This tutorial will show you how to
set up Linux Unified Key Setup (LUKS)
encrypted partition on a USB drive (which will be referred to as the “wallet USB”)
and use it to store wallet files. Scenario in which you may find it useful is when you are not using encrypted home folder (e.g. when you have setup from this tutorial
https://bitcointalksearch.org/topic/m.8821758). This will work also if you wish to have your wallet portable so you can use it on different GNU/Linux boxes using their local BBR daemon, but your user ID has to be the same on each Linux box. You can check your user ID by typing (without the leading "$" sign - it just indicates the "command prompt"):
1. Creating wallet USBIf you are using GNU/Linux for the first time it is highly recommended to pull out the power cables from your local hard drives. We will be issuing some very destructive commands and you do not wish to isue them on a wrong drive
To determine which device is the wallet USB, before you plug ti in open the terminal (by pressing Alt+Crtl+t in Ubuntu) and write following commands:
$ mkdir localTmp && cd localTmp
$ ls -l /dev | grep sd > sdsWithoutW
Now plug in the wallet USB and type:
$ ls -l /dev | grep sd > sdsWithW
$ diff sdsWithoutW sdsWithW
The uptput wil look something like this:
Which means that the wallet USB is sd
c. If you plugged power out of your local hard disks and are running Linux from a USB it will be sd
b. Whichever it is remember it as all commands you issue must
operate only on that device!
If the output was e.g.
> SOMETHING sdc
> SOMETHING sdc1
the wallet USB have one partition on it and you should delete it first.
If you will use the wallet USB exclusively for the wallet purposes you should use a USB with small capacity since the following command might take a while to complete. Type:
$ cd && rm -rf localTmp
$ sudo badblocks -v -w /dev/sdc
Be aware that the "badblocks" command is destructive when used with "-w" switch! After a while, the end of output shouls be:
…
Pass completed, 0 bad blocks found. (0/0/0 errors)
If not use a different USB for the wallet. Now fill the wallet USB with noise:
$ sudo dd if=/dev/urandom of=/dev/sdc bs=1M
This will also take a while, but only about 1/4 of the time that previous command took to exacute.
Now type the following (without “$” or “(parted)”):
$ sudo parted /dev/sdc
(parted) mklabel msdos
(parted) mkpart primary 0% 100%
(parted) print
(parted) quit
You now have USB with noise and one partition on it. It is time to create encrypted container by:
$ sudo cryptsetup luksFormat --verbose --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --verify-passphrase /dev/sdc1
Type in strong password for LUKS encryption, then mapp the device:
$ sudo cryptsetup luksOpen /dev/sdc1 walletUSB
Now you can make file system on the encrypted device:
$ sudo mkfs -t ext4 /dev/mapper/walletUSB
You can mount your wallet by:
$ sudo mkdir /mnt/portableWallet
$ sudo mount -t ext4 /dev/mapper/walletUSB /mnt/portableWallet
2. Creating walletNow it is time to get wallet application. We will use CLI version of the wallet here. It is assumed that you have all dependencies for compiling it already installed. Type:
$ cd && git clone https://github.com/cryptozoidberg/boolberry
$ cd boolberry
$ mkdir -p build/release && cd build/release && cmake -D CMAKE_BUILD_TYPE=Release ../..
$ make -j 4 simplewallet
For the tutorial to work you'll need the daemon running, as you would have at the end of this tutorial
https://bitcointalksearch.org/topic/m.8821758If the daemon is not installed substitute the last command with this one:
$ make -j 4 daemon simplewallet
Now go in wallet USB and create new wallet:
$ cd /mnt/portableWallet
$ ~/boolberry/build/release/src/simplewallet --generate-new-wallet myNewWallet.bbr
Check this tutorial
https://bitcointalksearch.org/topic/m.8814576 and ignore point 3. for the moment. Point 1. is done by
$ ~/boolberry/build/release/src/simplewallet --wallet-file myNewWallet.bbr
Once you have closed the wallet you may unmount the LUKS partition with wallet files:
$ cd
$ sudo umount /mnt/portableWallet
$ sudo cryptsetup luksClose encryptedUSB
3. Using wallet USBThe next time you plug in your wallet USB you'll probably be prompted by the OS with something like this:
... actually i do not know how to insert pretty pictures here
Just select "Forget password immediately", type in your LUKS password and press "Connect". That will issue "cryptsetup luksOpen" and "mount" commands for you. The wallet USB will be mounted in something that looks like "/media/ubuntu/XXxxXXXx-xxxX-xxXX-xxXXxxxX". To issue "umount" and "cryptsetup luksClose" commands right click on the USB key lock icon and select "Eject"
Note that, in order to go to the directory with your wallet files you do not gave to type all in "/media/ubuntu/XXxxXXXx-xxxX-xxXX-xxXXxxxX", and that will be very colorfull string. You just type
and hit Tab button, the autocomplete will do the rest. Linux usually mounts a USB in "/media" directory, and "ubuntu" is a user name you get when running (Live) Ubuntu with persistence from a bootable USB. You may notice that such a (Live) "ubuntu" user has UID=999.