different use than hardware wallets too. Hardware wallets can break, loose compatibility (USB cables get upgraded), rely on the software of the vendor…
It looks like cold wallets are a nice feature for very long term storage.
Would you consider developing this feature on top of ZecPaperWallet? I believe this can help both the development and distribution of this project.
Also might be a good consideration for ZOMG @ml_sudo
You can use this tool to generate a paper wallet for sapling so you don’t need to use ZecPaperWallet. If you already have a paper wallet (made by ZecPaperWallet or another tool), you could use it with this tool too. In my opinion, they don’t need to be integrated and I would rather keep my tool as simple as possible.