Author

Topic: Armory - Using Tails for secure Armory use on a single physical machine (Read 9185 times)

member
Activity: 80
Merit: 10
I'm not sure why you would use TrueCrypt over Linux's own dm-crypt/LUKS. Unlike the former, the latter is well-audited.

I believe this is what Tails is using to create it own secure persistent partition. The problem is that you can not access that partition on a windows based computer, hence my above question.
member
Activity: 80
Merit: 10
Sorry for the Necro, but I cant seem to access the Tails encrypted persistent partition in windows. The drive doesn't seem to mount? How can I mount the partition so that I can decrypt it and use it to broadcast signed transactions from windows?
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
By the way, I retract my statement about "why use disk encryption when you use an encrypted Armory wallet"?    There's two reasons I came across, one of them I became aware of recently:

(1) If you make sure you do everything on the encrypted partition, you're protected from even carelessness, like copying stuff into another program to print and it auto-saves.  Or you use the Shamir's Secret Sharing script which writes the results to disk.  It basically picks up the slack if you're a little careless with handling private key data.
(2) This doesn't apply to TrueCrypt, but if you use something like Ubuntu alternate installer and select that you want encrypted home partition, it actually sets up encrypted swap, too.  This is super nice, since it effectively negates any defects in my own attempts to keep key data out of swap/disk.  My implementation is the same one used by the Bitcoin-Qt devs, but I'm told it's not bulletproof.  Especially if you ever accidentally hit "hibernate" on your laptop (which will write it to disk even if it's in memory-locked RAM).
legendary
Activity: 1148
Merit: 1018
wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.

Come on N.Z., go a little easy on the linux-n00b Smiley   I remember those days... lots of confusing command line arguments, figuring out how to re-add windows to my grub menu, the dreadful "kernel panic"... great fun!

If I get some time, I might try the Tails thing, too.  Maybe I can write up a more-specific instructions.  I think having an 'offline" setup that doesn't require separate hardware is a nice alternative.

Specific instructions for Tails or UPR would be great. Or even better, a downloadable ISO including armory for a Tails / UPR livecd.

The only inconvenience in Tails is the difficulty in creating an USB with persistence that will boot on macs. I found a workaround using one CD with refit + Tails USB 1 made with Unetbootin + Tails USB 2 made with the Live USB Installer inside Tails.

The system will boot with the CD + USB 1, but the OS will run in USB 2, with persistence (don't ask me why).

If you use only refit + USB 2 Tails will not boot on a mac.

It's not the best way, but at least works.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.

Come on N.Z., go a little easy on the linux-n00b Smiley   I remember those days... lots of confusing command line arguments, figuring out how to re-add windows to my grub menu, the dreadful "kernel panic"... great fun!

If I get some time, I might try the Tails thing, too.  Maybe I can write up a more-specific instructions.  I think having an 'offline" setup that doesn't require separate hardware is a nice alternative.
sr. member
Activity: 427
Merit: 250
wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.
sr. member
Activity: 427
Merit: 250
Quote
What is the point of the TC container?
1. It is cross-platfrorm
2. It hides the fact that you have armory (bitcoin) wallet
3. It works in Tails as persistent container
Quote
Also, as Wachtwoord suggested, why bother with two USB keys?  Can't you just get yourself a single, large USB key, and partition it into OS (Tails) and data (Armory + wallet files)?
Yes we can Smiley Tails is Live-CD/Live-USB distro. That means no data is saved after shutting it down, moreover Tails mount ALL disks as read-only. But data can be saved on encrypted partitions, it is achieved with Truecrypt containers OR special "Tails Persistent Volume" with Luks encyption. With first one you have to boot Tail by whatever method you choose - DVD, USB-drive, Virtualbox, etc. and have TC-container on whatever disk (even on that you booted from). The last one you can get when you install Tails on USB stick with built-in "Tails LiveUSB installer": so you will have two partitions on one USB - one for Tails installation and one encrypted persistent volume you mount when you boot from USB. You should really spent some time and try Tails Smiley
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
I'm not sure I even understand fully.  What is the point of the TC container?  I can think of only two reasons:

(1) You really don't trust Armory wallet encryption
(2) You want even the watching-only portions of the wallet to be encrypted, too (which will actually be an option with the new, upcoming wallets)

I only ask because it seems redundant, and makes it a bit more effort to setup and use.

