Guys, apparently, BlackHatCoiner is correct (at least mostly correct). The tools that he suggested are superior. So please, this tutorial should be treated as an alternative, but not as the best alternative.
The tutorial is good, but should be limited to generating wallets only for long-term storage and not to be used as a hardware wallet for daily spending.
There is a big problem. Sparrow terminal doesn't support signing transactions. This means that you can't enter a PSBT and sign it. Obviously, I wasn't aware before-hand, because I started implementing the tutorial at the time of writing the post.
That said, the tutorial is still useful in order to generate a long-term cold storage, but you can't really sign transactions unless you import the seed phrase on a hot wallet.
There are mainly two options:
1. Use the wallet like you would use a "paper" wallet.
2. Use electrum instead of sparrow terminal.
Lastly, I changed the title because the post will be a single post and not a multi-part tutorial.
Topic: [TUTORIAL] Cold storage device on a Raspberry Pi (Read 156 times)
Secure Boot and encrypted filesystems would be another advantage of a laptop if we can't have at least encrypted filesystems for the data on a Raspi.
Both of them are technically possible. There's official documentation about secure boot[1], while you could create encrypted partition on the SD card and modify boot option to handle encryption using another computer.
[1] https://pip.raspberrypi.com/categories/685-whitepapers-app-notes/documents/RP-003466-WP/Boot-Security-Howto.pdf
This is a helpful guide, but isn't a new Raspberry Pi both more expensive and slower than a second-hand laptop? You can find very cheap laptops on e-Bay and manually remove hardware components like Wi-Fi antennas to make them air-gapped. Plus, with a laptop, you get a graphical interface instead of being limited to command-line usage. By using thoroughly reviewed operating systems like Tails, which comes with Electrum pre-installed, you also reduce the risk of making mistakes compared to setting everything up manually, while benefiting from added security features.
Raspberry Pi makes serves better purpose when used to run a Bitcoin node, IMO, because in that case, you'd save in electricity.
Raspberry Pi makes serves better purpose when used to run a Bitcoin node, IMO, because in that case, you'd save in electricity.
Absolutely! The tutorial was made because I had an idle Raspberry Pi, so I wanted to examine this option. It's not that I suggest it as "a better alternative", but rather as an option to have a small device which is easily portable. But obviously, eveyone suggests Tails on old laptops, and I understand why!
Secure Boot and encrypted filesystems would be another advantage of a laptop if we can't have at least encrypted filesystems for the data on a Raspi.
That's indeed a significant advantage. Though I assume that you could encrypt the Sparrow directory and of course the wallets themselves.
There was a sentence about software verification:
Oh sorry, I must've missed that part. Indeed your tutorial must not be bloated with such things that are well enough documented elsewhere.- For simplicity, I haven't written the verification process of the software we have downloaded. But we must always verify the software we install.
~~~
You certainly have a point here. Can a used laptop really beat e.g. a Raspi 4B with 4GB RAM which would certainly be enough for a cold storage platform? I see apogio's tutorial as another option. Whatever you choose to use, is up to yourself.While a laptop has the advantages you enumerate, it is bulkier than a small Raspi. If you boot the Raspi from a quality microSD card, this small microSD card is all you need to hide to securely store your cold wallet.
I wish there were a way for Secure Boot with a Raspi that works with the commonly used Linux OSes AND encrypted partitions. I admit, I haven't extensively searched for solutions to secure partitions on Raspi storage media.
Secure Boot and encrypted filesystems would be another advantage of a laptop if we can't have at least encrypted filesystems for the data on a Raspi.
This is a helpful guide, but isn't a new Raspberry Pi both more expensive and slower than a second-hand laptop? You can find very cheap laptops on e-Bay and manually remove hardware components like Wi-Fi antennas to make them air-gapped. Plus, with a laptop, you get a graphical interface instead of being limited to command-line usage. By using thoroughly reviewed operating systems like Tails, which comes with Electrum pre-installed, you also reduce the risk of making mistakes compared to setting everything up manually, while benefiting from added security features.
Raspberry Pi makes serves better purpose when used to run a Bitcoin node, IMO, because in that case, you'd save in electricity.
Raspberry Pi makes serves better purpose when used to run a Bitcoin node, IMO, because in that case, you'd save in electricity.
