Bitcoin Qubes tutorial
1,027 views
Skip to first unread message
Franz
Jun 28, 2016, 3:01:10 PM6/28/16
to qubes...@googlegroups.com
Hello,
is there some form of tutorial for using Bitcoins with Qubes, considering that I have no experience of bitcoins?It seem I should have a VM for a hot wallet for making transactions and another for a cold wallet to keep the bitcoins. But have no idea if it is possible to move bitcoins between the two
Also imagine a good practice would be to make a backup of the VMs containing the wallets using Qubes backup.
It would be also interesting to know which clients you consider safer for buying and selling bitcoins.
Thanks
Best
Todd Lasman
Jun 28, 2016, 5:02:12 PM6/28/16
to qubes...@googlegroups.com
have a dedicated hot ("watching") wallet in its own VM, and a cold
(offline) wallet in a separate VM that's never network-connected.
Although I'm hardly a bitcoin expert, I don't think it's a matter of
"transferring bitcoin from one wallet to another." Rather, I think the
cold wallet just holds the private keys used when authorizing bitcoin
transactions. For example, if I'm buying something with 1 bc, I generate
a pending transaction in the hot wallet, sign that transaction in the
cold wallet, transfer the signed transaction back to the hot wallet, and
then broadcast it from there. That way, only that 1 bc is ever
vulnerable in a network-connected VM.
If I'm misunderstanding this, or doing it wrong, I'd love to be educated
by a bitcoin guru!
Todd
Marek Marczykowski-Górecki
Jun 28, 2016, 6:37:43 PM6/28/16
to Todd Lasman, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Yes, this looks like a sensible workflow: one offline VM for holding
private keys and the other one with only public keys to watch account
balance, prepare transactions etc. It is critical in such setup to not
blindly trust what is produced in the online VM - for example carefully
examine transaction before signing it (in offline VM).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXcvwwAAoJENuP0xzK19csDu8H/j7MfDchJMwMKvMI8ombAt5B
GjkkLHPtgr522Ac5nda74YAX6HLpm9mI+KPzvW/3ciSWO8kLQqG8Vnkn21tcyo7J
4lWsnAM92s12ktC91JB3PiQmvq41PhMqbDY8hZge017IOoaV2juNjOZzFgURsx9i
uPXvuczHRe3iPqFN/bxePe/4naqtNPKNrf10PYwNOP6Ph6AWoU8c+Idt9YW/BnvE
HIULTuwbitINDl4UjvwyzgxoJ4ckJFre2fSxT/HQ3TptBwCeCvrvIX9OWX4AVA74
M1j6eJ//J3STvkRXL44W5LMmx7hdRbQ/f4FfSaTZFlDkb7Sl6h5clpHtW/8yn+A=
=pFEx
-----END PGP SIGNATURE-----
Hash: SHA256
private keys and the other one with only public keys to watch account
balance, prepare transactions etc. It is critical in such setup to not
blindly trust what is produced in the online VM - for example carefully
examine transaction before signing it (in offline VM).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXcvwwAAoJENuP0xzK19csDu8H/j7MfDchJMwMKvMI8ombAt5B
GjkkLHPtgr522Ac5nda74YAX6HLpm9mI+KPzvW/3ciSWO8kLQqG8Vnkn21tcyo7J
4lWsnAM92s12ktC91JB3PiQmvq41PhMqbDY8hZge017IOoaV2juNjOZzFgURsx9i
uPXvuczHRe3iPqFN/bxePe/4naqtNPKNrf10PYwNOP6Ph6AWoU8c+Idt9YW/BnvE
HIULTuwbitINDl4UjvwyzgxoJ4ckJFre2fSxT/HQ3TptBwCeCvrvIX9OWX4AVA74
M1j6eJ//J3STvkRXL44W5LMmx7hdRbQ/f4FfSaTZFlDkb7Sl6h5clpHtW/8yn+A=
=pFEx
-----END PGP SIGNATURE-----
Ben Wika
Jun 29, 2016, 3:32:18 AM6/29/16
to qubes-users, to...@nowlas.org
When backing up your cold wallet, make sure it's heavily encrypted with a strong password so no one can access the signing key from the backup. It's impossible to really know if someone has a copy of your key until they use it to spend your coins, at which point it would be too late to get them back.
Its not really the bitcoins you are storing. What you are storing is the signing key that authorizes you to reallocate the bitcoins on the public ledger (to some other bitcoin address).
I think electrum also has x of y multi-sig. So instead of (or in addition to) having a cold wallet, you could just have different signing keys scattered on 'y' different VMs, whereby you have to manually sign the transaction with at least 'x' signing keys before it is able to broadcast successfully. Whilst a bit cumbersome, it allows you to develop different risk profiles for different bitcoin addresses.
Qubes lends itself very well to handling bitcoin with isolated VMs.
You might have:
- a hot wallet (networked VM) with a small balance
- a cold wallet (offline VM) with a corresponding watching-only hot wallet (networked VM)
- a multi-sig cold wallet (offline VM) that also needs 2 other signatures which may be in hot wallets (3 of 3 multisig).
- a multi-sig cold wallet where you have 2 separate cold wallet VMs that both have to sign (2 of 2 cold wallets)
- a multi-sig where one of the keys is on your phone running electrum
- a multi-sig where one of the keys is on a piece of paper at a second location
Options are limitless and all depends on what risk level you are comfortable with.
(As for myself, Armory has been downloading the blockchain for many weeks at a snail's pace for some reason, ever since I installed qubes, so still waiting to transfer my coins to electrum for faster access and see what arrangement I'm most comfortable with - just 15 weeks left to catch up now - so much for selling any of them at any of the recent peaks)
Its not really the bitcoins you are storing. What you are storing is the signing key that authorizes you to reallocate the bitcoins on the public ledger (to some other bitcoin address).
I think electrum also has x of y multi-sig. So instead of (or in addition to) having a cold wallet, you could just have different signing keys scattered on 'y' different VMs, whereby you have to manually sign the transaction with at least 'x' signing keys before it is able to broadcast successfully. Whilst a bit cumbersome, it allows you to develop different risk profiles for different bitcoin addresses.
Qubes lends itself very well to handling bitcoin with isolated VMs.
You might have:
- a hot wallet (networked VM) with a small balance
- a cold wallet (offline VM) with a corresponding watching-only hot wallet (networked VM)
- a multi-sig cold wallet (offline VM) that also needs 2 other signatures which may be in hot wallets (3 of 3 multisig).
- a multi-sig cold wallet where you have 2 separate cold wallet VMs that both have to sign (2 of 2 cold wallets)
- a multi-sig where one of the keys is on your phone running electrum
- a multi-sig where one of the keys is on a piece of paper at a second location
Options are limitless and all depends on what risk level you are comfortable with.
(As for myself, Armory has been downloading the blockchain for many weeks at a snail's pace for some reason, ever since I installed qubes, so still waiting to transfer my coins to electrum for faster access and see what arrangement I'm most comfortable with - just 15 weeks left to catch up now - so much for selling any of them at any of the recent peaks)
7v5w7go9ub0o
Jun 29, 2016, 9:47:36 AM6/29/16
to qubes...@googlegroups.com
run it in a DispVM so as to not retain any mischief that might be
inflicted upon it. Flush and start a fresh copy immediately before any
transaction.
Franz
Jun 29, 2016, 12:37:24 PM6/29/16
to 7v5w7go9ub0o, qubes...@googlegroups.com
Many thanks to all. It seems more complex than I expected. But Qubes is ideally suited to manage all that. This is a very concrete Qubes use, that can motivate many people to learn Qubes and to buy an expensive laptop, just to safely trade bitcoins. Specially if all this is preinstalled or easy to setup.
I mean, pratically now Qubes is mainly an OS for developers, judging from the people on this ML. But it could be as well an OS for serious Bitcoin users.
Nobody mentioned a tutorial, so I imagine it does not exist. It would be nice to try to write something. We may try together.
Regarding the DispVM for the hot wallet, I use the dispVM to print everything from more trusted VMs, because printing is not worth much trust. But how can I trust a printing dispVM for something as sensitive as a hot wallet? We would need two different dispVMs but we are not there yet.
Regarding the DispVM for the hot wallet, I use the dispVM to print everything from more trusted VMs, because printing is not worth much trust. But how can I trust a printing dispVM for something as sensitive as a hot wallet? We would need two different dispVMs but we are not there yet.
Best
Fran
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5773d176.066f370a.85526.ffffa63d%40mx.google.com.
For more options, visit https://groups.google.com/d/optout.
7v5w7go9ub0o
Jun 29, 2016, 1:32:25 PM6/29/16
to qubes...@googlegroups.com
/uysr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT yellow')
(Heh... I run all of my WAN-exposed applications in DispVMs. Requires a
little initial setup and scripting, but affords great peace of mind.)
In general:
1. Install the software in the template. (This will install both system
executable(s) and a user directory/files).
2. Move the user files to a newly-created folder in the Vault. (delete
the user files in the template).
3. Start a DispVM using the above dom0 utility.
4. Within dom0, copy the user folder from the Vault to the newly-started
DispVM - to the same location and using the same naming convention that
was used by the installer into the template.
5. Start the application (from dom0) in the DispVM.
6. When done with the application, copy any updated files back to the
Vault. (Copy only the minimum amount of non-executable data necessary).
7. Flush the DispVM.
(you'd likely want a backup step in this sequence; say in step 4 before
copying out to the DispVM)
This approach means that you keep all of your "stuff" in a single,
off-line, non-executable-contents Vault; you have one template; you have
virtually no AppVMs - instead, your typical session has 4 or 5 DispVMs.
I haven't set up bitcoins this way - IIUC there are a couple of wallets,
so you'd start up *two* DispVMs: one online hot, and one offline cold.
Two DispVMs so as to not violate the rule that you do not execute
programs in Vault - only move stuff in and out.
(NOT RECOMMENDED: some people actually execute programs within the
Vault - in which case you could get away with only one DispVM for the
hot wallet.)
>>> (As for myself, Armory has been downloading the blockchain for many weeks
>>> at a snail's pace for some reason, ever since I installed qubes, so still
>>> waiting to transfer my coins to electrum for faster access and see what
>>> arrangement I'm most comfortable with - just 15 weeks left to catch up
>> now
>>> - so much for selling any of them at any of the recent peaks)
>>>
>>>
Andrew David Wong
Jun 29, 2016, 11:42:35 PM6/29/16
to Franz, 7v5w7go9ub0o, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-06-29 09:37, Franz wrote:
> But how can I trust a printing dispVM for something as sensitive as
> a hot wallet? We would need two different dispVMs but we are not
> there yet.
Indeed, not yet, but it will be implemented in R4.0:
https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
https://github.com/QubesOS/qubes-issues/issues/866
https://github.com/QubesOS/qubes-issues/issues/2075
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdJUiAAoJENtN07w5UDAwemsP/igQT206kD3EZ+wUymvNzw1A
8edG9ubseQjZNsSfENGTXzBIX4OG4Hh5DGcHUpyRqywl70/teUThfV/WdaeJ2Iib
k5iE1OYwwnEgoXKktx+hKPJ6Bazq66Reas0xElzS7z3pGH/sbWz5NJLT5sczv9BP
qO+djAXvaLyqN8HhmeWDeOWqgHQ5OaV7vJcEZpAfxvX4crGDOXWEuqBs6CaTT1L/
R5NXh+q64StVUbPDpZQV8OsbbD8G/6Gvq1e/G90YusNzZuuPhpLpLiwVYJzCt9D4
p0ZYm51SEpCQu6+yGrEZY6Bf7v9cC19NUMRZQQbzyfRj9zoKXw043xS9aa3d4T6u
tBQskcF36zdyetula50vQFP9nLlhZwEXtgARHjIadeJ5B6sGGCufcwks8eVMTg6Q
SnF7FxPVbGU122OBXHNE6R20uwxPIhCU7Npp3A4SSdy6tFW6JPdvBmgHF4aeaq9m
sYxAcG8T1JTjfJBqB3ndL4Tb9LQh2aG7gzntRRQi6qAE0xIKB2Xvxlee2OnWff38
rYvMZKjNVEoRLYrxfHF/2lFNPXIFmcHWBq5NTX5BgYeAcqcJ8ojvomnBPyZ45CUg
qchcoUXj3FEnQ90OO73t6XiclcarbTEzsOEFHbv6f6sm9n2QOL7hjuSemX07VESe
cgNngS/j1o8z35WizQ2X
=wbxB
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-06-29 09:37, Franz wrote:
> But how can I trust a printing dispVM for something as sensitive as
> a hot wallet? We would need two different dispVMs but we are not
> there yet.
