In this guide we will see how to sign an ETH transaction from an offline computer and thereafter send it (broadcast) with an online computer without exposing the private key. This is useful for a better security profile and for creating a pre-signed raw transaction to broadcast lately. In this guide we will not cover the ethereum wallet creation but we suppose we already have one by a keystore file generated with MEW (locally running offline). The creation of a wallet is covered on my eBook on ethereum, which is publicly and freely available for download. If you have troubles in doing that, feel free to contact me or comment below.
Offline transaction signature
The procedure is composed by two different parts. 1) One is the signature executed on an offline computer and 2) the other is the process of broadcasting (sending) the previously created raw signed transaction. This second process needs, obviously, an online computer.
to achieve the 1) goal suppose you have the keyfile saved on a USB key and that you have a computer running totally offline (it is better that it is run from a live linux distribution for example so you can be sure that no viruses, trojans or malware are running there). Do not connect the USB key to an online computer!. At this point you have to run an offline (local) version of myetherwallet. This means that the MEW program is run locally on your computer and not invoked from the network. You can grab it from the following url (before starting the whole procedure):
when downloaded, you can simply unzip and run the index.html file inside the folder, opening the program on a local browser (for example firefox). You can, for example, save this program on an USB, to run on the offline computer directly. Be sure you are completely offline and no printer, wifi, bluetooth is running. Network cables must be disconnected.
Now you can generate and sign the transaction. Go to the send offline facility in MEW running locally. Write the from address, the to address and the amount you want to send in that transaction. You have also to specify gas.
Now choose “keystore file” as way to unlock your wallet and sign the transaction. You will have to load the file and enter the password for decrypting it. The keystore file is on your USB key (which you have connected after being totally sure you were offline). If all matches, the wallet is unlocked. Now click on “generate transaction“. This will create the raw of the signed transaction, very important. The raw transaction contains all the transaction content and it is all necessary for the transaction to be written on blockchain. Obviously the offline computer, who generated the raw, cannot broadcast the transaction since it is disconnected from Internet. But this is ok. For this reason we now save the raw transaction string to broadcast it to another computer which is ordinarily running online. The idea is that i want to manage my private key only when i am offline and go online not with the key but just with the transaction (when already signed), so that no key exposition is produced.
Broadcasting the signed transaction
Now you have to copy the long string (the transaction raw) you have just generated by putting it on the online computer. On that computer you shall go to MEW running the local version, in section “send offline”. In this case you have to fill no blanks, and more important you have not to upload the keystore file (absolutely do not to connect the USB key with keystore file on the online computer). Just paste the signed transaction into the corresponding box and click on send transaction.
Now, after few seconds, the signed transaction will be broadcasted to the network and you did it without having private key exposition on the online computer! So you made this transaction with maximum security. You can check the transaction with etherscan.io.
This procedure is ideal for making transactions from cold wallets and it’s used by long time holders who needs a really very safe wallet for their savings, since they have in many cases to hold large amounts of coins for a relative long timeframe.