That looks like a nice tutorial so far, great job! Sorry, I'm pretty low on sMerits atm.
Thank you!
# A maybe safer way to force the Raspi to be offline is to disable the device drivers for the network interfaces in the config.txt file in /boot. Disabled device drivers in config.txt prevent any accidental try to fire up any of the wireless network interfaces. For the ETH port you can insert a dummy plug or leave it open. So far I haven't yet found a way to disable the ethernet port via some dtoverlay magic.
Suggestion added to the initial post. Very good idea.
# Maybe add a sentence that the Sparrow wallet file download should be properly checked and verified before you install or execute Sparrow. That's just good common practice in crypto coin space.
There was a sentence about software verification:
For simplicity, I haven't written the verification process of the software we have downloaded. But we must always verify the software we install.[/li][/list]
Although verification is a must for me, I didn't want to include it in the tutorial. Every software we install has a detailed verification process on the their website.
If more users think it's good to include it, I will!
Linguistic nitpicking:
change airgaped --> air-gapped or air gapped
change airgaped --> air-gapped or air gapped
Changed!
That looks like a nice tutorial so far, great job! Sorry, I'm pretty low on sMerits atm.
Allow me a few suggestions:
# Instead of Balena Etcher you can use the official Pi Imager where you can easily choose what OS you want to have written to your microSD card or whatever you want to boot your Raspi from (changing boot order may need tweaks with raspi-config, IIRC.
# A maybe safer way to force the Raspi to be offline is to disable the device drivers for the network interfaces in the config.txt file in /boot. Disabled device drivers in config.txt prevent any accidental try to fire up any of the wireless network interfaces. For the ETH port you can insert a dummy plug or leave it open. So far I haven't yet found a way to disable the ethernet port via some dtoverlay magic.
# You can disable WiFi and Bluetooth alltogether (not sure if this is also possible for the ETH port) by adding the following lines in your /boot/config.txt usually somewhere near the end. Make sure the section of the lines applies generally to your Raspi device (see config.txt documentation for this on official Raspi website).
# Without internet connection the Raspi 4B won't have a correct date and time set. You will have to set it to correct values manually after every reboot.
# Maybe add a sentence that the Sparrow wallet file download should be properly checked and verified before you install or execute Sparrow. That's just good common practice in crypto coin space.
Linguistic nitpicking:
change airgaped --> air-gapped or air gapped
Allow me a few suggestions:
# Instead of Balena Etcher you can use the official Pi Imager where you can easily choose what OS you want to have written to your microSD card or whatever you want to boot your Raspi from (changing boot order may need tweaks with raspi-config, IIRC.
# A maybe safer way to force the Raspi to be offline is to disable the device drivers for the network interfaces in the config.txt file in /boot. Disabled device drivers in config.txt prevent any accidental try to fire up any of the wireless network interfaces. For the ETH port you can insert a dummy plug or leave it open. So far I haven't yet found a way to disable the ethernet port via some dtoverlay magic.
# You can disable WiFi and Bluetooth alltogether (not sure if this is also possible for the ETH port) by adding the following lines in your /boot/config.txt usually somewhere near the end. Make sure the section of the lines applies generally to your Raspi device (see config.txt documentation for this on official Raspi website).
Code:
dtoverlay=disable-wifi # disable wifi
dtoverlay=disable-bt # disable Bluetooth
# Without internet connection the Raspi 4B won't have a correct date and time set. You will have to set it to correct values manually after every reboot.
# Maybe add a sentence that the Sparrow wallet file download should be properly checked and verified before you install or execute Sparrow. That's just good common practice in crypto coin space.
Linguistic nitpicking:
change airgaped --> air-gapped or air gapped
Today we will construct a secure, air-gapped device, where we will be able to generate wallets and keys offline.
Prerequisites
1. A Raspberry Pi 4B (or any other model). If the model doesn't support WiFi it's even better. But for this tutorial I have used a Raspberry Pi 4B.
2. A keyboard.
3. A micro-SD card.
4. An HDMI cable.
5. A monitor.
6. A computer that connects to the internet.
7. A USB thumb drive.
Flashing Raspberry Pi OS Lite on the SD card
1. Download Balena Etcher.
2. Download Raspberry Pi OS Lite from the official website.
3. Use Balena Etcher to flash the OS image on the SD card.
Downloading Sparrow Terminal
1. Download the Linux (ARM64) Standalone version (sparrow-server-2.0.0-aarch64.tar.gz) from the official website.
2. Drag and drop the tar.gz file on a USB drive.
Setting up the Raspberry Pi
1. Insert the SD card into the card reader on the Raspberry Pi.
2. Connect the device to the monitor using the HDMI cable.
3. Plug the power supply to the device.
Once the device is turned on, it will prompt you to create a user and set a password.
After that, you will log in and you will be presented with a terminal.
The terminal will be our dearest friend from now on.
Doing some preconfiguration
Keep in mind, that since we won't plug in an Ethernet cable and we won't connect to a WiFi network, we will never connect to the internet.
But this is not enough!
Since we want to build an air-gapped device, we must disable networking.
This will open nano editor and there we will add the following lines:
Having done that, everytime we reboot the device, networking will be disabled.
Installing Sparrow Terminal
We will now import the USB where Sparrow Terminal is installed.
Then, we need to mount it.
This command will produce an output where we will see the USB and the disk partition (normally something like /dev/sda1 or /dev/sdb1 etc.).
Let's say that the USB is on /dev/sda1.
We need to mount it, using the command:
Now we will move into the folder, and we will extract the tar file onto our home path.
Then we will unmount the usb.
Now we install Sparrow:
Now, we have a Sparrow directory in our home.
Let's run it.
Once you run it, you will get something like this:
Then, press the "Wallets" button.
You will be presented with 2 options:
Just choose to "Create Wallet"
Notes:
EDITS by other members:
Prerequisites
1. A Raspberry Pi 4B (or any other model). If the model doesn't support WiFi it's even better. But for this tutorial I have used a Raspberry Pi 4B.
2. A keyboard.
3. A micro-SD card.
4. An HDMI cable.
5. A monitor.
6. A computer that connects to the internet.
7. A USB thumb drive.
Flashing Raspberry Pi OS Lite on the SD card
1. Download Balena Etcher.
2. Download Raspberry Pi OS Lite from the official website.
3. Use Balena Etcher to flash the OS image on the SD card.
Downloading Sparrow Terminal
1. Download the Linux (ARM64) Standalone version (sparrow-server-2.0.0-aarch64.tar.gz) from the official website.
2. Drag and drop the tar.gz file on a USB drive.
Setting up the Raspberry Pi
1. Insert the SD card into the card reader on the Raspberry Pi.
2. Connect the device to the monitor using the HDMI cable.
3. Plug the power supply to the device.
Once the device is turned on, it will prompt you to create a user and set a password.
After that, you will log in and you will be presented with a terminal.
The terminal will be our dearest friend from now on.
Doing some preconfiguration
Keep in mind, that since we won't plug in an Ethernet cable and we won't connect to a WiFi network, we will never connect to the internet.
But this is not enough!
Since we want to build an air-gapped device, we must disable networking.
Code:
sudo crontab -e
Code:
@reboot sudo ifconfig eth0 down
@reboot sudo ifconfig wlan0 down
Installing Sparrow Terminal
We will now import the USB where Sparrow Terminal is installed.
Then, we need to mount it.
Code:
lsblk
Let's say that the USB is on /dev/sda1.
We need to mount it, using the command:
Code:
cd /media
sudo mkdir usb
sudo mount /dev/sda1 /media/usb
Now we will move into the folder, and we will extract the tar file onto our home path.
Code:
cd /media/usb
mv sparrow-server-2.0.0-aarch64.tar.gz home/
Then we will unmount the usb.
Code:
sudo umount /media/usb
Now we install Sparrow:
Code:
cd /home/
tar -xvf sparrow-server-2.0.0-aarch64.tar.gz
rm -rf sparrow-server-2.0.0-aarch64.tar.gz
Let's run it.
Code:
cd Sparrow/bin
./Sparrow
Once you run it, you will get something like this:
Then, press the "Wallets" button.
You will be presented with 2 options:
Just choose to "Create Wallet"
Notes:
- For simplicity, I haven't written the verification process of the software we have downloaded. But we must always verify the software we install.
EDITS by other members:
| User | Idea / Comment | |
| Cricktor | To disable wireless internet, we can edit the config.txt file, as follows: Code: sudo nano /boot/config.txt dtoverlay=disable-wifi |
Jump to: