decred.org/dcrwallet/v3@v3.1.0/docs/offline_wallets.md (about) 1 # Offline wallets 2 3 Cold wallets may be monitored using a watching only wallet. A watching only 4 wallet is created using an extended public key for an account. 5 6 An extended key for your cold wallet can be retrieved using the 'getmasterpubkey' 7 command in the legacy API. Without any argument it will return the default 8 account extended public key. Other accounts may be retrieved by supplying the 9 account as an argument. 10 11 A wallet is then created using the public key, by the following command: 12 13 ``` 14 dcrwallet --create --createwatchingonly 15 ``` 16 17 This wallet can safely be connected to an online daemon and used to monitor the 18 cold wallet. It can be used to get new addresses and supply a UTXO list with 19 the command 'listunspent'. 20 21 Cold wallets are typically used in the following configuration: 22 1. Online computer with both a hot wallet used to handle funds and a 23 watch only wallet configured to watch an account from the cold wallet. 24 2. Offline computer with a cold wallet. 25 26 When a portion of the cold wallet is needed to be spent, the user can produce 27 a list of UTXOs to spend by fetching them from the watching only wallet. A 28 transaction can be created using these UTXOs, and the funds transferred to the 29 hot wallet so they can be spent somewhere online without posing a danger of 30 losing other funds from the cold wallet. 31 32 A tool has been created to help easily move offline funds on *nix machines. 33 This tool is located in cmd/movefunds and can be installed as follows, 34 granted that dcrd and dcrwallet are installed and vendored dependencies 35 are up to date with dep: 36 37 ``` 38 cd $GOPATH/src/github.com/dcrwallet/cmd/movefunds 39 go install 40 ``` 41 42 You may also have to install jq on the cold wallet machine. For debian-based 43 builds, you can use apt-get or build yourself. 44 45 ``` 46 sudo apt-get install jq 47 ``` 48 49 To move coins from the cold wallet without having to connect to the network, 50 the following procedure can be done: 51 52 1. On the machine with the watching only wallet, call 'listunspent' and pipe 53 the output to unspent.json (dcrctl --wallet listunspent > unspent.json). 54 Next, run: 55 ``` 56 dcrctl --wallet accountaddressindex myAccountName 0 57 dcrctl --wallet accountaddressindex myAccountName 1 58 ``` 59 Where myAccountName is the name of the account you're using in the 60 cold wallet. Write the output of these commands down somewhere. 61 62 2. Open unspent.json and remove any outputs you do not want to spend. 63 64 3. Open a terminal and change directory to where unspent.json is. Then, copy 65 config.json from $GOPATH/src/github.com/dcrwallet/cmd/movefunds to 66 this directory. 67 ``` 68 cp $GOPATH/src/github.com/dcrwallet/cmd/movefunds/config.json config.json 69 ``` 70 Edit config.json according to the network you're sending the funds on. 71 Fill in a recipient address there. 72 73 4. Run movefunds. It will generate sign.sh. Transfer sign.sh to the cold 74 wallet machine. 75 76 5. Start an unsynced daemon on the offline cold wallet machine. This is 77 achieved simply by adding the argument --connect=127.0.0.1:12345 to the 78 command to start the daemon. Because there is no local peer at port 79 12345, the daemon will sit idle at the genesis block. 80 81 6. Connect dcrwallet on the cold machine. Synchronize the addresses on this 82 wallet using the command and the responses you got at step 1: 83 ``` 84 dcrctl --wallet accountsyncaddressindex myAccountName 0 <response1> 85 dcrctl --wallet accountsyncaddressindex myAccountName 1 <response2> 86 ``` 87 Your cold wallet address manager will now be in sync with your hot 88 wallet. 89 90 7. Run sign.sh on the cold wallet machine and pipe the output to a file: 91 ``` 92 ./sign.sh > rawtx.txt 93 ``` 94 Transfer the raw hex of the transaction to the hot wallet machine. 95 96 8. Send the raw transaction on the hot wallet machine. 97 ``` 98 dcrctl sendrawtransaction $(cat rawtx.txt) 99 ```