Topic: Tutorial: Compiling Armory and getting it onto an offline computer (Read 2314 times)

[...] Do you think it would work on Raspbian + Raspberry Pi B?

Sorry, for the bump.

Which issues did you face in your setup? I still use successfully: https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111

[...] I've tried the audio interface previously with another Bitcoin client, but I failed to set it up and eventually gave up on the idea.

[...] All types of visitors to your household (friends and ostensible friends alike) could interpret the sophisticated physical setup to mean "Is it possible he/she might have large stacks of BTC?". Keeping the hardware somewhere secure (and hence out of sight) is probably not so OTT a measure also, but it's not going to be possible to keep it thoroughly secret. [...]

I like the idea of that sort of thing, but I wonder how it could be perceived by others.

All types of visitors to your household (friends and ostensible friends alike) could interpret the sophisticated physical setup to mean "Is it possible he/she might have large stacks of BTC?". Keeping the hardware somewhere secure (and hence out of sight) is probably not so OTT a measure also, but it's not going to be possible to keep it thoroughly secret.

And I suppose the absolute worst case scenario is that you don't actually have that many bitcoins anyway, say holding onto 100,000 uBTC on the off chance that worldwide adoption takes off. Getting targeted then could be a little hairy, depending on how "worst case" your luck is.

Not wishing this on anyone! But I thought I'd throw it out there, perhaps there's a better way to keep the hardware unseen/unrecognised. Could your setup convincingly be construed as a pair of video calling devices in the same house? Without internet connections?

Well, somehow I have to boot from Ubuntu and install it on my low-end laptop. So far I've been using USB. It doesn't have a CD drive. I guess I could use my external USB CD drive, but then we're back on USB again.

But why? Doesn't the device itself have to support the hackery in the first place? An SD card is an SD card, not a USB key. Different device, even if it's connecting to a USB on the computer internally. The malware we've been talking about regarding USB keys, can malware of the same kind also be placed on an SD card?

Any USB device comes with a firmware and class negotiation, even a plain hub. These manufacturers don't come up with their own MCUs, they buy generic MCUs from large manufacturers like TI, Microchip and FTDI. They upload a USB firmware in the MCU's NVRAM and this the vulnerability root kits target to survive a power cycle.

Here's a suggestion to the OP: drop the SD's and the USB's on your offline system and use a webcam (easy way) or the audio interface (hard way). I use a webcam in my Raspberry setup to send transactions to the online computer. For your offline linux machine, I'd recommend qtQR, easy to use and powerful. I've tried the audio interface previously with another Bitcoin client, but I failed to set it up and eventually gave up on the idea.

And no, SD connecting through the USB only gives and illusion of safety.

I use a webcam in my Raspberry setup to send transactions to the online computer. For your offline linux machine, I'd recommend qtQR, easy to use and powerful. I've tried the audio interface previously with another Bitcoin client, but I failed to set it up and eventually gave up on the idea.

I have another question about this actually. The malware has to be installed on the device in first place. So the question is, do SD cards themselves actually have the same capability as USB devices for malware installations in the first place? (If not, even if on the computer the SD card connects through the USB interface, wouldn't I still be safer with an SD card?)

The issue with presenting SD to our users as a better alternative to USB is how the SD card itself is plugged into your PC. Most SD readers for PC are SD to USB adapters, and even some laptop built-in SD readers are hardware USB wrappers. In this situation, you are not getting extra security, rather you are getting the illusion of better security, which is much worse. Our expert users are aware of the intricacies of their hardware stack and what to expect from them.

Or you could try Carlton's crazy Inception style VMs inside VMs. Go deeper, friend.

I'm also wondering, is Linux really vulnerable to these kind of stuff in the first place? I don't know. Do you have thoughts on this?

I'm also wondering, is Linux (on my offline computer) really vulnerable to these kinds of USB attacks in the first place? I don't know. Do you have thoughts on this?

How do you intend to distribute a commercialised product with smart card support, and remain open source? Your own smartcards? Some kind of cryptographic token that's linked to an off-the-shelf smart card?

