If you are managing high-value private keys, the next best thing to a hardware wallet is utilizing an air gapped setup with two computers using Anchor. This allows you to use one computer that is online and connected to the blockchain to create and broadcast transactions, combined with another computer that is offline (air gapped) which will do the signing.
To achieve this, you’ll need the following:
- A computer connected to the internet, with Anchor installed. This is known as your Watch Wallet.
- A computer not connected to the internet, with Anchor installed. This is known as your Cold Wallet.
- A portable storage medium to move files between them, like a thumb drive.
Setting up the Watch Wallet
This setup should be done on the computer that IS connected to the internet.
Once you have Anchor installed and have selected which blockchain you’d like to use, you’ll choose to import an existing account. The next step prompts you for how you’d like to import that existing account, and you’ll find an option to setup a “Watch Wallet”.
Once selected, you’ll just need to enter the account name you’d like to setup and import it. This watch wallet is essentially an empty wallet (no keys) which can be used to monitor an account and to create transactions for use within a “Cold Wallet”.
Setting up the Cold Wallet
This setup should be done on the computer that IS NOT connected to the internet.
To install Anchor on the offline computer, you can download the appropriate installer and save it to your thumbdrive or other portable media. Once it’s installed, you’ll be greeted with the setup screen and you’ll want to select “Setup Cold Wallet”.
By selecting this option, you’re telling Anchor that it’s not going to have an internet connection - and that it should disable most of the user interface and operate only in the mode where it’s allowed to sign transactions. You will need to select which blockchains you plan on using, and then manually setup your accounts by entering:
- The account name.
- The name of the permission you’re using (active or owner typically).
- The private key that controls that account/permission.
The details can be put in after selecting a blockchain and will look similar to this:
Once your account is imported, you’ll be greeted by this screen:
The cold wallet is now setup and ready to use.
Starting a transaction on the Watch Wallet
Back to the computer which IS connected to the internet.
You can use Anchor now with this Watch Wallet to perform transactions, but instead of immediately signing them and broadcasting them to the blockchain (like a normal wallet would), it will instead prompt you to export the transaction, with a few options.
For the purposes of this tutorial and for use in a Cold Wallet, you’ll want to use the “Save as File” option.
You can name this file whatever you’d like so it’s recognizable, and you’ll want to save this file to your thumbdrive or portable media. This file contains the transaction you just tried to perform in the Watch Wallet, but since the Watch Wallet doesn’t have your private keys, it cannot sign and authorize the transaction.
Sign the transaction on the Cold Wallet
Switch back to the computer which IS NOT connected to the internet.
By saving it to the thumbdrive, you can now move that file to the offline computer running the Cold Wallet. Mount the drive if needed, and then click the “Load Unsigned Transaction” button located in the middle of the screen. You’ll be prompted to find the file, so navigate to the thumbdrive and select the file you created.
Once the file is selected, you’ll be presented with a screen to sign the transaction.
This will display the number of transactions to perform, the number of actions, and how long until the transaction expires. It’s important to note that each transaction done in this way will expire within 1 hour.
Scrolling further down you’ll also find the raw details of the transaction you’re about to sign.
Once you’re ready, click the orange “Sign this Transaction” button. Once the transaction is signed, Anchor will automatically prompt you to save a new file - this time it will be a copy of the transaction that has been signed and authorized by the private key loaded in the Cold Wallet. Once again, save this file to your thumbdrive or portable media.
Broadcasting the transaction to the blockchain
Switch back to the computer which IS connected to the internet.
Now with the newly saved signed transaction on your thumbdrive, move it back to the computer connected to the internet. Do what you need to do to mount the thumbdrive within the operating system and then open Anchor. There is a small wifi looking symbol in the lower left of the screen for broadcasting transactions.
You’ll want to select that option and then import the signed transaction file from your thumbdrive.
Once the file is loaded you’ll be presented to review the transaction once more, and then be able to click the purple “Broadcast Transaction” button to submit the transaction to the blockchain.
The transaction will be submitted like any other - but during the entire process you managed to keep your private keys on a computer that was never connected to the internet. It’s essentially a DIY hardware wallet using multiple computers. You can repeat this process as many times as you’d like and perform all the transactions you need to.