User Guide
IOTAcooler is a cold storage and spending wallet for the IOTA cryptocurrency. A wallet is called cold when the keys, required to spend funds, are kept offline for security reasons. All major attack vectors against cryptocurrency wallets involve an active connection to the internet. Common threats are malware that infect devices to steal private keys (seeds) and phishing attacks. The best way to protect against common threats is to simply lock away (disconnect) the wallet keys by separating the signing process (making a transaction) from the online device running the main wallet software. IOTAcooler achieves this by using IOTA multisig addresses that require two signing seeds to make a transaction, of which one seed, called offline signing seed, is never exposed to the internet, thus stealing funds becomes very very difficult without physical access to the offline device. Physical security is much easier to handle, especially when additional measures, like storing the seeds encrypted inside a password manager, are taken.
Please read the introduction and security tips wiki page for additional security considerations.
There are two roles a device can play in IOTAcooler. For testing purposes, it is possible to change the active role on the current device, see testing IOTAcooler on the same device.
This is your main computer which has an active connection to the internet. No additional security measures are needed when dealing with this device, except to never open/edit/copy/paste the offline signing seed with this device. Even if the online computer is compromised, for example by viruses, malware or keyloggers, your wallet balance is still protected against theft, because the offline signing key is kept separately and offline by the second device.
This is your second device that, once finsihed the initial setup, must be kept consistently offline. And even after the device has ended its service, ie. no longer needed or the purpose changed, it must be wiped completely to avoid any leaks, especially when using proprietary systems like Windows or macOS. The offline device can run any operating system supported by the IOTAcooler software as long as it is always offline after the initial software installation.
It is recommended to run IOTAcooler on a live linux image like Ubuntu or Manjaro for the offline signing process. Once the live linux system is booted (live Ubuntu USB stick tutorial) everything is kept inside the RAM which is later completely wiped on reboot. You can download and run IOTAcooler on almost any distro by using the AppImage version. After downloading all other optional programs, like KeePassXC or Veracrypt, make sure to disconnect and keep offline the system while executing IOTAcooler for the entire session, until the system is rebooted.
Select create new wallet when starting the software.
Specify the wallet saving path, wallet password and wallet type. The wallet password is used to encrypt the wallet file which holds data about transactions, addresses, wallet state and contains the online seed. The offline seed is never saved to the wallet file which is still encrypted to protect other sensitive information, like past transactions, and to allow storing the wallet file online in cloud drives, which makes it easier to sync and use the most recent and up to date wallet file.
After each transaction the wallet state changes, this is why it is important to always backup/sync the most recent wallet file. If something goes wrong, and you end up using an old wallet file, IOTAcooler will warn you about it because each time, at startup, IOTAcooler checks if the current main wallet address was already spent.
When creating a new wallet file, it is also possible to import the balance from a previous IOTAcooler wallet, please see the wallet recovery wiki page.
The seeds for IOTAcooler are generated securely on the offline device. The automatic generation method uses a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) but if you prefer, you can provide your own custom generated seeds, please read the generating secure IOTA seeds wiki page in that case.
Backup and confirm your seeds to complete the wallet creation. It is recommended to store the seeds encrypted on the offline device by using a secure password manager like KeePass or KeePassXC. You can also write them down on paper or print the backup PDF file. If you decide to print the seeds, make sure to configure the printer beforehand, during the device initial setup phase with an active internet connection. If you store the seeds encrypted with a password manager, make sure to never open them on an online device, because malware could capture the clipboard data, log keystrokes or capture screenshots and then steal your seeds.
Click on Send after opening a wallet file.
You can add one or more recipients. Note that the higher the amount of receivers the longer it takes to do the proof of work by the connected node, in some cases if the receivers are too many the transaction request could time out and fail. If at any point you decide to cancel an unfinished transaction, click the Abort transaction button to revert it.
Once the receiving addresses, amounts and transaction tag was set, the offline device requires the offline signing seed to sign the transaction.
After signing the transaction offline, the online device will load and broadcast the signed multisig transaction to the Tangle.
IOTAcooler used CarrIOTA Field as the default node provider. Field automatically promotes and reattaches a transaction until it is confirmed, so no additional intervention is required by the user. If you use a custom node provider or want to confirm an external transaction, you can use the built-in transaction promoter/reattacher. Menu Tools->Promote/Reattach a transaction.
You can find the tail transaction hash by visiting a tangle explorer and navigating to the transaction at index 0 in the bundle.