We have a lot of internal talks about this, and have even started a best practices security group with other members of the industry, on which the first topic was SD vs USB. That security group didn't go much further but at least we tried.

The issue with presenting SD to our users as a better alternative to USB is how the SD card itself is plugged into your PC. Most SD readers for PC are SD to USB adapters, and even some laptop built-in SD readers are hardware USB wrappers. In this situation, you are not getting extra security, rather you are getting the illusion of better security, which is much worse. Our expert users are aware of the intricacies of their hardware stack and what to expect from them.

Are you? Have you done the research? If you were to read our FAQ which would say something like "SD cards are more secure than USB", would you think twice about using SD cards? Would you research the topic before taking this sentence as truth? Frankly, I expect you in particular would at least poke some questions about it. However, that won't be true for others.

At the protocol layer, SD certainly has a lot less vulnerabilities than USB, but do you have enough hardware and software expertize to benefit from that? Would you not be more exposed to malpractice if you were under the impression of higher security while in reality you are not?

Our website covers how to create and maintain your wallets securely. We believe USB is sufficient for that purpose. Think of the effort needed for an attacker to build a USB root kit that targets Armory cold storage and execute this attack on you. I'm not saying it can't be done, but compare that to the low hanging fruit that are web wallets.

If you do not want to trust the USB protocol, I would suggest you look at smart cards or analog channels rather than SD cards. They are a lot more complicated to setup and will require code on your behalf but that security model is clearly above that of USB or SD. However I can only point you in that directions. After all, Armory is an expert wallet, we expect our users to know their way around the security of their hardware stack.

Before you ask why we don't just integrate with smart cards, let me answer: we are in that kind of business, but that is outside the scope of our free product.

Before you ask why we don't just integrate with smart cards, let me answer: we are in that kind of business, but that is outside the scope of our free product.

Have the Armory guys even thought about this risk at all?

Offline Wallets

Note: There is no special version of Armory needed for the offline computer, and it does not need to be the same operating system as the online computer. As long as you can install Armory and use USB drives, it will work.

Note: You must be in “Advanced” or “Expert” usermode to use offline wallets. “Advanced” is the default mode when you first install Armory, but some users change to “Standard” to simplify the interface. You can switch modes from the main window menu under “User”.

First and foremost, you will need a computer that you don’t mind keeping disconnected from the internet. Such a computer does not have any particular resource requirements: pretty much any computer that boots into Windows or Linux, can run Armory in offline-mode.

Once you have Armory installed on the offline computer, you create a new wallet. Don’t forget to print or copy by hand a paper backup! Then you “create a watching-only wallet” and load it on the online computer (this part only has to be done once). The nature of Armory wallets is that the online computer will always generate the exact same addresses as the offline computer, but the online computer cannot spend any of the funds!

Load Armory on the offline computer
Create a new wallet (with or without encryption)
Important: Make a paper backup! Connect a printer via USB or copy the paper backup information by hand. Make one or two copies, and store in a secure place. This is a permanent backup of every address your wallet will ever create!
Double click on the wallet and click on Create Watching-Only Copy on the right menu
Save the file to the USB drive, eject, insert into online computer
Load Armory on online computer, and select Import Wallet in the upper-right corner of the main window. Import the wallet file on the USB drive.
In the wallet-properties dialog, click on Belongs To, and click the checkbox that says This wallet is mine. This makes sure that any funds in this wallet are part of your global balance.
Now that the wallets are setup, you can use the watching-only wallet exactly the same way as a regular wallet, except Bitcoins cannot be sent from it. Use the Receive Bitcoins button to generate addresses for receiving payments, and incoming transactions will show up in the ledger with a slightly different color than your other wallets.

