Guide: Stellar Lumens cold wallet setup and signing transactions offline

Purpose

Lot of us likes to follow the best practices of not leaving any crypto on the table by having a secure cold wallet setup for any sort of cryptocurrencies that we own. Many people uses the Ledger Nano as their go-to hardware wallet choice but many others also like to have their own version of offline/paper wallet as a cold wallet setup where it's private key never touches the internet. The challenge which comes with that is obviously how to manage and sign transactions with your private key in such cold wallet setup and it becomes a bit crumble some for non technical user.

I personally like to have a cold wallet setup by staying in-charge of the private key in an offline computer. For ETH cold storage I followed this excellent guide from Tomshwom to setup Tails OS + KeePassX + USB drive + MyEtherWallet as cold wallet. Please check it out in case if you want to use a similar approach:

Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet

I want to use the same setup that I have to store Stellar Lumens but I couldn't find any complete step-by-step guide to sign transactions offline. Hence, I decided to give it a shot to make such guide myself. This is the first time I am making any guide as such so I hope I can cover everything accurately. Please first read through this complete guide before executing any step.

Note: You can still follow this guide even if you don't have a similar setup that's mentioned above. The steps we are going to cover can be applied for any sort of offline wallet setup

You might need to follow along this guide on a different computer/smartphone during the offline portions.

Overview

Below is what we are going to cover in this guide

Downloading our tools
Securely setting up an offline paper wallet
Getting Stellar Laboratory website for offline use
Building a transaction on a computer that is online
Signing a transaction on a computer that is offline
Submitting a transaction from a computer that is online
Joining an Inflation Pool

You will also need a usb drive for securely transferring some data back and forth between our online to offline system.

So let's dive right into this

Downloads

We are going to use couple of tools from Stellar's official github repositories. Obviously, we start by being on a computer which is connected to the internet.

First tool is to setup a paper wallet offline. (Feel free to skip this step if you already have setup an offline wallet and have access to it's private key)
Second tool is the offline version of Stellar Laboratory to sign transactions.

[Update]: I just found out that Stellar will soon deprecate their paper wallet mentioned below. It is still functional right now but may not be in future. I will keep an eye out for a good platform-independent wallet generator and will include the update-to-date version here whenever available

Download the paper wallet by visiting following link and click on "Clone or download" button.
https://github.com/stellar/paper-wallet
Download the Stellar Laboratory by visiting following link and click on "Clone or download" button. https://github.com/stellar/laboratory

Setting up Paper Wallet offline

Here I am going to outline how to setup a paper wallet on your offline system. (Feel free to skip this step if you already have setup an offline wallet and have access to it's private key)

For this step you will first need to plug-in the usb drive to your computer which is connected to the internet and copy the downloaded paper wallet folder to this usb drive. You can unplug the drive after that.
Boot the offline system/computer which should never connect to the internet. Plug in the usb drive and open index.html file from the folder.
After that it's super simple to just click on the "Generate" button in order to generate your pair of public key (wallet address) which starts with G and private key which starts with S.

You will see QR codes as well as text output. It is extremely important here to safely save your private key. This is the key used in order to do any sort of transaction from your wallet and also to recover access to your wallet if your computer is stolen or can't boot anymore due to disk failure or any other reason.

If you are storing this private key on your offline computer's hard drive/usb/sd card, then it is also very important that you store it in an encrypted form. It's best to follow the guide I mentioned earlier for Tails OS and KeyPassX setup to do so. But you can also use any other password managers or some form of encryption.

Alternatively you can also write down this private key on the piece of paper.

Whether you store your private key on a physical drive in an encrypted form or write it down on paper - Please make sure to have multiple backups/copies of it and store them securely to avoid any single point of failure incase if you loose the only one copy you have.

Save the public key (wallet address) either in a wallet.txt file on your usb drive or scan the QR code on your smartphone and save it. Be careful not to scan the QR code of the private key. To avoid this from happening you can resize your browser window to only see the QR code of public key before you scan it.
You can now unplug the usb drive (and shutdown your offline system if you want to do so).
And let's go back to your computer which is connected to the internet.

Getting Stellar Laboratory for offline use.

For non-technical users, this is the only challenging step in this guide. But don't worry I will try my best to break it down step-by-step

At the time of this writing, in order for us to sign transactions offline, we need a working local copy of Stellar Laboratory and I couldn't find any other way but to download it from github and build it from source code. Please download it if you haven't done so from earlier step.

By visiting https://github.com/stellar/laboratory, and going through Readme we can see that we can build this website ourself as mentioned in the instructions under "Building for production".

Note: The steps mentioned below in this section can change so it is always better to first check the Readme on the github link above and verify them.

Currently, the only prerequisite we have is that node js and npm are required in order to build our own copy of the Stellar Laboratory website. But anyone can download them for free and install it on Windows/macOS/Linux and other platforms. Please visit following links to do so.

Just be googling "install node and npm" you can find many resources. I am just going to mention below guides for Mac and Windows:

After verifying your installation, you can then build your local copy of Stellar Laboratory.

cd to the directory where you download it from github (the folder will be named something like laboratory-master)

On Mac open Terminal and enter below command
- cd ~/Downloads/laboratory-master/
On Windows open command prompt by clicking on start and typing cmd. And then enter below command (replace <YOUR_USERNAME> with your windows account username)
- cd C:\Users\<YOUR_USERNAME>\Downloads\laboratory-master\
Once you are in laboratory-master directory you only need to run couple of commands
First run:
- npm install
Once it is done, then run:
- ./node_modules/.bin/gulp build
If everything goes well then go back to the laboratory-master folder and you will see that there is a folder named "dist" which got created. This folder is everything that you need in order to have your own working local copy of Stellar Laboratory. You can verify this by opening index.html file from it.
Plug in the usb drive and copy this dist folder in it. You will need this when we need to sign transactions offline.

