Security is at the forefront of many crypto-enthusiasts’ minds. Securing your private keys and maintaining that security is no easy feat. EOS Canada’s multi-functional tool `eosc` has the ability to sign transactions offline from a cold wallet, making strong security accessible to all.We at EOS Canada have made a step-by-step walkthrough showing how to use these capabilities so that anyone can follow along. A few things that you will need: 2 computers (one of which is not connected to the Internet, known as an “air gapped” computer) and a USB key (or any other means of transferring a file from one computer to the other). That’s it!
This works for all transaction types -- so you can use it not just to move EOS or tokens, but also to vote or execute a smart contract, all from a fully offline cold wallet.
The main question that a user may have is “Why is this a useful capability?” The answer is that this technique enables you to avoid ever exposing your private keys to the Internet. Since your keys remain on the air gapped computer, you are protected from hackers trying to exploit vulnerabilities over the Internet, e.g. by injecting malware such as keyloggers, screen-capture agents or one that extracts the private key directly from memory.
Another question that we have received is “I have a hardware wallet, why would I want to use offline signing?” While hardware wallets are great to protect against key extraction by a bad actor, they don’t cover all cases of malware based attacks or phishing attempts. An example would be a targeted malware or an active bad actor watching for when a user is crafting a new transaction, who then pushes a rogue substitute transaction to your hardware wallet that you are tricked into signing instead of the transaction that you created. The hardware wallet screen may not be able to display enough metadata about the transaction for you to positively confirm that it is indeed the one you were about to push. In cases of simple transfers, this is generally safe, but since EOS allows you to sign transactions to complex smart contracts, this is a threat to consider.
If you have questions or run into any issues, please join us in the EOS Canada Telegram channel. If you have any feature requests for `eosc`, or want to propose a modification, feel free to open up an issue or a pull request at the `eosc` GitHub repository.