To send Bitcoins from your offline wallet, do the following:

On the online computer, click the Offline Transactions button on the right, below the logo. Select Create New Offline Transaction. Alternatively, you can just select Send Bitcoins and select the watching-only/offline wallet.
Create the transaction as you normally would but the “Send” button will be grayed out since the watching-only wallet cannot sign transactions..
Click the button Create Unsigned Transaction on the left side.
A window will open with the unsigned version of the transaction. Press the Save to file… button to save a *.unsigned.tx to the USB key
Insert USB key in offline computer, and click Offline Transactions, then select Sign or Broadcast Tranasaction.
Load the file from the USB key, then press the Sign button. A confirmation window will appear.
Verify the confirmation details before you sign it! The benefits of an offline wallet are lost if you don’t make sure the details are correct!
Click Save to file…. It will overwrite the original *.unsigned.tx file with a *.signed.tx file.
Eject the USB key and plug it into the online computer. If the original window is still open, you can click on Next Step to get to the broadcast window. If you closed Armory since then, you can use the same Offline Transactions button on the main window, and select Sign or Broadcast Transaction. Once the file is loaded, some green text should appear telling you that the signature is valid and the Ready to Broadcast! button should become available.
Press the button and you’re done!
Guidance is given at each step within the Armory software, so you may be fine without referring back to this page. And once you do this a few times, it will become a breeze!

Note: At no point in this process is any private data exposed through the transaction data. It is perfectly safe to transfer the signed or unsigned transaction via email. The biggest threat to an offline wallet is a USB-key virus that executes when plugged in. However, such viruses would have to be highly targeted, and can be mostly mitigated by disabling USB-auto-run on the offline computer.

I'm Scared! Help!

It’s natural to be uncomfortable using new software to store your precious savings, especially with such advanced features. But you know that if you could trust it, it’s a feature you would love! So, how do you calm your nerves about using such advanced features?

Try it out with small amounts of Bitcoins. Any time you think to yourself, “Do I really trust this program?” just pull out your USB key and execute a small offline transaction to yourself (or to make a donation to Armory developers!). Whether it takes you a day or a year, you will eventually come to realize that offline transactions really do work. Every time!

Make a new wallet as described above, but you must make a backup. A paper backup is preferred, because you can visually verify that it is intact, and it’s easier to store (but it will require plugging your computer into your printer via USB cable). A digital backup is fine if you make a couple copies, just in case one becomes corrupted. Generate some addresses by clicking on Receive Bitcoins a few times. Write down the first few letters of each address generated.
DELETE YOUR WALLET. Why did we just delete it? Because you’re about to prove to yourself that your backup works! If you can restore the backup once, you can always restore the backup at any time in future. Just don’t lose it! On the main Armory window, click on Import Wallet in the upper-right corner, and select the type of backup you are restoring. If it’s a paper backup, you’ll have to type it in manually — the time it takes to enter the wallet information is completely worth the peace of mind you get out of it. Generate some addresses with the new wallet. Check that they are the same as the addresses you wrote down earlier.
Using the wallet properties menu, click on Create Watching-Only Copy and save the file to a USB key. Import the watching-only wallet on your online computer. Generate a few addresses and compare to the ones you wrote down earlier. I bet you are starting to feel better… Transfer 0.5 BTC to one of these addresses. Wait for a few confirmations.
Whenever you are near your computer, you may ask yourself “Am I ready to trust this thing?” If the answer is “No,” then get out your USB key and execute an offline transaction. Follow the directions above to create an unsigned transaction for 0.01 BTC to one of your online wallets, transfer it to the offline computer, sign it, then bring it back and broadcast it. You are now one step closer to realizing, it really does work! If the answer is “Yes, I do trust the offline wallets,” well then you’re done! Congratulations on having mastered the most secure Bitcoin wallet functionality in existence!
You'll not only calm your nerves, but you’ll learn how to use the feature efficiently. Once you get the hang of moving transactions around via USB drive, you should be able to execute an offline transaction in less than one minute!

If you do get this far, please consider sending a donation to the Armory developers (the donate button works for offline transactions, too!). This feature was the prime motivation for creating Armory, and took many months of hard work to make it available to you, for free. There are lots of new, innovative features planned, but it won’t be possible without you!

Intro to Offline Wallets
Watching Only Wallet
Send from Online to Offline Wallet