Hi, I downloaded bitaddress website in my pc, and I can create adresses, but I want to know if the generated address is saved somewhere in pc or not?

I want just to generate key and write it offline and use it as Cold wallet..
And want to delete keys if they are saved somewhere in my pc..

I recommend to generate addresses on a laptop or pc that is completely isolated from the internet.
If your pc has already malware on it and you generate a wallet, your funds might get stolen.

I am preparing a PC just for generating a key. I am formatting it and installing OS to use just for that .
But then after I generate the key offline , if I connect that PC to internet , are keys saved somewhere in PC?

If you generate the wallet and save to disk and delete the file later, it can still be recovered. Generate and directly save to USB stick, without saving on hdd might be okey . But I recommend format(one pass zeros) and reinstall again after you generated the keys.
Or better just use a old laptop or pc just for generating keys..

hi,
I recommand to save keys in an encrypted manner :

• in keepass kdbx database
  or
• in veracrypt volume container

It's better not to use OS installed on a hard drive.

It's better to disconnect the hard drive physically when generating keys. In case there is a private key stealing malware installed in the hard drive's firmware (which have access to the RAM of the computer!). Also, it will prevent accidentally using unencrypted swap file.

Using an OS with an unencrypted swap file is a huge security hole. This way the private keys can be written in cleartext (without encryption) and can be recovered by a thief stealing hard drives to search for keys.

Also, you can expect that all data you copy/pate (put in the clipboard of the OS) is recorded on the hard drive in cleartxet (unencrypted).

The OS can be started from the CD/DVD drive (so called "live" Linux distribution - see BitKey as an example, but you can use any Linux distribution with a good browser) and keep it's data on the volatile RAM memory (after you turn off the computer the data is gone fast; if you are paranoid - run memetest and keep the memory without power several minutes).

Using USB drive instead of optical disk is more risky. Also, using computer with optical drive capable of writing data is more risky, because if there is a malware it can write your secrets on the disk (and when you insert the disk on online computer the malware on that computer can cooperate and transmit the data via network).

You can export the encrypted private key by using GnuPG "ASCII Armor" and photograph it with a digital (or old style) camera.

The problem with using USB flash stick is that its firmware (the software running inside it) can be infected with malware cooperating with a malware installed in your CPU (or in your Linux distribution) by the NSA.

For this reason it's better to use only your monitor and eyes to export data from the airgapped computer. And never connecting it to the Internet or other computer.

A compromise is to use floppy disks or optical disks for writing the data. The malware inside your computer (CPU, BIOS/UEFI, Optical drive's firmware, etc.) can theoretically and hypothetically write data to the sectors of the floppy (or optical) disk which are "unused" or reserved. And when you plug the removable disk (optical - DVD/CD, floppy disk) to another computer, it's malware to cooperate and copy the data and post it on the Internet.

If you believe there is no such advanced malware - you can use floppy disks (or optical disks) and save yourself typing encrypted data manually. You can also use the sound card as a modem (see for example "Audio MODEM Communication Library in Python") to transfer data without using the ethernet connector.

It's better if you physically remove all wireless network adapters from the airgapped computer (wifi card, Bluetooth interface, etc.)

Possible places where the malware can hide the stolen private keys: hard drive's flash memory (or directly on plates), optical drive's flash memory, the CPU (modern CPUs have non-volatile flash memory and their own OS, with capability of using the network adapter transparently to the OS - the OS can't know or prevent CPU from using the network adapter). This makes the CPUs the ideal place for hiding the private key stealing malware.

Theoretically, if all is working according to plan, the CPU can be infected only with malware that is signed with CPU's manufacturer private keys (and the CPU manufacturer will never make malware and never make valid signatures for malware). But who can access these keys? NSA? The Illuminati? We are skating on a very thin ice. If anyone get access the CPU manufacturer's keys he can sign it's malware and ...

Be careful with the random numbers. Bitaddress can gather entropy from the user (is not relying only on OS to provide entropy). On some Linux distributions there is no haveged installed. If you had just started the OS there is no enough entropy.

You may use the sound card as a source of randomness by using https://packages.debian.org/source/sid/randomsound or manually ($ arecord --format=S16_LE --duration=1 -q > /dev/random) - don't forget to turn the amplification for the microphone up and make some noise.

I just want to print