If you are managing high-value private keys, the next best thing to a hardware wallet is utilizing an air gapped setup with two computers using Anchor. This allows you to use one computer that is online and connected to the blockchain to create and broadcast transactions, combined with another computer that is offline (air gapped) which will do the signing.

To achieve this, you’ll need the following:

• A computer connected to the internet, with Anchor installed. This is known as your Watch Wallet.
• A computer not connected to the internet, with Anchor installed. This is known as your Cold Wallet.
• A portable storage medium to move files between them, like a thumb drive.

NOTE: In order to see many of these settings, you will have to go into the Settings in Anchor (gear in the upper right) and then enable “Advanced Options”. This is a change as of version 1.2.x. All of the watch/cold wallet functionality are hidden behind this option now.

Setting up the Watch Wallet

This setup should be done on the computer that IS connected to the internet.

Once you have Anchor installed and have selected which blockchain you’d like to use, you’ll choose to import an existing account. The next step prompts you for how you’d like to import that existing account, and you’ll find an option to setup a “Watch Wallet”.

image2066×1778 471 KB

Once selected, you’ll just need to enter the account name you’d like to setup and import it. This watch wallet is essentially an empty wallet (no keys) which can be used to monitor an account and to create transactions for use within a “Cold Wallet”.

Setting up the Cold Wallet

This setup should be done on the computer that IS NOT connected to the internet.

To install Anchor on the offline computer, you can download the appropriate installer and save it to your thumbdrive or other portable media. Once it’s installed, you’ll be greeted with the setup screen and you’ll want to select “Setup Cold Wallet”.

image2066×1510 255 KB

By selecting this option, you’re telling Anchor that it’s not going to have an internet connection - and that it should disable most of the user interface and operate only in the mode where it’s allowed to sign transactions. You will need to select which blockchains you plan on using, and then manually setup your accounts by entering:

• The account name.
• The name of the permission you’re using (active or owner typically).
• The private key that controls that account/permission.

The details can be put in after selecting a blockchain and will look similar to this:

image2066×1590 423 KB

Once your account is imported, you’ll be greeted by this screen:

image2066×1590 435 KB

The cold wallet is now setup and ready to use.

Starting a transaction on the Watch Wallet

Back to the computer which IS connected to the internet.

You can use Anchor now with this Watch Wallet to perform transactions, but instead of immediately signing them and broadcasting them to the blockchain (like a normal wallet would), it will instead prompt you to export the transaction, with a few options.

For the purposes of this tutorial and for use in a Cold Wallet, you’ll want to use the “Save as File” option.

image2066×1886 538 KB

You can name this file whatever you’d like so it’s recognizable, and you’ll want to save this file to your thumbdrive or portable media. This file contains the transaction you just tried to perform in the Watch Wallet, but since the Watch Wallet doesn’t have your private keys, it cannot sign and authorize the transaction.

Sign the transaction on the Cold Wallet

Switch back to the computer which IS NOT connected to the internet.

By saving it to the thumbdrive, you can now move that file to the offline computer running the Cold Wallet. Mount the drive if needed, and then click the “Load Unsigned Transaction” button located in the middle of the screen. You’ll be prompted to find the file, so navigate to the thumbdrive and select the file you created.

image2066×1590 435 KB

Once the file is selected, you’ll be presented with a screen to sign the transaction.

image2066×1590 367 KB

This will display the number of transactions to perform, the number of actions, and how long until the transaction expires. It’s important to note that each transaction done in this way will expire within 1 hour.

Scrolling further down you’ll also find the raw details of the transaction you’re about to sign.

Once you’re ready, click the orange “Sign this Transaction” button. Once the transaction is signed, Anchor will automatically prompt you to save a new file - this time it will be a copy of the transaction that has been signed and authorized by the private key loaded in the Cold Wallet. Once again, save this file to your thumbdrive or portable media.

Broadcasting the transaction to the blockchain

Switch back to the computer which IS connected to the internet.

Now with the newly saved signed transaction on your thumbdrive, move it back to the computer connected to the internet. Do what you need to do to mount the thumbdrive within the operating system and then open Anchor. There is a small wifi looking symbol in the lower left of the screen for broadcasting transactions.

image2066×1590 362 KB

You’ll want to select that option and then import the signed transaction file from your thumbdrive.

image2066×1590 281 KB

Once the file is loaded you’ll be presented to review the transaction once more, and then be able to click the purple “Broadcast Transaction” button to submit the transaction to the blockchain.

image1978×1502 287 KB

The transaction will be submitted like any other - but during the entire process you managed to keep your private keys on a computer that was never connected to the internet. It’s essentially a DIY hardware wallet using multiple computers. You can repeat this process as many times as you’d like and perform all the transactions you need to.

Cool I will try with one of my old macbooks that I will keep off line. For this cold wallet can I import accounts from a saved Anchor backup?

This actually reminds of a cold wallet/watch wallet with the TokenPocket mobile App. Using to mobile phones. I love using Anchor mobile authenticator, so for me I think it would be great if I had an Anchor Watch wallet on my desktop and a non connected mobile phone for the cold wallet? And instead of using thumb drives it uses QR codes to capture the transaction with the mobile like the authenticator but it is off line but send back the signing authentication from the offline phone by bluetooth or even a QR code on the phone that can be read by the desktop camera? I feel this would be much easier than moving usb thumb drives back and forth computers. So basically the hardware cold storage wallet is an old mobile that is not connected to the internet. And to make it even more secure have biometric authentication on the mobile that is offline.
TLDR: have a version of the mobile Authenticator that is not connected to the to the internet.

Unfortunately no, but that’d be a cool feature to have at some point.

We could potentially do something like that, but I feel as if it’d be a pretty underutilized feature, especially compared to the amount of effort it would take to build. It’s definitely something we consider in the future, but would likely be more of a passion project than something we’d be able to devote a lot of effort into.

It’d breathe some life into some old retired mobile devices for sure though!

I think honestly I’d still just use an old mobile device as the signer and just have it connected to wifi. The secure enclave is pretty invulnerable unless you have physical access to the device, so if it was always at home and in a secure place, being on wifi doesn’t present much of a risk.

On top of that, it’d already work today. If you notice in one of those screenshots for the watch wallet, it’d already got the QR code

Yes you bring up a great point here to use the Anchor authenticator on an old mobile and you can store that offline and just turn on the wi-fi when you want to approve transactions.
Thanks Aaron!

Is there an existing Mobile Autenticator already for Android? This seems like a very secure and yet simple way to have a “cold” wallet.

I am interested in solving the problem of leaving a clear set of instructions and tools for my heirs, multisig could also be useful. So much to learn. Appreciate your team and Anchor. Thank you.

It’s in Alpha at the moment and is being tested, hopefully the release is not too far off!

Thanks for this write-up Aaron! In working through your steps I found that the “watch” and “cold” wallet options do not show up in Anchor until you enable advanced options in the settings (it’s at the bottom of settings). Once enabled the watch and cold wallet options become available.

More importantly though, after setting up watch and cold wallets I attempted to update my voting. I am doing this via watch to create the transaction, then cold wallet to load the json file. The cold wallet allows me to browse to the JSON however nothing happens after it is selected to open. I have used the Anchor cold wallet to validate my private key and the resulting public key does match my account public key. Also I have tried doing this with Active and Owner accounts without success. Any ideas why the cold wallet wouldn’t open the json?

Appreciate any info you can provide!

Ah yep - that was a change we made in the most recent version, I’ll get this post updated.

Potentially a bug, we’ll have to investigate and see if we can reproduce it.

First off let me know if there’s a better place/method to provide this feedback. I did some testing and found that the problem goes away with version 1.1.9. I had to downgrade both my watch and cold computers to v1.1.9 but was successful in voting with my active account. Thanks for pointing me in the right direction!

I spent a good chunk of yesterday working on the watch/cold wallet code and I think the fixes will be ready for 1.2.2. It turns out the resource management we’re doing now with Fuel weren’t being relayed properly into the cold wallet, so the cold wallet wasn’t sure how to sign transactions.

I’ve done a number of tests now with different transactions and I think it’s good, but once 1.2.2 is released, I’ll look forward to any feedback or bug reports you may have.