Yes, my confusion was that I thought those wallets could be used only as hot wallets. I knew they are software wallets but it never occurred to me that I could use them "offline"
That's OK. When Electrum is used in an offline/airgapped environment, you don't have to fear that your private keys will leak. Assuming, of course, the computer you use is clean and malware free. The device should also be formatted and not be connected to the internet after a clean install of the OS ever. Most people recommend using Linux, but this is your choice. It's also recommended to remove ethernet and wireless cards from the motherboard so no one can try any tricks. Full drive encryption is another noteworthy step.
After that is done, you use the offline machine only for constructing and signing your transactions. The broadcasting takes place on a different online computer. The signed and unbroadcasted transaction can be transferred for signing using a USB drive or via QR codes.
So I am guessing that electrum provides you with something like a QR code and you use your device to read it and sign it. Like the seedsigner device, which I absolutely love. Correct ?
Yes, exactly that. I have a small amount of "daily spending" bitcoin which I carry on a mobile wallet. Insecure, but very convenient, and only ever an amount I can easily afford to lose. The vast majority of my coins are in a variety of more secure wallets, including hardware wallets, airgapped cold storage, paper wallets, and some multi-sig wallets involving a combination of these things. All my wallets are synced from my own node to minimize any privacy leaks.
So, speaking of paper wallets, how did you generate them? The whole point of this thread and the fact that I tried to develop something is that I didn't trust bitaddress for example.