In a cold storage transaction, the mobile account does not have the secret key needed for spending. However, it is able to build an unsigned transaction and export it as a file.
The account owner moves the file to another computer that holds the secret key (preferably offline and air-gapped for security).
On the offline computer, he signs the transaction and generate a now valid transaction that he saves to another file.
After importing the later into the Y/ZWallet, the transaction is finalized and broadcast.
This workflow ensures that the secret key never leave the computer that is isolated from the Internet.
Cold Storage in the context of Bitcoin
The same concept is applicable to Zcash.
If the account does not have a secret key either because it was restored from viewing key or because it was converted to Cold Storage, the button Send is dimmed. Instead of signing and broadcasting a transaction, the Send page prepares an unsigned transaction.
If you enabled the “Use QR codes for offline signing”, you will get an animated QR code:
The transaction is too large to fit in a single QR code. YWallet uses animated QR codes with error correction (RaptorQ).
Depending on your phone OS, you can save the unsigned transaction to a USB key, or to the Cloud.
The transaction file must be copied to the computer that has the sign
application.
There are two options for signing the transaction. You can either use a command line tool (with no GUI) or use another phone/device with YWallet that you keep offline.
We recommend using another phone as the signer. Please, make sure that it was factory reset and that it was never connected to the Internet.
You can build the sign
app from its source code
To run the sign
app, you need to create an .env
file that has
a line
KEY="<seed or secret-key>"
For example,
KEY="human tissue pony dose host stamp tag hockey begin wisdom humble divorce goose grief analyst hard axis fiscal flat cloud huge pair sunset into"
Then run the signer as follows:
sign <unsigned filename> <signed filename>
For example,
sign tx.json tx.raw
Then copy tx.raw
back to a USB drive (or Cloud storage)
Use the “Sign” menu. It will ask you to open the unsigned transaction file and proceed to sign it. If the current account contains the secret key it will create a raw transaction and offer you to save it.
Point your camera and scan the animated QR code. Every time a QR code is captured, your phone will make a little “click”. Once all the data is read, the wallet will display the details of the transaction.
Make sure that the information is valid.
Then tap to Sign the transaction and produce an animated QR code for it.
You should use GPG to encrypt and sign your transaction if you transmit it over an unsecure channel.