Setting up an offline wallet with Kukai
As with any cryptocurrency protecting the secret key is critical. A computer connected to the internet is a hot target for malicious attackers, so you probably want to store most of your tez in an offline wallet or a hardware wallet. The idea with an offline wallet is that you segregate the most sensitive part of the operation i.e. signature process of an operation in a protected offline environment.
Some tez that you could afford to lose can preferably be stored in a hot wallet for day to day transactions. We highly recommend everyone to take all necessary actions to secure and protect your private keys. This guide will show you how to set up an offline wallet with Kukai and do all major operations securely.
Step 0
First make sure you have a secure offline environment for your wallet. You can either have a dedicated computer for it or a bootable Linux USB Flash Drive (with e.g. Tails) that never connects to internet.
Always download the Kukai wallet from our official links on Github and verify the SHA256 checksum. It is important to ensure that you are using a legitimate software without any extra piece of code added on top.
Move your Kukai wallet app to your offline system using for example a pen drive. Create or import your wallet following the instructions in the app. Then export a view-only wallet from your full wallet. The view-only contains only your public key.
Step 1 (online)
Import your view-only wallet into the client or website. Make an operation inside your wallet. An unsigned operation will be created and exported to a file. Move the file to your offline wallet.
Step 2 (offline)
Go to the offline signing view and import the unsigned operation. The operation will now be parsed and visible in the wallet so you know exactly what you are about to sign. After verification, sign and export the signed operation back to the view-only wallet.
Step 3 (online)
In the final step, you need to broadcast the signed operation to the network. Import the signed operation in the offline-signing view and broadcast it from the last section.