https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
https://github.com/QubesOS/qubes-issues/issues/866
https://github.com/QubesOS/qubes-issues/issues/2075
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdJUiAAoJENtN07w5UDAwemsP/igQT206kD3EZ+wUymvNzw1A
8edG9ubseQjZNsSfENGTXzBIX4OG4Hh5DGcHUpyRqywl70/teUThfV/WdaeJ2Iib
k5iE1OYwwnEgoXKktx+hKPJ6Bazq66Reas0xElzS7z3pGH/sbWz5NJLT5sczv9BP
qO+djAXvaLyqN8HhmeWDeOWqgHQ5OaV7vJcEZpAfxvX4crGDOXWEuqBs6CaTT1L/
R5NXh+q64StVUbPDpZQV8OsbbD8G/6Gvq1e/G90YusNzZuuPhpLpLiwVYJzCt9D4
p0ZYm51SEpCQu6+yGrEZY6Bf7v9cC19NUMRZQQbzyfRj9zoKXw043xS9aa3d4T6u
tBQskcF36zdyetula50vQFP9nLlhZwEXtgARHjIadeJ5B6sGGCufcwks8eVMTg6Q
SnF7FxPVbGU122OBXHNE6R20uwxPIhCU7Npp3A4SSdy6tFW6JPdvBmgHF4aeaq9m
sYxAcG8T1JTjfJBqB3ndL4Tb9LQh2aG7gzntRRQi6qAE0xIKB2Xvxlee2OnWff38
rYvMZKjNVEoRLYrxfHF/2lFNPXIFmcHWBq5NTX5BgYeAcqcJ8ojvomnBPyZ45CUg
qchcoUXj3FEnQ90OO73t6XiclcarbTEzsOEFHbv6f6sm9n2QOL7hjuSemX07VESe
cgNngS/j1o8z35WizQ2X
=wbxB
-----END PGP SIGNATURE-----
Franz
Sep 14, 2016, 7:07:37 PM9/14/16
to Andrew David Wong, 7v5w7go9ub0o, qubes...@googlegroups.com
On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <a...@qubes-os.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-06-29 09:37, Franz wrote:
> But how can I trust a printing dispVM for something as sensitive as
> a hot wallet? We would need two different dispVMs but we are not
> there yet.
Indeed, not yet, but it will be implemented in R4.0:
https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
https://github.com/QubesOS/qubes-issues/issues/866
https://github.com/QubesOS/qubes-issues/issues/2075
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
Andrew,
After various tests I am getting a bit more confidence about bitcoins. So I prepared the promised tutorial. I tried to go to Qubes documentation to see if there is any way to upload it, but found no reference. So I post it here. Perhaps you know what to do.
After various tests I am getting a bit more confidence about bitcoins. So I prepared the promised tutorial. I tried to go to Qubes documentation to see if there is any way to upload it, but found no reference. So I post it here. Perhaps you know what to do.
Best
Fran
Install Electrum in Fredora template
Download the Electrum executable:
wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz
Download the signature:
wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc
Import the public key of the signer, ThomasV
gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
Verify the executable
gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz
If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) ...) it is ok independently from the subsequent warning.
Install
sudo apt-get update
Install dependencies:
sudo apt-get install python-qt4 python-pip
On Qubes manager -> debian-template -> edit firewall rules -> flag “allow full access for 5 minutes”
Install Electrum:
sudo pip install Electrum-2.6.4.tar.gz
create two new VMs depending from the same template
one allowing networking, we call it “hot”
the other one not allowing networking, we call it “cold”
Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM”
Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password.
Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs.
Next option on hot VM: autoconnet is the easier way. It will take some time to connect.
Then on receive tab of hot VM you find you address for receiving bitcoins. It is enough to send bitcoins to this address to recieve them. They will appear only on Electrum of hot VM because it is the only one connected.
Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, because the balance on cold Electrum is zero. So using "Send tab" of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and pay it.
LIMIT FIREWALL RULES TO ELECTRUM SERVERS
For additional security you can limit the firewall rules of hot VM to connect only to Electrum servers.
To do that:
Run Marek script
https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585
into a terminal of hot VM then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". After some time the terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same hot VM.