Also, as Wachtwoord suggested, why bother with two USB keys?  Can't you just get yourself a single, large USB key, and partition it into OS (Tails) and data (Armory + wallet files)?
sr. member
Activity: 427
Merit: 250
About Truecrypt in Tails. You can use whatever storage device connected to your computer to store or use as truecrypt container. You don`t have to though, you can configure persistent storage for that from Tails menu, it will be encrypted as well. Truecrypt is just convenient for me.
legendary
Activity: 2324
Merit: 1125
Hi all.

This is a reply to a post by N.Z. that etotheipi pointed me to after I asked for how to use Armory securely with one physical machine connected to the internet. He pointed me to the following post:

Hi all Smiley Just tested the best way of using offline part of Amory I can think of.

1. Download Tails. This is Debian LiveCD/LiveUSB system. Why Tails? Because it is well-known system designed with max security in mind (to leave system and disks untouched in particular), has a lot of users and testers and supported by Tor project. These ones are enough for me to trust it.

2. Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen.

3. Go to online computer and download needed packages from Debian repositories or from here, we need these:
Code:
python-twisted-conch_10.1.0-1_all.deb  
python-twisted-runner_10.1.0-2_i386.deb
python-twisted-core_10.1.0-3_all.deb   
python-twisted-web_10.1.0-1_all.deb
python-crypto_2.1.0-2+squeeze1_i386.deb 
python-twisted-lore_10.1.0-1_all.deb   
python-twisted-words_10.1.0-1_all.deb
python-openssl_0.10-1_i386.deb           
python-twisted-mail_10.1.0-1_all.deb   
python-twisted_10.1.0-3_all.deb
python-pyasn1_0.0.11a-1_all.deb         
python-twisted-names_10.1.0-1_all.deb
python-twisted-bin_10.1.0-3_i386.deb     
python-twisted-news_10.1.0-1_all.deb
Don`t forget to check hashes and signatures!
Also download latest Armory .deb file from Armory website.

4. Make Truecrypt container in USB drive, put all debs to folder, say, 'armory' in this tc-container.

5. Plug in USB drive to computer booted with Tails as said above. Mount tc-container, run
Code:
dpkg -i /media/truecrypt1/armory/*.deb

6. We got an secure offline environment: if it is unencrypted, it disappears when you shutdown computer. Total geek  Cool

Did I miss something? Maybe we should ask etotheipi to include offline bundle for Tails as it is already made for Ubuntu? Wink

It turns out this description is too limited for the amount of knowledge I have on the matter to follow so I'll post the quests I have to get this working here Smiley

1. I installed Tails on a USB drive and booted into the OS. (Done and I am posting this booted in Tails)
2. So here comes the first issue: What does "Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen." mean? When I boot from my USB drive it doesn't give me this option it only asks me to specify an admin password. Also what is the use of doing this? I know TrueCrypt, but have no idea what booting something Truescrypt could even mean. I mean the USB is not encrypted, it is a normal Tails boot USB drive.
3. I haven't tried but I cannot imagine this will cause difficulties
4. What USB drive do you mean here? The USB drive Tails is installed on or a second separate USB drive? What is the use of this USB drive? How do I turn it into a 'tc' (Truecrypt I presume) container? What does that mean?
5. Is this the same USB drive from 5?

So I can search around but there are just way too many unknowns for me to even get started. Am I even right about the general idea?

Is the idea that you boot into Tails with USB drive one (unencrypted) and use a second USB drive to store:

1) Armory
2) Wallet file
3) Armory dependencies

Encrypted with TrueCrypt and every time you need the cold storage wallet you:

1) Boot from USB 1 to Tails
2) Unencrypt (mount?) USB 2 (with dpkg -i /media/truecrypt1/armory/*.deb ?)
3) Start Armory

Q: if this is the case is only USB 2 essential? (the place that stores the wallet and the volume you need to backup)
Q: Why use 2 USB drives (if this is even the intention)?

Could you get me started please, thank you Smiley
Jump to: