Topic: Armory - Discussion Thread - page 52. (Read 521829 times)

This is already supported by the lockboxes!  All parties in a lockbox can be offline keys, created separately and independently.   Each party individually manages their own wallet holding that key, including all the regular methods we have backups... yes you can do a 2-of-4 lockbox between 4 parties, and each party can do a 3-of-5 fragmented backup of their individual wallets (which hold the key).

Speaking of that, we're working on multisig lockboxes on the "devel" branch -- anyone can check it out and play with it.  It's actually looking really good.  Got P2SH working, so you should be able to go above 3-of-3 on mainnet now... but of course I don't recommend using any money you can't afford to lose (yet)!

The lockboxes and all the data passed between devices/parties assumes that all keys are offline, and thus always contain all information needed to sign offline.  The downside to this is that all these message formats have changed, even for regular offline transactions, so all online & offline devices will need to be updated to use this.  But once you do, it does work! 

Will have the last couple pieces of it implemented soon and put out an experimental build to get people playing with.

Heh, true.  I guess it is the difference between a user and a developer.  

Being able to download the pre-compiled files is easier for everyone.

For multi-sig, are you planning to have watch only wallet capability?  

This would be where you could have 3 watching only wallets installed and it would tell you that a multi-sig payment could be redeemed by 2 of 3 of them.

You could also allow creation of a spending transaction that each private key owner could sign in turn.

This is better for "boards" that have N of M spending requirements.  Each member would have a watching-only wallet for all keys associated with the cold store and one set of private keys.

You could also create 2 level shamir sharing.  For example, you could have 2 of 3 sharing, but each share is then split up into 2 of 3 as well.  This means that each share is protected against loss too by sharing.

Depends what you mean by "less hassle".  Doing it my way requires more "down payment" to get it setup, but then it's trivial to compile new versions.  Once I push my latest changes to the repo, I can just switch to the RPi directory, pull, and run "make CXX=".  3 minutes later I have an RPi release

In fact, I think I don't even have to switch directories!  But I do it anyway to be clean.

I compiled it using the pi itself.  That is very slow , but less hassle than cross compiling.

I have been cross-compiling it for Pi on one of my Ubuntu VMs.  I downloaded crosstool-ng and built the armhf g++ from scratch, then used that to compile _CppBlockUtils.so.  I had to make one small modification to the Armory Makefile to make sure it's linking against the armhf python, but it didn't need any further modification (and that can be easily removed as well).    Once it's all setup, it actually compiles no differently than regular building.   I didn't need to mess with the crypto++ libraries or makefiles at all.

It worked on my freshboot RPi with those dependencies, but I was also online so I wonder if it really got everything or if it silently installed some stuff in the background.  That's why I wanted someone else to try it.

I compiled the latest build yesterday, though it would have been with an old OS.

I had to make a tiny tweak in one of the makefiles to get cryptopp to work.

This line needs to be moved up to line 15 (after ISX86 = ...).

I guess the latest version of raspbian works without needing mods?

Anyone with a RaspberryPi try this out!  I finally got my RPi up and working and was able to extract the dependency tree into an offline bundle.  It seemed to work on mine, someone else please try it with a fresh raspbian install and let me know:

https://s3.amazonaws.com/bitcoinarmory-testing/armory_0.91.1-rc1_raspbian.tar.gz
https://s3.amazonaws.com/bitcoinarmory-testing/armory_raspbian_deps.tar.gz

If that works, then I'll finally be able to start packing RPi offline bundles with every release.

I'd like to do the same for Tails, but the latest Tails actually uses python2.6, for which we have temporarily broken support   Until we fix that, I'm going to have to pass on Tails support ...

P.S. -- Holy hell the RPi is slow as dirt! 

Had a lot of requests for this.  Right now the only way to do it is to create a new wallet on the offline computer, import the keys, export the new watch-only wallet to the online computer, then perform an offline transaction to move all the coins.  It's four steps... If you have the public key already it could theoretically be three steps, but Armory doesn't allow importing of public keys into WO wallets. 

That would be a very handy feature!
Sweeping brainwallets, coins, paperwallets and all.

Ente

Ok i am back. So i when using Bitcoin Core with the following arguments: "-datadir", "-maxconnections=8", "-addnode=127.0.0.1" and Armory always with "--datadir=" and "--satoshi-datadir" i get no notifications about transactions. I can't tell for sure if there is a bigger lag than usual. Removing "-maxconnections=8" and "-addnode=127.0.0.1" from Bitcoin Core and keeping everything else bring me back the notifications.

It's not such a big deal, but just wanted to report it.

Well yes and no. Low hanging fruit right now are people using an online wallet with 2FA, shoving all their coins in there and backing up the plain private keys in the hotmail account they used for their MMO subscription 10 years ago...

I have to agree, and will now say the opposite of what I said before:
Forget that "private key" stuff, and stick to your paper wallet, as you were already doing. This is more than 99% sure.
With my previous suggestion, you add more uncertainity than you are removing.

To all of you: Be very careful with "individual private keys" and brainwallets. This probably is among the top 5 reasons people lose all their bitcoins.

Ente

Thanks a lot man! I feel much safer now;)

Your Armory wallet has a "root" private key. All of the private keys in your Armory wallet are generated from that root key in a way that can be repeated at any point now or in the future with or without Armory as long as a copy of the source exists somewhere on the internet.

If for some reason you think that won't be the case in the future, you can lock all of your savings up in one of your Armory Wallet's private keys (One of the private keys that was generated from root private key mentioned above.) You then write that private key down, and keep that in a safe place. That private key can be used to recover your savings even if a time machine was invented and someone goes back in time and un-invent's Bitcoin Armory and deterministic wallets.

I actually don't agree with Ente on those statements.  Print a paper backup of your wallet, and you are protected forever.  Armory is being used on $10M+ worth of BTC.  If Bitcoin has any value, there will always be a copy of Armory floating around that can be used to recover your coins.  Or someone will create something that can produce the private keys from the paper backup.  It's not a terribly complex algorithm.

If you have to worry about change addresses, etc, you are taking unnecessary risks.  Part of the reason I made Armory was to help people avoid dealing with those low level details

"Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well."

How can I do that?

"You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address)."

I don't follow you here. I thought that by making a paperbackup, I was already doing all the best for protecting my coins. Could you explain me a little more this private key thing? (I appreciate your time)

Your Armory wallet is completely independent from bitcoin-core. Even if you break bitcoin-core, your coins will still be there, Armory will just be offline. As long as you have a paper-backup, you normally can even break Armory without losing coins.

So, normally you should be able to install the newer bitcoin-core version right over the old. Close both bitcoin-core and Armory before doing that, though ;-)

What's that "Armory" that could disappear?
If Alan and the other devs (aka Armory corp) disappear, you still can download and use the Armory client.
In case the Armory software disappears from the net, isn't developed any further or is outlawed, you still have your local copy.
If all fails, and you wake up after a 10 year coma, with *everything* gone, you will surely find someone who recreates your Bitcoin private keys from the seed on your paperbackup.

In any case, you would be able to access your funds, and transfer them to whatever place, service, person, client you like.

Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well. You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address).

You do ask the right questions! Good! :-)

Ente

Maybe this is off-topic but I can't seem to find any answer to my doubts.

I'm using Armory 0.90 Beta with Bitcoin-qt 0.8.6

1- I want to update to Bitcoin core 0.9.1 but I don't know how to do it, and I'm bloody terrified of losing my coins.

2 -I have a paper wallet, does this means, that in case Armory breaks down, dissapears, whatever bad may happen to Armory, will I be able to recover my coins? 2a- If not, how can I backup my coins?

As I said, I'm sorry if this is an off-topic.

Thanks for this, it seems the best solution so far.

yep that solved the flickering issue and armory qt is now fully detected and armory uses bitcoin cores net connection ive tested this with wireshark , as soon as ive dropped tor both bitcoin core

and armory stopped dead in theyre tracks well except bitcoin core showing 1 or 2 local connections to armory shown as bitcoin network connections in the network meter of bitcoin wich really isnt a bitcoin network it just thinks armory is due to the bind=127.0.0.1 and listen=1 commands , armory will only connect over bitcoin cores

connection wich in turn only connects over tor as ive setup bitcoin cores network connection to use tors proxy , excellent, on top of that ive disabled online check and added the skip announce

flag to my shortcut to make sure armory only connects over bitcoin cores network not doing any call back home operations, if anyone got some more ideas please do add and having a setup in a standalone vm such setup has its uses for sure theres no denying that either, id say use one or the other or both depending on your needs