Cold wallet without running full node (Almost cold wallet) - solved

Somebody asked this in May 2021 on github without any answer.
I guess more people would like to know for the same reason.

Usecase:
I would like to run my cold wallet on isolated secure machine but I would like to avoid having it run Full node.
I want my (almost) cold wallet to be isolated in VirtualMachine so I can do transactions.
I turn it on, make a transaction and turn VirtualMachine back off until I need to do another transaction.

Is there a way to have synced wallet without running a complete synced full node?

EDIT AFTER EXPERIMANTATION:
SUCCESS !!!
Here is a short guide how I did it (I even make it work in GUI):

  1. Have a Host machine running and working full node (for this example it will have IP 192.168.1.100).
  2. Create VirtualMachine with installed OS of your choice (in this example 192.168.2.99 and it has windows).
  3. Make sure VirtualMachine is connected to internet
  4. Make sure Host and Virtual machines can ping each other (paths, gateways, subnet masks etc.)
  5. Install chia (same version as Host) on VirtualMachine
  6. On VirtualMachine import/write your mnemonic 24 words of a wallet you want to operate there
  7. Close Chia app completely on VirtualMachine, and edit and save config.yaml with these parameters (note; use parameters that fits your setup):
...
wallet:
  ...
  full_node_peer:
    host: 192.168.1.100
    port: 8444
...
  1. On VirtualMachine run wallet-only

  2. This step takes a lot of time (hours) to sync and you can periodically check status on VirtualMachine with “.\chia wallet show” until it is synced (number will rise from 0 to 180000+ depended on how high is the wallet chain)

  3. When wallet is synced you can send coins without having full node running on VirtualMachine

  4. To use GUI first stop that wallet on VirtualMachine “.\chia stop all”

  5. On VirtualMachine start chia GUI application

  6. It will start to sync full node but you kill the processes on VirtualMachine TaskManager: “start_farmer.exe”, “start_full_node.exe” and “start_harvester.exe”. You leave running “start_wallet.exe” and “daemon.exe”

  7. Now your wallet will be running normally on VirtualMachine but nothing else, so you can use this machine only to operate transactions.

When I need to make a transaction from this secure VirtualMachine, I start it, wait a little to be synced and do my transactions etc, then close it and secure it on some USB stick, disk or wherever.

I did this experiment on Flax fork of Chia but it is the same code and it should be equivalent to Chia. I’m going to do this now with Chia and report if it is not working but I doubt that I will have different result.

Special thanks to @juppin @luckidog @WolfGT who helped me with their guidance

Edit the section wallet.full_node_peer.host in your config.yaml to point to a trusted (probably your) full node.

Here are the related entries in the config.yaml:

...
wallet:
  ...
  full_node_peer:
    host: localhost
    port: 8444
...

Then start only the wallet with: chia start wallet-only
This only works with the non gui version as the gui will start the full node anyways.

I used the full node peer/wallet only method. It’s not really a cold wallet, but a hot wallet isolated from all the third party chia/fork stuff I’ve put on my farmer. I’ve also noticed the wallet seems to sync faster this way.

1 Like

Thanks man.
Secure machine is hidden behind VirtualMachine so it is same IP. I guess it would have some conflict with existing Wallet on main machine?

I’m not big on VM use, but doesn’t each VM have it’s own “internal” or “virutal” IP that you use to connect outside of the VM?

I understand what you are trying to do. But I just want to make a clarification for anyone that stumbles in here. A “Cold Wallet” by definition is not supposed to have a node running at all. You are supposed to bring up a node, create the keys, record the mnemonic phrase and keys on paper and document the receive address. Then delete the software and store the phrase and keys in a safe or somewhere safe. Then send your XCH to the receive address. This way, there is no way to hack any system and get into that wallet. It is not online anywhere (it is cold).

1 Like

Thanks for clarification. I worded my question badly. But I’m glad you understand :slight_smile:
I wanted a working wallet that is isolated from rest of the world. It is still “hot” if it is running anywhere, yes.

When I created my “cold” (er?) wallet, that is the process I followed. I synced the wallet against the full node I control on my LAN, validated that I saw a few transfers from my hot wallet. Then destroyed the VM.

1 Like

This is good approach also.

I find this solution interesting where you have VirtualMachine wallet connected to host machines Node. But I see the issue of same IP directed to internet.
Or can wallet point out to Local IP (host) and then Host with its Full node is directed to Internet IP?

I’ll try this solution and if it works get back to you. It will take time to sync :slight_smile:

There is no issue of multiple machines “connecting to the internet”. The wallet on the VM only talks to the full node on the LAN. VM is not running the GUI, chia start wallet-only.

1 Like

Anyone using Qubes-OS?
you can do this with it, create:

  1. “DomainFullNode” this domain will do an Active full node sync and also farming / harvesting plots. and maybe also creating plots too.
  2. “DomainSecureWallet” this domain use only local firewalled comm to “DomainFullNode” for sync full node and nothing else will pass the firewall.

the difference with Qubes-OS is the dom0 is very secure domain therefore there is no malware, ransomware, virus, can penetrate.

Which IP in config.yaml should I point to my Full node machine? and port 8444?

@juppin wrote:

wallet:

full_node_peer:
host: localhost
port: 8444

This?

I don’t know your local private ip of your full node!
If your full node is running on private ip 192.168.123.45, then your config.yaml should look like:

...
wallet:
  ...
  full_node_peer:
    host: 192.168.123.45
    port: 8444
...
1 Like

I’m trying to get this thing work.
My idea is to have Virtual machine that I only do transactions from my (almost)cold wallet and I want to do is without it running a full node (same PC same IP as regular farmer machine).

So my setup so far is:
Main PC:
Full node+Farmer+Wallet: 192.168.1.90
Virtual Machine:
I want only Wallet: 192.168.1.105

Config.yaml on Virtual Machine:

full_node:
   farmer_peer:
    host: 192.168.1.90
    port: 6885
  introducer_peer:
    host: introducer.flaxnetwork.org
  wallet_peer:
    host: 192.168.1.90
    port: 6883

wallet:
  database_path: wallet/db/blockchain_wallet_v1_CHALLENGE_KEY.sqlite
  full_node_peer:
    host: 192.168.1.90
    port: 6888

Thoughts:
I wanted to point out my VM that full node is running on *.1.90 (main PC) and that wallet is also there (in FullNode part).
In Wallet section I put also my main PCs address as suggested.
There is something called introducer that I don’t know what is it for.

Expected behaviour:
I’m running GUI for better visibility.
I was expecting my FullNode to be synced because it was leeching of my main computer but it started syncing from beginning.
Same I was expecting my Wallet to be synced but it started syncing from beginning.
Can I have only wallet syncing and be synced without full node?

P.S.: I’m experimenting this on Flax fork to reduce risk so ports are different but it should be equivalent to chia once I get it working.

I don’t know am I making any sense here :slight_smile:

It doesn’t work with the gui as it starts the full node and other stuff if you want or not.

As said in post #2, you have to use the cli version.
Please read post #2 again for the command.

Thanks man for support… I’ve been trying with CLI without much success… I get result like this:
Untitled
There should be some coins on there.

I don’t know what I’m missing.
I did modif in config only the modifs you suggested (with correct IP)
Ports issue, something wrong in config, something else?

Your wallet needs to be synced to reflect your current xch.

I’ll try it myself the next days and report my findings…

1 Like

There’s no need to have a synced cold wallet if all you want to see are transactions into your wallet, just use the blockchain explorer and your wallet receive address, all transaction can be seen.

I want my (almost) cold wallet to be isolated in VirtualMachine so I can do transactions.
I turn it on, make a transaction and turn VirtualMachine back off until I need to do another transaction.

By that I would make my “cold” wallet easy to use while still make it out of the reach all the time and in secure environment.

Adding keys, making transactions and then deleting keys on some hot machine is complicated and not that secure since that machine can be compromised. This VirtualMachine would have sole purpose of existence to make transactions from “out of reach wallet” and would be off all the time.

@Ronski ChiaBlockchainExplorrer is just to see what is happening on my wallet but unable to do anything more.

It’s the storing the keys in a safe place part that is the weak part.
Crypto is full of stories of phrases going missing!