then from Dom0 terminal write:
qvm-run --pass-io appl-VM-name 'cat path to just-created-file'
This makes all the firewall setting to appear directly on Dom0 terminal. It is enough to copy all of them and past them on the same terminal and it is done. These are the firewall settings that appeared in hot VM for Electrum servers:
qvm-firewall -a hot btc.mustyoshi.com. tcp 50002
qvm-firewall -a hot erbium1.sytes.net. tcp 50002
qvm-firewall -a hot electrum.trouth.net. tcp 50002
qvm-firewall -a hot eniac.snel.it. tcp 50002
qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002
qvm-firewall -a hot bitcoins.sk. tcp 50002
qvm-firewall -a hot ecdsa.net. tcp pop3
qvm-firewall -a hot antumbra.se. tcp 50002
qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002
qvm-firewall -a hot home.hach.re. tcp 50002
qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002
qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002
qvm-firewall -a hot electrum.online. tcp 50002
qvm-firewall -a hot elec.luggs.co. tcp https
qvm-firewall -a hot jwu42.hopto.org. tcp 50004
qvm-firewall -a hot electrum.no-ip.org. tcp 50002
qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002
qvm-firewall -a hot VPS.hsmiths.com. tcp 50002
qvm-firewall -a hot petrkr.net. tcp 50002
qvm-firewall -a hot bitcoin.dragon.zone. tcp 50002
qvm-firewall -a hot zeus.smsys.me. tcp pop3s
But I stopped it after some time so there may be other servers.
Marek Marczykowski-Górecki
Sep 14, 2016, 7:54:20 PM9/14/16
to Franz, Andrew David Wong, 7v5w7go9ub0o, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote:
> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <a...@qubes-os.org>
> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 2016-06-29 09:37, Franz wrote:
> > > But how can I trust a printing dispVM for something as sensitive as
> > > a hot wallet? We would need two different dispVMs but we are not
> > > there yet.
> >
> > Indeed, not yet, but it will be implemented in R4.0:
> >
> > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
> > https://github.com/QubesOS/qubes-issues/issues/866
> > https://github.com/QubesOS/qubes-issues/issues/2075
> >
> > - --
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> >
>
> Andrew,
> After various tests I am getting a bit more confidence about bitcoins. So I
> prepared the promised tutorial. I tried to go to Qubes documentation to see
> if there is any way to upload it, but found no reference. So I post it
> here. Perhaps you know what to do.
Thanks!
Below some comments about installation.
> Best
> Fran
>
> BITCOIN WITH ELECTRUM
>
> Install Electrum in Fredora template
>
> Download the Electrum executable:
> wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz
>
> Download the signature:
> wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc
>
> Import the public key of the signer, ThomasV
> gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
>
> Verify the executable
> gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz
>
> If it tells “Good signature from “Thomas Voegtlin (https://electrum.org)
> ...) it is ok independently from the subsequent warning.
To this point it's ok.
> Install
> sudo apt-get update
Interesting - I've thought it was for Fedora template (as stated at the
beginning)...
> Install dependencies:
> sudo apt-get install python-qt4 python-pip
>
> On Qubes manager -> debian-template -> edit firewall rules -> flag “allow
> full access for 5 minutes”
> Install Electrum:
> sudo pip install Electrum-2.6.4.tar.gz
But if that's going to be on Debian, there is already electrum Debian
package. I suggest using version from backports, as the one in stable is
quite ancient.
So, for Debian installation instruction would be:
1. Enable Debian Backports:
https://backports.debian.org/Instructions/#index2h2
2. Install electrum:
sudo apt-get update && sudo apt-get -t jessie-backports install electrum
For Fedora on the other hand, it's better to avoid using 'pip install',
especially in template, as it does not verify any sort of signature. I
believe the only integrity assuring mechanism used there is HTTPS to the
server. But nothing to verify actually downloaded file.
vEzMvo4IGb8btlBzP6ss2z8qLqSmUXPnIDaoOHBZKdHg/WzmOvbgtVkAggj/uvvz
l8m1OlQSw0KoaDpuAoPYJsn+/Bcsf9/uWTGaO0O9gIoAv++yaxyrI2tG1NwUB4Db
o4nXXn+STmHM9NYTcXcTbjrjJTlVs8Gvx+I3rEBMgJ7WhwDVl3ILko/y9CLow4qv
7Au8ARhMJSpzqZ4FY0Ryj0j/CPWtmhUORzLzfHehhv4cYc/auXOSHcm8b2KLmntm
Nl30346VjC3sPNpyQF96sW4hBZAIBVd7gAc7sv2HAwjPELjlNhTZfIK5ekBJO8A=
=yd+l
-----END PGP SIGNATURE-----
Hash: SHA256
On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote:
> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <a...@qubes-os.org>
> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 2016-06-29 09:37, Franz wrote:
> > > But how can I trust a printing dispVM for something as sensitive as
> > > a hot wallet? We would need two different dispVMs but we are not
> > > there yet.
