Offline Key Generation: Air-Gapped Security Guide
Generating cryptocurrency keys on an internet-connected computer exposes them to malware, keyloggers, screen capture, clipboard hijacking, and remote exfiltration. For high-value wallets intended for long-term cold storage, the gold standard is air-gapped offline generation: creating keys on a device that has never been and will never be connected to any network.
This guide provides a comprehensive, step-by-step process for offline key generation, covering hardware selection, operating system setup, key generation, verification, and secure cleanup.
Why Air-Gapped Generation Matters
The Threat Model
When you generate a seed phrase or private key on an everyday computer, the key material exists in:
- RAM — Accessible to any process running on the system.
- Disk — May be swapped to disk by the operating system's virtual memory system.
- Clipboard — If copy-pasted, accessible to every application.
- Network — If the machine is connected, malware can exfiltrate keys instantly.
- Display — Screen capture malware or shoulder surfing.
- Keyboard — Keyloggers (software or hardware) record all input.
An air-gapped computer eliminates the network vector entirely. Combined with proper operational security, it significantly reduces or eliminates the other vectors as well.
Who Needs Air-Gapped Generation?
- Anyone storing more than they can afford to lose.
- Long-term "deep cold" storage (years or decades).
- Institutional custody and treasury management.
- Anyone who wants the highest achievable security standard.
For everyday spending wallets with small balances, a hardware wallet provides sufficient security without the complexity of air-gapped procedures.
Hardware Selection
Option 1: Dedicated Laptop (Recommended)
Purchase a new or factory-reset laptop that will be used exclusively for key generation and never connected to the internet:
- Remove or disable all networking hardware. Physically remove the Wi-Fi card and Bluetooth module if possible. At minimum, disable them in BIOS/UEFI firmware.
- Disable the camera and microphone. Remove them or cover/disconnect them physically.
- Use a laptop with no cellular modem.
- Budget options: Used ThinkPad (X230, T440) — inexpensive, well-supported by Linux, easy to physically modify.
Option 2: Raspberry Pi
A Raspberry Pi (Model 3B+ or 4) is a low-cost single-board computer with no Wi-Fi if you use the Pi Zero without a wireless module, or if you disable networking:
- Boot from a microSD card.
- No persistent storage beyond the SD card (which you will destroy afterward).
- No wireless hardware if using the right model.
- Lower cost ($35–$75 including accessories).
Option 3: Live USB on Existing Hardware
Boot a dedicated Linux live USB on an existing computer with all networking disabled:
- The live environment runs entirely in RAM.
- No data is written to the internal drive (if configured correctly).
- After shutdown, RAM is cleared.
- Risk: The existing computer may have hardware-level compromises (firmware rootkits, hardware keyloggers) that persist across OS boots. A dedicated device eliminates this risk.
Operating System Setup
Tails OS (Recommended)
Tails is a privacy-focused Linux distribution designed to leave no trace:
- Boots from USB and runs entirely in RAM.
- All networking is routed through Tor by default — but for air-gapped use, you will not enable networking at all.
- Designed for amnesic use: no persistent state unless explicitly configured.
- Includes common tools and can run Python for key generation scripts.
Setup steps:
- Download the Tails ISO on your regular computer.
- Verify the ISO signature using the Tails signing key.
- Write the ISO to a USB drive using the Tails Installer, Etcher, or
dd. - Boot the air-gapped computer from the USB.
- At the Tails Greeter, do not configure any network connection.
- Verify that no network interfaces are active:
ip link showshould show all interfaces DOWN.
Ubuntu Live USB (Alternative)
If Tails is not suitable:
- Download the Ubuntu ISO and verify its checksum.
- Write to USB.
- Boot with networking disabled in BIOS.
- At the Ubuntu installer, select "Try Ubuntu" (do not install).
- Verify no network connectivity.
Verifying Air-Gap Integrity
After booting, verify the air gap:
# Check that no network interfaces are UP
ip link show
# Verify no IP addresses assigned
ip addr show
# Attempt to reach the internet (should fail)
ping -c 1 8.8.8.8
# Check for Wi-Fi and Bluetooth
rfkill list all
All network interfaces should be DOWN, no IP addresses should be assigned, and the ping should fail. If any test suggests connectivity, stop and troubleshoot before proceeding.
Key Generation Process
Method 1: Using SafeSeed Tools Offline
SafeSeed's tools are client-side web applications that can run in a browser without an internet connection.
The SafeSeed Seed Phrase Generator and Paper Wallet Creator can be saved for offline use. Before going offline, save the complete web page (Ctrl+S / Cmd+S), transfer it to the air-gapped computer via USB, and open it in a browser. All cryptographic operations run locally in JavaScript — no server communication required.
Steps:
- On your regular (online) computer, navigate to the SafeSeed tool.
- Save the complete web page to a USB drive.
- Verify the file integrity (compare checksums if available).
- Transfer the USB drive to the air-gapped computer.
- Open the saved HTML file in the browser.
- Generate your seed phrase.
- Write it down on paper (do not save digitally on the air-gapped machine).