If you are not a computer savvy user and if you have made it this far then congratulate yourself! Because now you have all the necessary tools to start building, signing, and submitting your transactions! If you need any help with this then a lot of resources are available on the internet and you can also ask me, I will try to do my best to help you out.

Rest of this guide is relatively simple to follow for all users.

So let's begin the fun part!

Building a transaction

We are going to build a transaction from the computer which is connected to the internet.
Visit https://www.stellar.org/laboratory/#?network=public (this will ensure you are on public network and not testnet)

Click on Transaction Builder from the top menu bar.
In Source Account enter your wallet address from which you want to send the transaction. You can get this from the wallet_address.txt file from usb drive or from wherever you saved this wallet address during setting up the paper wallet.
Click on Fetch next sequence number for account starting with "Gxxxxx" button and it should populate the next transaction sequence number automatically.
The next 3 fields: Base Fee, Memo and Time Bounds are all optional and you do not need to enter anything there.
Click on dropdown from Operation Type and select Payment. This enables us to transfer Lumens from one account to another account.
Select Asset as native
In Destination enter the address where you want to transfer Lumens.
Specify Amount in Lumens
You don't need to enter anything in the last field: Source Account
You will see a message called "Success! Transaction Envelope XDR:". And it generated some output in the text box under it having a Hash code and data in XDR format. Stellar heavily uses XDR format for transactions and all sorts of other operations on it's network.
Copy everything that was generated in this output box. This is our transaction which we will sign offline. Save it in a text file, lets call it: tx_unsigned.txt. Save this file on your usb drive.

See a snapshot below on how these steps looks like

Signing a transaction offline.

Before we go to sign our transaction offline make sure you have following two things in your usb drive.

The folder named dist which is the local copy of Stellar Laboratory website that we built.
The file tx_unsigned.txt which has the Hash and XDR data of our transaction.

Boot up your computer which is offline and plug this usb drive in it and follow below steps:

Copy the dist folder locally on your desktop from your usb drive. Open index.html file in the browser so you get Stellar Laboratory running offline.
Click on Transaction Signer from the top menu bar.
This will give you an option to- "Import a transaction envelope in XDR format:"
Now open tx_unsigned.txt file from usb drive and only copy transaction data under XDR:. Don't copy the Hash which is above that. See the highlighted part below:

Go back to the browser and paste that in the text box.
If you copied and pasted it without any problems then it should display a message saying: "Valid Transaction Envelope XDR"
Click Import Transaction button.
You will now see all the data of your transaction getting displayed. Optionally here you can verify the Transaction Hash field that's been displayed vs the Hash: that is in your tx_unsigned.txt file. They should match. This will help you make sure that you have been doing all the steps correctly.
Now for the next step you will need access to your private key which starts with S. Please have it handy either from this offline computer or if you wrote it down on a paper.
Under the Signatures section there is an option Add Signer: enter your private key here. (please make sure the private key you enter here is the one associated with you public key otherwise submitting this transaction will fail). You only need to enter this one key as signer.
As soon as you entered the private key you will see that it generated an output XDR in the box below it. It will display the message "Transaction signed!".

See below snapshot:

Copy the XDR (highlight above in the snapshot) that was generated and save it in a text file on your usb drive. Let's call it tx_signed.txt. Unplug the usb drive.
You will need this file when we submit the transaction online.

Please make sure that at no point your are copying/saving your private key anywhere in your usb drive. In such setup your private key always needs to stay isolated and should never come on any device which will connect to the internet.

Submitting a transaction online.

This is the moment we have been waiting for!

Let's go back to the computer which is connected to the internet and perform below steps:

Plug-in your usb drive.
Open Stellar Laboratory in your browser: https://www.stellar.org/laboratory/#?network=public
Click on Endpoint Explorer from the top menu bar, then select resource as: Transaction and select an endpoint as: Post Transaction.
Go back to your usb drive and open tx_signed.txt file. Copy everything from it.
Back in you browser paste this under Transaction Envelope XDR: text box.
Click on Submit button and you are done!

If it is posted successfully then you will get a response in JSON format. It has the link to your transaction, the Hash and XDR data which got submitted, along with other meta-data. You may not need all the information from this but in case if there were any errors (like auth failed) then they will come up here in the JSON response.

Verify it by searching your wallet at https://stellarchain.io

Good thing about all these transaction related steps- is that you can perform them either on live public network or on testnest. In order to get comfortable with it feel free to setup couple of testnet wallet accounts from Stellar Laboratory -> Select "test" from top right -> Click Account Creator -> Generate Key pairs -> And fund them with test Lumens using Friendbot.
You can verify them on http://testnet.stellarchain.io.

Joining an Inflation Pool

One final thing I want to mention is that you can use these tools for submitting a transaction to join an inflation pool. If you are not familiar with the concept of inflation in Stellar then I encourage you to go checkout their documentation on Inflation.

There are many Inflation pools. One of the community driven Inflation pool that I can recommend to join is Lumenaut
You can follow their official guide to build the transaction using Stellar Laboratory: How to Join the Inflation Pool
Go until the step where you select Operation Type as: Set Options and enter their Inflation Pool address for Inflation Destination.
Once you do that you will see the output that's been generated which has the transaction data in XDR form. Copy everything that's been generated, save it in a file and then you can follow the remaining steps for signing this transaction offline and then submitting it online.

Conclusion

We have covered major aspects about offline wallet and transaction management with Stellar. I hope this guide helps anyone who wants to keep a secure cold wallet setup while still be able to perform basic transactions.
Please let me know if you have any questions and if you get stuck somewhere.