Author

Topic: Running 2 seperate instances of armory ? One offline and one online ? (Read 123 times)

legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
oh it seems I didn't explain myself properly.
One online machine. 2 instances of armory installed in separate folders. One can access the internet. The other is blocked at firewall level. Or even better in a virtual machine that has no network access.

Ah, so you only have one machine... In that case, the setup you describe would probably be "safer" than a "normal" desktop wallet, but defenatly not as safe as a proper airgapped setup (or a hardware wallet, or a properly generated paper wallet)... a VM with an encrypted disk and no network devices, nor using a shared clipboard might actually be a reasonably safe setup (albeit, you'll need a procedure to transfer signed/unsigned transaction back and forth with the use of a virual usb or something). I'm also thinking about applying patches to such a vm, since it's still located on an online pc, I'd still regulary apply patches, which would be a pain for a vm that doesn't have network interfaces...

An option if you have one machine would be to  boot tails and use it offline for your wallet with the private keys, then reboot to your "normal" online OS to create the watch-only wallet. This way you'd have a proper airgapped setup with only 1 machine (so you don't have to "sacrifice" a device for holding your airgapped wallet)
newbie
Activity: 39
Merit: 0
oh it seems I didn't explain myself properly.
One online machine. 2 instances of armory installed in separate folders. One can access the internet. The other is blocked at firewall level. Or even better in a virtual machine that has no network access.
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
Install armory 2 times in separate folders

Configure one to never have internet access and block it in firewall. Install private keys in this wallet. Use it to only sign a tx.
Open the other wallet which has internet access > import signed transaction > broadcast

Will this help a little from a security point of view? Seems to me that it will help with any bugs in the wallet software. Of course external factors like keyloggers are still going to be an issue...

Just curious. Not planning to do this.

You're describing an air-gapped setup, considered to be (one of) the most secure method(s) of creating a wallet.

As long as your private keys never touch an online machine, and you've created these keys in a secure way, you're setup perfectly.

By the way: if your machine holding your private keys never ever touches the internet (remove network drivers, or even network hardware), a firewall isn't needed, nor can keyloggers harm you (unless you're talking about those hardware keyloggers that are actually connected to your keyboard, but at this point a hacker should have had physical access to your cold wallet hardware)
newbie
Activity: 39
Merit: 0
Install armory 2 times in separate folders

Configure one to never have internet access and block it in firewall. Install private keys in this wallet. Use it to only sign a tx.
Open the other wallet which has internet access > import signed transaction > broadcast

Will this help a little from a security point of view? Seems to me that it will help with any bugs in the wallet software. Of course external factors like keyloggers are still going to be an issue...

Just curious. Not planning to do this.
Jump to: