Topic: Armory - Using Tails for secure Armory use on a single physical machine (Read 9190 times)

I believe this is what Tails is using to create it own secure persistent partition. The problem is that you can not access that partition on a windows based computer, hence my above question.

Sorry for the Necro, but I cant seem to access the Tails encrypted persistent partition in windows. The drive doesn't seem to mount? How can I mount the partition so that I can decrypt it and use it to broadcast signed transactions from windows?

By the way, I retract my statement about "why use disk encryption when you use an encrypted Armory wallet"?    There's two reasons I came across, one of them I became aware of recently:

(1) If you make sure you do everything on the encrypted partition, you're protected from even carelessness, like copying stuff into another program to print and it auto-saves.  Or you use the Shamir's Secret Sharing script which writes the results to disk.  It basically picks up the slack if you're a little careless with handling private key data.
(2) This doesn't apply to TrueCrypt, but if you use something like Ubuntu alternate installer and select that you want encrypted home partition, it actually sets up encrypted swap, too.  This is super nice, since it effectively negates any defects in my own attempts to keep key data out of swap/disk.  My implementation is the same one used by the Bitcoin-Qt devs, but I'm told it's not bulletproof.  Especially if you ever accidentally hit "hibernate" on your laptop (which will write it to disk even if it's in memory-locked RAM).

Specific instructions for Tails or UPR would be great. Or even better, a downloadable ISO including armory for a Tails / UPR livecd.

The only inconvenience in Tails is the difficulty in creating an USB with persistence that will boot on macs. I found a workaround using one CD with refit + Tails USB 1 made with Unetbootin + Tails USB 2 made with the Live USB Installer inside Tails.

The system will boot with the CD + USB 1, but the OS will run in USB 2, with persistence (don't ask me why).

If you use only refit + USB 2 Tails will not boot on a mac.

It's not the best way, but at least works.

Come on N.Z., go a little easy on the linux-n00b    I remember those days... lots of confusing command line arguments, figuring out how to re-add windows to my grub menu, the dreadful "kernel panic"... great fun!

If I get some time, I might try the Tails thing, too.  Maybe I can write up a more-specific instructions.  I think having an 'offline" setup that doesn't require separate hardware is a nice alternative.

wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.

1. It is cross-platfrorm
2. It hides the fact that you have armory (bitcoin) wallet
3. It works in Tails as persistent container
Yes we can Tails is Live-CD/Live-USB distro. That means no data is saved after shutting it down, moreover Tails mount ALL disks as read-only. But data can be saved on encrypted partitions, it is achieved with Truecrypt containers OR special "Tails Persistent Volume" with Luks encyption. With first one you have to boot Tail by whatever method you choose - DVD, USB-drive, Virtualbox, etc. and have TC-container on whatever disk (even on that you booted from). The last one you can get when you install Tails on USB stick with built-in "Tails LiveUSB installer": so you will have two partitions on one USB - one for Tails installation and one encrypted persistent volume you mount when you boot from USB. You should really spent some time and try Tails

I'm not sure I even understand fully.  What is the point of the TC container?  I can think of only two reasons:

(1) You really don't trust Armory wallet encryption
(2) You want even the watching-only portions of the wallet to be encrypted, too (which will actually be an option with the new, upcoming wallets)

I only ask because it seems redundant, and makes it a bit more effort to setup and use.

Also, as Wachtwoord suggested, why bother with two USB keys?  Can't you just get yourself a single, large USB key, and partition it into OS (Tails) and data (Armory + wallet files)?

About Truecrypt in Tails. You can use whatever storage device connected to your computer to store or use as truecrypt container. You don`t have to though, you can configure persistent storage for that from Tails menu, it will be encrypted as well. Truecrypt is just convenient for me.

Hi all.

This is a reply to a post by N.Z. that etotheipi pointed me to after I asked for how to use Armory securely with one physical machine connected to the internet. He pointed me to the following post:


It turns out this description is too limited for the amount of knowledge I have on the matter to follow so I'll post the quests I have to get this working here

1. I installed Tails on a USB drive and booted into the OS. (Done and I am posting this booted in Tails)
2. So here comes the first issue: What does "Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen." mean? When I boot from my USB drive it doesn't give me this option it only asks me to specify an admin password. Also what is the use of doing this? I know TrueCrypt, but have no idea what booting something Truescrypt could even mean. I mean the USB is not encrypted, it is a normal Tails boot USB drive.
3. I haven't tried but I cannot imagine this will cause difficulties
4. What USB drive do you mean here? The USB drive Tails is installed on or a second separate USB drive? What is the use of this USB drive? How do I turn it into a 'tc' (Truecrypt I presume) container? What does that mean?
5. Is this the same USB drive from 5?

So I can search around but there are just way too many unknowns for me to even get started. Am I even right about the general idea?

Is the idea that you boot into Tails with USB drive one (unencrypted) and use a second USB drive to store:

1) Armory
2) Wallet file
3) Armory dependencies

Encrypted with TrueCrypt and every time you need the cold storage wallet you:

1) Boot from USB 1 to Tails
2) Unencrypt (mount?) USB 2 (with dpkg -i /media/truecrypt1/armory/*.deb ?)
3) Start Armory

Q: if this is the case is only USB 2 essential? (the place that stores the wallet and the volume you need to backup)
Q: Why use 2 USB drives (if this is even the intention)?

Could you get me started please, thank you