> >
> > Indeed, not yet, but it will be implemented in R4.0:
> >
> > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
> > https://github.com/QubesOS/qubes-issues/issues/866
> > https://github.com/QubesOS/qubes-issues/issues/2075
> >
> > - --
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> >
>
> Andrew,
> After various tests I am getting a bit more confidence about bitcoins. So I
> prepared the promised tutorial. I tried to go to Qubes documentation to see
> if there is any way to upload it, but found no reference. So I post it
> here. Perhaps you know what to do.
Below some comments about installation.
> Best
> Fran
>
> BITCOIN WITH ELECTRUM
>
> Install Electrum in Fredora template
>
> Download the Electrum executable:
> wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz
>
> Download the signature:
> wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc
>
> Import the public key of the signer, ThomasV
> gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6
>
> Verify the executable
> gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz
>
> If it tells “Good signature from “Thomas Voegtlin (https://electrum.org)
> ...) it is ok independently from the subsequent warning.
> Install
> sudo apt-get update
Interesting - I've thought it was for Fedora template (as stated at the
beginning)...
> Install dependencies:
> sudo apt-get install python-qt4 python-pip
>
> On Qubes manager -> debian-template -> edit firewall rules -> flag “allow
> full access for 5 minutes”
> Install Electrum:
> sudo pip install Electrum-2.6.4.tar.gz
package. I suggest using version from backports, as the one in stable is
quite ancient.
So, for Debian installation instruction would be:
1. Enable Debian Backports:
https://backports.debian.org/Instructions/#index2h2
2. Install electrum:
sudo apt-get update && sudo apt-get -t jessie-backports install electrum
For Fedora on the other hand, it's better to avoid using 'pip install',
especially in template, as it does not verify any sort of signature. I
believe the only integrity assuring mechanism used there is HTTPS to the
server. But nothing to verify actually downloaded file.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJX2eMnAAoJENuP0xzK19csxxMH/34p1Iq0FuJD8oB6D0zK2Q2N
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
vEzMvo4IGb8btlBzP6ss2z8qLqSmUXPnIDaoOHBZKdHg/WzmOvbgtVkAggj/uvvz
l8m1OlQSw0KoaDpuAoPYJsn+/Bcsf9/uWTGaO0O9gIoAv++yaxyrI2tG1NwUB4Db
o4nXXn+STmHM9NYTcXcTbjrjJTlVs8Gvx+I3rEBMgJ7WhwDVl3ILko/y9CLow4qv
7Au8ARhMJSpzqZ4FY0Ryj0j/CPWtmhUORzLzfHehhv4cYc/auXOSHcm8b2KLmntm
Nl30346VjC3sPNpyQF96sW4hBZAIBVd7gAc7sv2HAwjPELjlNhTZfIK5ekBJO8A=
=yd+l
-----END PGP SIGNATURE-----
Franz
Sep 14, 2016, 10:11:24 PM9/14/16
to Marek Marczykowski-Górecki, Andrew David Wong, 7v5w7go9ub0o, qubes...@googlegroups.com
I started writing this tutorial time ago using the Debian template. But then found that the available release on apt-get install was so old (1.9.8-4) that it did not include the multi-signature wallet mentioned in the tutorial. So wanted the new release and the suggested method was pip-install, but for some reason pip- install did not worked of the old release, even after removing it. So resorted to using Fedora which worked with pip-install, but forgot to correct the tutorial.
Anyway, using Debian backports the installed version is 2.6.4, just the same that was available using pip. So everything ok and much easier. Thanks Marek.
I have corrected the tutorial accordingly:
BITCOIN WITH ELECTRUM
Install Electrum in Debian template (Fedora template is not recommended because Electrum package is not available and the pip install method does not veriry signatures)
Install electrum:
sudo apt-get update && sudo apt-get -t jessie-backports install electrum
sudo apt-get update && sudo apt-get -t jessie-backports install electrum
After installation, create two new VMs depending from the same Debian template
one allowing networking, we call it “hot”
the other one not allowing networking, we call it “cold”
Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM”
Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password.
Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs.
Next option on hot VM: autoconnet is the easier way. It will take some time to connect.
Then on receive tab of hot VM you find your address for receiving bitcoins. It is enough to send bitcoins to this address to receive them. They will appear only on Electrum of hot VM because it is the only one connected.
Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, becaue the balance on cold Electrum is zero. So using Send tab of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and send it. Then just wait, it may take a long time to properly execute.
Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, becaue the balance on cold Electrum is zero. So using Send tab of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and send it. Then just wait, it may take a long time to properly execute.
