The Insanely Secure Guide to Creating a Skycoin Wallet Address

The ultimate super mega secure Skycoin wallet setup guide for super spies and the extremely paranoid.

If you just have a regular PC running Windows, or an old iPhone, don’t let this guide dissuade you from simply installing the Skycoin wallet software. The software is bullet-proof and you can feel confident that your coins are safe. This guide is meant to educate, entertain, and demonstrate the lengths one could go to in order to ensure maximum Skycoin wallet security. You can choose to do some or none of these steps… just don’t lose your seed phrase!

In this day and age, it’s only natural to be suspicious of any activity that involves computers and privacy. Particularly when money is involved, one can never be too careful. As hacking become more sophisticated and harder to prevent or detect, you never know who might be watching. This healthy skepticism and love of security is likely what led you to the Skycoin project in the first place, and its promise of a super secure decentralized Internet with end-to-end encrypted traffic. So why not start off your journey into the Skycoin ecosystem with the most secure method to create and use your Skycoin wallet address?

You can tell he’s a serious hacker because of his scary hoodie.

1. Download the Skycoin wallet only from https://www.skycoin.com. No other source is authorized and unofficial sources (like torrent files) may be compromised. Make sure you are on Skycoin’s website, and double check that you are connected using https. Download the installer that corresponds to your system, as well as its signature.

(Ideally, you would be doing this on a RAM disk of a machine running hardened Linux, with a non-Intel, non-AMD CPU with no mounted hard drive. But that’s only for the real paranoiacs.)

Depending on your personal preferences, you may wish to download the wallet via an anonymizing VPN, or using the TOR Browser. Your call!

2. Because you’re justifiably paranoid, you’ll probably want to verify the signature of the download to prove its authenticity. Signatures are a way to verify that no one has hijacked your connection in order to serve bogus or compromised packages while making it appear as though you are downloading legitimate ones. Only the authentic Skycoin Wallet will be able to verify its signature.

Verifying software signatures is easy, and you should definitely do it for software that is going to be holding valuable assets.

3. Don’t open up that download yet! It’s time to disconnect from the Internet completely. We’re going to build an air gap by turning WiFi off altogether, and unplugging any Ethernet cable, hard drive, or other peripheral that might be plugged into your machine. While you’re at it, be sure to disable Bluetooth and GPS as well. Close any non-essential programs and halt any non-essential processes.

Don’t just turn off your internet; unplug your ethernet cable. Get your computer “air-gapped” and shut off any antennas, like Bluetooth.

4. Now that your computer is totally offline, and you’re in a private, secure location, open and install Skycoin wallet, then open the application. Create a new wallet. Choose a 24-word seed (rather than 12-words), for extra security.

There’s your 24-word seed. Well, yours will have different words. Note the red text! Go ahead and encrypt your wallet with a password, too.

5. Write down, neatly on a piece of paper, the 24 words exactly as they appear on the screen. Double check the spelling and order of the words. Then triple check, because the seed is the only way to load your wallet anywhere again. This may be the most crucial step of this process. Maybe quadruple check.

If you’re really serious about security (of course you are), and if you recognize the flammable and other less-than-ideal properties of a scrap of paper, you can go super hardcore and carve your 24-word seed onto a plate of titanium or stainless steel. Worth it!

Witness the birth of a paper wallet.

You may feel like you could save some time and just print your seed out using a printer, but if you’re truly the super spy you claim to be, you will know that printers can cache print jobs and those caches can theoretically be retrieved later. (Also, you unplugged everything in step 3, remember? That included your printer.)

6. Since you know that this seed phrase is your private key, and that the seed is all that is needed to load your wallet anywhere and make transactions, you will want to be especially careful about where you store it. Put your seed in a safe deposit box (if you trust your bank, ha ha), or bury it in a weatherproof chest on a tropical island like a pirate. Whatever you do, don’t lose it.

Ah! Looks like you buried your wallet seed in Mordor. Well done!

Splitting the seed into a few pieces is a clever tactic. A fireproof/waterproof safe is a good start for one chunk of the seed. Hide the other one or two chunks of the seed securely using different methods and store them each in geographically different secret locations. Be creative!

It doesn’t hurt to try memorizing the seed, if you’re sure your mind won’t ever be compromised, but you should not rely on this method since you are, presumably, only human and therefore (regrettably) fallible.

7. Write down the wallet address that was generated by the seed phrase, and then double check that you have it written down correctly. Then go ahead and triple check. (Don’t worry, the wallet address won’t contain any ambiguous or easily misunderstood characters like the letter o or the number zero, a capital i or lower-case L.)

Ignore the QR code for now. Just write down the alphanumeric address at the bottom.

8. Why not create a second wallet address while you’re at it, call that your “hot” wallet, and you can load it anywhere, use it for trading, etc, but always send excess funds from that hot wallet to the original “cold” wallet address you created. Now you’ve got the best of both worlds, and the worst that can possibly happen is that you lose the minimal trading funds you keep on your hot wallet (rather than everything you own). That’s how the smart exchanges do it, and they get hacked all the time.

9. Quit the Skycoin wallet application and throw it in the trash. Wait, there’s more: You will want to ensure that the application as well as the wallet files are all deleted. This is an important step! The .wlt file(s) are your wallet files, and they aren’t necessarily thrown away when you trash your Skycoin Wallet application. You have to find them on your system to manually delete them. (If you encrypted them during the setup, you won’t be able to open those .wlt files without that password. Hooray for encryption!)

Visit this page on GitHub to see where to look for leftover wallet files on your system. Securely empty the trash, or use a software file shredder that overwrites the files so they are unretrievable.

Those ‘invisible’ files need to be hunted down and destroyed. Screenshot from https://github.com/skycoin/skycoin/wiki/Data-directory-and-wallet-folder-locations

10. Now the only copy of your wallet that exists should be on your piece of paper. (Your wallet address doesn’t even appear on the blockchain until someone sends it some Skycoin.)

The wallet address is your public key, so it is not as crucial to keep hidden as your private key/seed, but still, anyone who has it could see your balance and transaction history on the Skycoin explorer, and if they link that address to your real-world identity, it could bring unwanted attention or scrutiny. Best to keep it (and your precious Skycoin balance) secret from anyone or anything that can link it to you by name.

11. You can turn your WiFi back on, allowing hackers, your ISP, governments, and social networks to resume their 24/7 surveillance of your activities. (Unless you’re cleverly using Skywire to thwart these efforts.)

If you’re holding Skycoin, you probably believe in a free, open, and decentralized Internet. That’s Skywire.

12. Go to skycoin.com and get some Skycoin into the wallet address you generated. Once you send Skycoin to it, and that transaction is written to a block, your address will appear on the Skycoin Fiber blockchain.

The page you’re looking for is https://www.skycoin.com/buy/

13. Note: Your Skycoin is held on the blockchain. The software wallet just provides a convenient way to interact with the blockchain. That’s why you don’t need the Internet for any of these steps, or the wallet software itself for that matter. Go ahead and type your address (not your seed!) into the search field at explorer.skycoin.com to check your balance or review transactions. As long as you’ve sent Skycoin there, it will show up.

14. Sit tight and watch that Skycoin increase in value as it automatically produces Coin Hours.

Coin Hours are fun to collect!

15. You can live your life with just that paper wallet, if you want. You lose some convenience by not using Skycoin’s secure software or hardware wallet, but maybe that loss of convenience is worth the assurance that your wallet is one hundred percent offline.

16. If and when you’re ready, you can “load” your wallet into a software or hardware wallet using your seed phrase, and your balance of Skycoin will be there waiting for you, along with all the Coin Hours they’ve been generating, (and will continue to generate on the blockchain).

17. Congratulations, agent! You did it!

If you liked my writing and would like to contribute to me making more feel free to donate some Skycoin: GCB5KK9LmJzxxxh2hMoKm3HRXwaJe9vRfd