- Verify the seed phrase by re-entering it and confirming the same addresses are generated.
Method 2: Using Ian Coleman's BIP-39 Tool
The Ian Coleman BIP-39 tool is an open-source, standalone HTML page widely used for offline key generation:
- Download the latest release from GitHub on your online computer.
- Verify the PGP signature.
- Transfer to the air-gapped computer via USB.
- Open
bip39-standalone.htmlin a browser. - Generate or enter a mnemonic.
- Select the coin and derivation path.
- Record the seed phrase and addresses.
Method 3: Dice-Based Entropy
For maximum distrust of all software RNGs, generate entropy manually using dice:
- Use casino-grade dice (precision dice with sharp edges, not rounded consumer dice).
- Roll a single die 99 times for 256 bits of entropy (each roll provides ~2.585 bits; 99 rolls provide ~255.9 bits).
- Convert the dice rolls to a binary string.
- Use the BIP-39 tool (offline) to convert the binary entropy to a mnemonic.
- Or roll the die 50 times for 128 bits of entropy (12-word phrase).
Dice conversion methods:
- Base-6 method: Record each die roll (1-6), convert the sequence to binary.
- Binary dice method: Use a coin (heads=1, tails=0) 256 times.
- Dice-to-binary: Roll a die; if 1-3, record 0; if 4-6, record 1. Repeat 256 times.
The third method wastes the most entropy but is the simplest. For a detailed treatment of entropy quality, see our Entropy and Randomness guide.
Method 4: Command Line (Python)
For users comfortable with the command line, a minimal Python script can generate BIP-39 mnemonics:
import hashlib
import os
# BIP-39 word list must be loaded from a file
with open('english.txt', 'r') as f:
wordlist = [w.strip() for w in f.readlines()]
# Generate 256 bits of entropy
entropy = os.urandom(32) # Uses OS CSPRNG
# Compute checksum
h = hashlib.sha256(entropy).digest()
checksum_bits = bin(h[0])[2:].zfill(8) # First 8 bits for 256-bit entropy
# Convert entropy to binary string
entropy_bits = bin(int.from_bytes(entropy, 'big'))[2:].zfill(256)
all_bits = entropy_bits + checksum_bits
# Split into 11-bit groups and map to words
words = []
for i in range(0, len(all_bits), 11):
index = int(all_bits[i:i+11], 2)
words.append(wordlist[index])
print(' '.join(words))
Important: This is a simplified example for educational purposes. For production use, use a well-audited library like mnemonic from python-mnemonic.
Verification
After generating a seed phrase, verify it before trusting it with funds:
1. Checksum Verification
Enter the seed phrase back into the generation tool. If the tool accepts it without error, the checksum is valid.
2. Address Derivation Verification
Derive the first few addresses for the intended cryptocurrency and derivation path. Record these addresses. Later, on a separate device (or after re-booting the air-gapped machine), re-enter the seed phrase and verify the same addresses are generated.
3. Cross-Tool Verification
If possible, verify the seed phrase in two different tools (e.g., SafeSeed generator and Ian Coleman tool). Both should produce identical addresses from the same seed phrase, derivation path, and passphrase.
4. Small Transaction Test
Before storing significant value:
- Send a small amount of cryptocurrency to the first receiving address.
- On a separate device, restore the wallet from the seed phrase.
- Verify the funds are visible and that you can sign a transaction to send them back.
This confirms the entire chain: entropy generation, mnemonic encoding, seed derivation, key derivation, and address generation are all correct.
Recording the Seed Phrase
Paper
- Write clearly with a permanent ink pen on acid-free paper.
- Number each word (1-24).
- Do not write on a surface that might leave an impression (no writing on a pad of paper where the impression shows on sheets below).
- Store in a fireproof, waterproof container.
Metal
- Stamp or engrave onto stainless steel plates.
- Test with the first-four-letter abbreviation if space is constrained.
- Verify readability immediately after stamping.
- Metal survives fire and flood — recommended for long-term storage.
What Not to Do
- Do not photograph the seed phrase.
- Do not type it into any file on the air-gapped machine.
- Do not print it (printers have memory and network capability).
- Do not save it to the USB drive.
Secure Cleanup
After generating and recording your seed phrase, eliminate all traces from the air-gapped device:
1. Clear Clipboard and Screen
- Close all applications.
- Clear the clipboard (Ctrl+C some irrelevant text).
2. Shutdown
- Power off the computer. RAM contents decay within seconds to minutes after power loss.
- For extra assurance, leave the machine powered off for at least 15 minutes (DRAM retains data for shorter periods at room temperature, longer in cold environments).
3. Storage Media
- If using a Tails live USB, nothing was written to disk. The USB can be reused.
- If using a Raspberry Pi SD card with a non-amnesic OS, securely wipe the SD card (
dd if=/dev/urandom of=/dev/sdX bs=1M) or physically destroy it. - If you accidentally saved anything to the air-gapped machine's internal drive, securely wipe it.
4. USB Drive
- The USB drive used to transfer the generation tool should not contain any generated key material if you followed the instructions correctly.
- Verify the USB contains only the original tool files, nothing else.
- For maximum security, wipe the USB after use.
Advanced: Signing Transactions Air-Gapped
An air-gapped computer is useful not just for key generation but for ongoing transaction signing:
The Workflow
- Online (watch-only) machine: Construct an unsigned transaction.
- Transfer: Move the unsigned transaction to the air-gapped machine via USB or QR code.
- Air-gapped machine: Sign the transaction with the private key.
- Transfer: Move the signed transaction back to the online machine.
- Online machine: Broadcast the signed transaction to the network.
QR Code Transfer (Preferred)
Using QR codes eliminates USB drives entirely, closing a potential malware vector (USB devices can carry auto-executing payloads):
- Display the unsigned transaction as a QR code on the online machine.
- Scan the QR code with a camera attached to the air-gapped machine.
- Sign the transaction.
- Display the signed transaction as a QR code on the air-gapped machine.
- Scan with the online machine.
Wallets that support QR-based air-gapped signing include Coldcard, Keystone, and Sparrow Wallet (with a webcam setup).
PSBTs (Partially Signed Bitcoin Transactions)
Bitcoin's PSBT format (BIP-174) was specifically designed for air-gapped workflows. A PSBT contains all the information needed to sign a transaction without requiring the signing device to have any blockchain data.
Multi-Signature Air-Gapped Setup
For the highest security, combine air-gapped key generation with multi-signature:
- Generate three separate seed phrases on three separate air-gapped sessions (ideally on different devices).
- Set up a 2-of-3 multi-signature wallet.
- Store each seed phrase in a different physical location.
- Transactions require signing on two of the three air-gapped devices.
This provides protection against:
- A single compromised device (only one key exposed).
- A single lost seed phrase (two remaining keys can still sign).
- A single compromised storage location.
Common Mistakes
Mistake 1: Using a "Clean" But Previously Connected Computer
Wiping and reinstalling the OS on a computer that was previously connected to the internet is not sufficient. Firmware-level malware (UEFI rootkits) can survive OS reinstallation. A dedicated, never-connected device eliminates this risk.
Mistake 2: Connecting the Air-Gapped Machine "Just for a Moment"
Any network connection, even briefly, breaks the air gap. Malware can exfiltrate a private key in milliseconds. Once connected, the device can no longer be considered air-gapped.
Mistake 3: Using a Printer
Printers often have their own storage (to spool print jobs) and many modern printers have Wi-Fi or Bluetooth. Printing a seed phrase can store it in the printer's memory and potentially transmit it. Write by hand instead.
Mistake 4: Transferring the Seed Phrase Digitally
The seed phrase should never exist in digital form outside the brief moment it is displayed on the air-gapped screen. Do not copy it to a USB drive, save it to a file, or encode it in a QR code for transfer. Write it on paper or stamp it on metal directly.
Mistake 5: Not Verifying the Generation Tool
The tool you transfer to the air-gapped machine must be verified before use. Check file hashes, PGP signatures, or at minimum compare file sizes. A tampered tool could generate deterministic keys that the attacker already knows.
FAQ
Why not just use a hardware wallet?
Hardware wallets are excellent and sufficient for most users. Air-gapped generation provides an additional margin of safety for very high-value storage because it eliminates trust in the hardware wallet's random number generator and firmware. The air-gapped approach also allows verification with multiple independent tools, whereas a hardware wallet is a single point of trust.
How long does the entire air-gapped process take?
For a first-time setup, expect 2-4 hours including OS preparation, verification, key generation, and cleanup. Subsequent generations on an already-prepared device take 30-60 minutes.
Can I use a smartphone as an air-gapped device?
Smartphones are difficult to fully air-gap because they have multiple radios (cellular, Wi-Fi, Bluetooth, NFC) that cannot always be physically disabled. A laptop with networking hardware removed is more trustworthy. Some purpose-built devices (like Keystone wallet) are designed as air-gapped signing devices.
Is air-gapped generation necessary for every wallet?
No. For everyday spending wallets with small amounts, a reputable hardware wallet or even a well-secured software wallet is sufficient. Air-gapped generation is recommended for long-term cold storage of significant value.
How do I update the software on an air-gapped machine?
You do not. The air-gapped machine should run the same software indefinitely. If you need a newer version of a generation tool, download and verify it on an online machine, transfer it via USB, and verify the checksum on the air-gapped machine before use.
What if the air-gapped machine's random number generator is broken?
This is why dice-based entropy exists as a fallback. If you distrust all hardware and software RNGs, generate entropy manually with dice and feed it into the BIP-39 tool. The resulting seed phrase's security depends only on the quality of your dice rolls, not on any electronic component.
Can malware jump the air gap?
In theory, sophisticated state-level attackers have demonstrated air-gap-jumping techniques using electromagnetic emissions, acoustic signals, or LED blinking patterns. In practice, these attacks require physical proximity, specialized equipment, and are far beyond the capability of ordinary crypto thieves. For the vast majority of users, a properly maintained air gap is practically impenetrable.