LIMIT FIREWALL RULES TO ELECTRUM SERVERS
For additional security you can limit the firewall rules of hot VM to only Electrum servers. to do that
into a terminal of hot VM.
Then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". The terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same applVM.
Then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". The terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same applVM.
then from Dom0 terminal write:
qvm-run --pass-io appl-VM-name 'cat path to just-created-file'
This makes all the firewall setting to appear directly on Dom0 terminal. It is enough to copy all of them and past them on the same terminal and it is done. This is what appeared in my case:
qvm-firewall -a hot btc.mustyoshi.com. tcp 50002
qvm-firewall -a hot erbium1.sytes.net. tcp 50002
qvm-firewall -a hot electrum.trouth.net. tcp 50002
qvm-firewall -a hot eniac.snel.it. tcp 50002
qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002
qvm-firewall -a hot bitcoins.sk. tcp 50002
qvm-firewall -a hot ecdsa.net. tcp pop3
qvm-firewall -a hot antumbra.se. tcp 50002
qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002
qvm-firewall -a hot home.hach.re. tcp 50002
qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002
qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002
qvm-firewall -a hot electrum.online. tcp 50002
qvm-firewall -a hot elec.luggs.co. tcp https
qvm-firewall -a hot jwu42.hopto.org. tcp 50004
qvm-firewall -a hot electrum.no-ip.org. tcp 50002
qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002
qvm-firewall -a hot VPS.hsmiths.com. tcp 50002
qvm-firewall -a hot petrkr.net. tcp 50002
qvm-firewall -a hot bitcoin.dragon.zone. tcp 50002
qvm-firewall -a hot zeus.smsys.me. tcp pop3s
But I stopped after a while. There should be other servers.
Andrew David Wong
Sep 15, 2016, 4:27:14 AM9/15/16
to Franz, Marek Marczykowski-Górecki, 7v5w7go9ub0o, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-09-14 19:11, Franz wrote:
> On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki <
> marm...@invisiblethingslab.com> wrote:
>> On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote:
>>> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <a...@qubes-os.org>
>>> wrote:
>>>> On 2016-06-29 09:37, Franz wrote:
>>>>> But how can I trust a printing dispVM for something as sensitive as
>>>>> a hot wallet? We would need two different dispVMs but we are not
>>>>> there yet.
>>>>
>>>> Indeed, not yet, but it will be implemented in R4.0:
>>>>
>>>> https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
>>>> https://github.com/QubesOS/qubes-issues/issues/866
>>>> https://github.com/QubesOS/qubes-issues/issues/2075
>>>>
>>>
> On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki <
> marm...@invisiblethingslab.com> wrote:
>> On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote:
>>> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <a...@qubes-os.org>
>>> wrote:
>>>> On 2016-06-29 09:37, Franz wrote:
>>>>> But how can I trust a printing dispVM for something as sensitive as
>>>>> a hot wallet? We would need two different dispVMs but we are not
>>>>> there yet.
>>>>
>>>> Indeed, not yet, but it will be implemented in R4.0:
>>>>
>>>> https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
>>>> https://github.com/QubesOS/qubes-issues/issues/866
>>>> https://github.com/QubesOS/qubes-issues/issues/2075
>>>>
>>>
>>> Andrew,
>>> After various tests I am getting a bit more confidence about bitcoins.
>> So I
>>> prepared the promised tutorial. I tried to go to Qubes documentation to
>> see
>>> if there is any way to upload it, but found no reference. So I post it
>>> here. Perhaps you know what to do.
>>
Thank you for taking the time to write this, Franz. However, we
>>> After various tests I am getting a bit more confidence about bitcoins.
>> So I
>>> prepared the promised tutorial. I tried to go to Qubes documentation to
>> see
>>> if there is any way to upload it, but found no reference. So I post it
>>> here. Perhaps you know what to do.
>>
already have a page on using Split Bitcoin wallets (using
Electrum) here:
https://www.qubes-os.org/doc/split-bitcoin/
Nonetheless, it looks like your guide has some additional
information that is missing from the current page. Please
consider submitting a pull request against this page with your
additions. You can see the documentation guidelines including
a step-by-step how-to) here:
https://www.qubes-os.org/doc/doc-guidelines/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX2ltIAAoJENtN07w5UDAwZwwQAL6eJaF0jCqlsKkN94DTFfYw
9fcC2w/ybGbPii7h0zHeuzpLsdKc8BQt1ijQ4UiBKzotEQIqyBGDW5xs/7ex6iYn
vZibLWsfDK9Zoxqj0kxlZrGTmHbzInvWTVIjtoKY7pOfDfosgGTBqvd9uM1RqSn3
MfWuWbJtY2JjRp4+Q80IUS4soQB8Emcm7ZSEBqu6TvX61ycBWyxm/DDLt9xLoFNg
WFB6jVFnUGkucRoKEKwevVOfFoSiLTPjiDjIarlhTKaiG1NCT5otItbfq60mdZcf
BYqS+1vb5WDm55YdDy8p4znz0ImKcLErmUZK+TgRLK4Yi36bvKb3EXr3gUQa4Tqd
MZHpjR6IP/t4tbgBXWc7x6CDqFv+T8LRdD1v5IlsmMl7RmcyV8ES1xFwYXDl4I81
7iYvOPjTqoMOASIOejdkuufu+adfgy4BYLqd1SV/C1oJk8SXJ0dkuvoT4IJ1nDBc
FAHIDE9S1MiJZ2fdHGq/B6plrDe/JluhT9L0A8NPCIZetCkTcvgyQQ5CrNyR2UWw
nedk+L2zvzwNQxbZXXVmGSR3gczEkWYfn/ZT+OAFmo72qWPJmLwtmZg/q9zbm6Vw
Bd7ne4mbnOyLshrQ6ZFVui0ZnDfQn4QLauMEQEwS2xNEU88qjIjlNt4klpwtFPVN
5AWniVUYJXpjwvKiJeSx
=OMbs
-----END PGP SIGNATURE-----
Franz
Sep 15, 2016, 8:50:30 PM9/15/16
to Andrew David Wong, Marek Marczykowski-Górecki, 7v5w7go9ub0o, qubes...@googlegroups.com
Andrew
Additions? Well I used a somehow different way, because i sign the transactions on both the hot and the cold VM. So the hot VM is not for "watching" it is for doing exactly all what does the non-connected one (including signing) and obviously for doing the real job of generating addresses for receiving and sending bitcoins to other addresses. It is what is called multi-signature.
Is it worth to sign the transaction two times, once for each VM? I do not know, but it is not so much additional work because in both cases you always have to copy a file forward and back between VMs.
But the two ways are somehow alternative. I see no point to mix them in the tutorial just to increase confusion to a matter that is already a bit complicated.
The final part of editing the firewall rules of hot VM to limit connection to Electrum servers may be worth to protect the keys in hot VM, but may have less sense if there are no keys to protect in hot VM.
So did nothing, but am obviously open to suggestions.
Best
Fran
Andrew David Wong
Sep 16, 2016, 4:34:34 PM9/16/16
to Franz, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
>
> You can see the documentation guidelines including
> a step-by-step how-to) here:
>
> https://www.qubes-os.org/doc/doc-guidelines/
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
e8rlWTUrs1gbnzwJxMGKwhyRsF++oivCFmjCwFqNfL8moVQS72yIgy4rwSdmQ9gm
iJNWTf+bqrYIs/yxBg3U55gdzrdiJ8CW1djnoOPqwCnCivvogmobkN4POX3vGluY
LR9ni2QqzqALXU6lpfM65hllfWlxeSQQNYlE749RKxj/Yk23tE3VqWT+q7D4/K4X
djymr/5ksmdHwPVrIz/Xr80XT9yo2C94+qAsE8Q5vRwD/4ik9h/jSP9byvU2cv7n
OTmN0Eqsc03XHIAwbs/7Il5Lf0g7qXu0Ycb0nkwCegUhXtQFnD6kHQV9CRR8qznf
wwn4sp8qPw8aufhH4BeM7GI3V71hhT3PJCI7b4+MJwJEU70vo9U0+Saos75jOYF+
szeHloKfn/k7ZcSX/q61qcuJIE4Q0u0yhb/ellohYe8WAZ+ZPoUyHmnmJpmzL0jp
52knik1Ivq3yH1raHYV5jPzA0kqfwNlD7oO54yG/F/f9QGh7cdjerY/p7uJfFUwu
3Oy2wNiIVnNHMxgkTiGQbXn8vn4zAuBHjWr4OBpw5HvqZti+1ywJBQkpoLXj89Ri
GMzXQV3YhNhroe+ma77WqymJMLdw3SNE5aSoF3zvikN/Z3jJuHkd8P/QJ20DWtdG
xuu01Q0m2mvlOmwZQI0f
=viO+
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages