Author

Topic: Ubuntu LiveCD (offline wallet) + Win7 (online wallet) = no problem? (Read 3105 times)

member
Activity: 97
Merit: 10
Got it.  Thanks!
legendary
Activity: 1148
Merit: 1018
So in this case, what's the process for spending coins assuming you only have 1 computer and the LiveCD USB?

1. From computer w/online watch only wallet installed, create unsigned transaction.  Copy to Live CD USB.
2. Boot computer using LiveCD USB.  Use Offline Armory to sign transaction.
3. Re-boot computer to broadcast signed transaction

or

1. Boot USB Live CD environment w/offline Armory installed
2. Create transaction offline.  Save to file.
3. Re-boot computer and broadcast transaction.

Seems like it would be faster just to have an online and offline computer.

Yeah. The truth is that I have 3 computers at home, but it just doesn't seem convenient enough to have 1 only for Armory. When I need to broadcast a transaction, I create an unsigned transaction from my main computer, and I boot a second computer from the Ubuntu USB to sign the transaction (note: it's not a Live USB; it's a full install on a USB. I prefer it that way because you cannot encrypt/password protect a Live USB). In that second computer booted from Ubuntu USB, I sign the transaction, which I broadcast from the main computer.

So, i still use two computers when broadcasting to avoid turning off and turning on the same computer during the process, but I prefer to have my offline enviroment on a USB. That way, I can take it with me easily if I need too, or I can just use any of the computers I have, without worrying that my kids/wife decide one day to connect them to the internet.
member
Activity: 97
Merit: 10
So in this case, what's the process for spending coins assuming you only have 1 computer and the LiveCD USB?

1. From computer w/online watch only wallet installed, create unsigned transaction.  Copy to Live CD USB.
2. Boot computer using LiveCD USB.  Use Offline Armory to sign transaction.
3. Re-boot computer to broadcast signed transaction

or

1. Boot USB Live CD environment w/offline Armory installed
2. Create transaction offline.  Save to file.
3. Re-boot computer and broadcast transaction.

Seems like it would be faster just to have an online and offline computer.
legendary
Activity: 1148
Merit: 1018
Last question?

How big of a USB stick or SD card would be required?

I tried with 4GB, and it worked but everything was sluggish. With 8GB works like a charm.

If you are given the option do not activate "swap space", it is not needed and may reduce the life of your USB stick.
newbie
Activity: 37
Merit: 0
I wrote a tutorial recently for those who want to get into a more complicated solution:

How to make a secure, offline wallet management system including Tails+TrueCrypt+Armory
hero member
Activity: 763
Merit: 500
Last question?

How big of a USB stick or SD card would be required?
legendary
Activity: 1148
Merit: 1018
So you would have to pre-download the armory install file and install it only one time.

Exactly. I would have the armory offline bundle on a second USB stick or on CD, and I won use it to install Armory on the Ubuntu USB install.
hero member
Activity: 763
Merit: 500
So you would have to pre-download the armory install file and install it only one time.
legendary
Activity: 1148
Merit: 1018
You can just install Ubuntu on an USB drive, and encrypt the home folder for additional security. There you install offline armory, disable all connectivity, and then you have your very own offline enviroment that can be booted from any computer your own.

I really don't know if any malware could sneak in at Bios-level, but frankly it sounds a little bit like science fiction. I'm pretty sure that setup is secure enought.

Actually it's my favorite way to proceed, as I find it much more convenient than having a computer only for Armory hanging around.

Any step by step instructions on how to do so?  I've never used Linux. 



Well, you just boot your computer from the Ubuntu Live-CD, you run "install" and you select your USB drive as the target for the install. It will ask you if you want to encrypt your home folder, etc, and it will just install everything on the USB (you can do this also on an external hard drive, but I find the USB more convenient).

Ubuntu is very noob-friendly, you will have no problems to set it up. I would recommend to NEVER enter your wifi password or similar, so you are sure that its never connected to the internet.

Then, when you want to use your secure enviroment:

1) you turn off your online computer
2) you insert the USB drive and you boot your computer from it

And that's it.
hero member
Activity: 763
Merit: 500
You can just install Ubuntu on an USB drive, and encrypt the home folder for additional security. There you install offline armory, disable all connectivity, and then you have your very own offline enviroment that can be booted from any computer your own.

I really don't know if any malware could sneak in at Bios-level, but frankly it sounds a little bit like science fiction. I'm pretty sure that setup is secure enought.

Actually it's my favorite way to proceed, as I find it much more convenient than having a computer only for Armory hanging around.

Any step by step instructions on how to do so?  I've never used Linux. 

legendary
Activity: 1148
Merit: 1018
You can just install Ubuntu on an USB drive, and encrypt the home folder for additional security. There you install offline armory, disable all connectivity, and then you have your very own offline enviroment that can be booted from any computer your own.

I really don't know if any malware could sneak in at Bios-level, but frankly it sounds a little bit like science fiction. I'm pretty sure that setup is secure enought.

Actually it's my favorite way to proceed, as I find it much more convenient than having a computer only for Armory hanging around.
hero member
Activity: 574
Merit: 500
I'd love to do this also (with Ubuntu live CD on an iMac), but does anyone know...

Is there a risk of malware/rootkits sneaking through at BIOS-level?

For transferring files back and forth via USB: autorun is set to notify by default (Ubuntu 12.04) - can I depend on this being malware-proof?

Is it safe to have the printer connected when the live CD environment is running? I wouldn't actually print anything sensitive or have the printer connected to any network, but could an already pwned printer infect the offline environment?

Are there other possible attacks I haven't thought of? (Assuming modem always off for live CD environment, nothing else with any kind of storage is allowed near it except the Truecrypt USB for the offline Armory, and no other people can access anything physically).

Thanks for your help.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
I think the problem is who is going to carry 2 laptops around with them.  It would be much easier for me to have a USB stick that I could boot linux on.  I really have no idea how to do it though so a detailed tutorial would be awesome.

There's some documentation on it on the Armory website.

The intention is not to carry anything around.  Offline Armory is your little Bitcoin vault sitting at home.  You use it for storing the bulk of your coins.  You keep a much smaller percentage in hot wallets (online computer, Android, etc).  You can refill those hot wallets using a USB key to shuttle the transaction signature between offline and online computer, without the offline computer ever touching the internet.
hero member
Activity: 763
Merit: 500
Smiley Yeah, I think for bitcoin's sake it's important that no computer skills are needed for becoming an effective bitcoin user.

Anyway, this extraction thing was a bit weird one, I'm not usually this hopeless... I like to think I know at least something about computers.

Btw, I think you should promote the Live-CD/USB-option more, it's not mentioned in the Armory web page is it. I was once under the impression that the slow synchronization process applies to the offline wallet too, and I figured that a Live-CD is not an option then because one would always need to synchronize it again. But now that I realized that doesn't happen with the offline wallet, I'm feeling that the Live-CD is a very viable option. I don't seem to have a usable secondary computer and my bitcoin assets are not valuable enough to invest in a new computer for offline use - I can imagine many others share my situation. Live-CD is the solution then, isn't it?

It's not a bad solution.  I just don't have any experience with it.  However, there are quite a few threads and people doing it, and users should be aware that it exists.  But to really promote it, I think I have to create a more "packaged" solution, like a custom distro, or a downloadable USB key image that someone can use.  I think it may be too technical for most users, unless there's a nice pre-configured option for booting from USB with persistent storage (to have Armory installed).

Maybe it's not as bad as I thought, though.  Perhaps if I see a good tutorial on it, I can accommodate it.  For now, I was banking on a lot of people have old laptops laying around, or being able to get one on Ebay for less than $100.  Or eventually I'll have Android support -- I'd love to use old Android phones as offline-signing devices.


I think the problem is who is going to carry 2 laptops around with them.  It would be much easier for me to have a USB stick that I could boot linux on.  I really have no idea how to do it though so a detailed tutorial would be awesome.
newbie
Activity: 14
Merit: 0
You're probably right, I mean, I imagine most people do not consider Armory-level security important unless their investment in bitcoin is so big that a $100 laptop isn't a big issue. I'm more concerned with security than most.

But nevertheless, look into the live option too. I can see huge market for Armory. Are you going to go for-profit in any way?
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Smiley Yeah, I think for bitcoin's sake it's important that no computer skills are needed for becoming an effective bitcoin user.

Anyway, this extraction thing was a bit weird one, I'm not usually this hopeless... I like to think I know at least something about computers.

Btw, I think you should promote the Live-CD/USB-option more, it's not mentioned in the Armory web page is it. I was once under the impression that the slow synchronization process applies to the offline wallet too, and I figured that a Live-CD is not an option then because one would always need to synchronize it again. But now that I realized that doesn't happen with the offline wallet, I'm feeling that the Live-CD is a very viable option. I don't seem to have a usable secondary computer and my bitcoin assets are not valuable enough to invest in a new computer for offline use - I can imagine many others share my situation. Live-CD is the solution then, isn't it?

It's not a bad solution.  I just don't have any experience with it.  However, there are quite a few threads and people doing it, and users should be aware that it exists.  But to really promote it, I think I have to create a more "packaged" solution, like a custom distro, or a downloadable USB key image that someone can use.  I think it may be too technical for most users, unless there's a nice pre-configured option for booting from USB with persistent storage (to have Armory installed).

Maybe it's not as bad as I thought, though.  Perhaps if I see a good tutorial on it, I can accommodate it.  For now, I was banking on a lot of people have old laptops laying around, or being able to get one on Ebay for less than $100.  Or eventually I'll have Android support -- I'd love to use old Android phones as offline-signing devices.
newbie
Activity: 14
Merit: 0
Smiley Yeah, I think for bitcoin's sake it's important that no computer skills are needed for becoming an effective bitcoin user.

Anyway, this extraction thing was a bit weird one, I'm not usually this hopeless... I like to think I know at least something about computers.

Btw, I think you should promote the Live-CD/USB-option more, it's not mentioned in the Armory web page is it. I was once under the impression that the slow synchronization process applies to the offline wallet too, and I figured that a Live-CD is not an option then because one would always need to synchronize it again. But now that I realized that doesn't happen with the offline wallet, I'm feeling that the Live-CD is a very viable option. I don't seem to have a usable secondary computer and my bitcoin assets are not valuable enough to invest in a new computer for offline use - I can imagine many others share my situation. Live-CD is the solution then, isn't it?
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
I was just about to tell you that the problem's gone - I noticed I had misunderstood the way Ubuntu extracts zips. Idiot me -.- Sorry for wasting your time. When I opened the .zip it always performed some sort of a download, and I was under the impression that was the extraction. Now I got it working. Sorry!

Don't worry about it!  This helps me figure out how I can improve the process.  Glad you got it working, without having to become a linux nerd!  Though, I always approve of more linux nerds...
newbie
Activity: 14
Merit: 0
I was just about to tell you that the problem's gone - I noticed I had misunderstood the way Ubuntu extracts zips. Idiot me -.- Sorry for wasting your time. When I opened the .zip it always performed some sort of a download, and I was under the impression that that was the extraction. Now I realized I gotta extract it separately and got it working. Sorry!
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
One more thing, did you actually extract the file?  The file is a .zip file, and needs to be extracted before anything can run.  I would expect it to have the behavior you described if you double-clicked on it while viewing it without extracting it first.

You should be looking at a .zip file.  You can right-click on it and click "Extract Here".  Then it will create a new directory.  Go in that directory and double-click Install_All_Debs.sh.
newbie
Activity: 14
Merit: 0
It doesn't pop up like that at all. When I double-click the .sh file, the Ubuntu opens it as a text document that says:

#! /bin/bash

sudo dpkg -i*.deb

If I right-click the file, I get options like "open" but they also lead nowhere but to a text editor.

Had no success with command line, couldn't find the directory.

This is really weird because I'm using the exact same files as everyone else: I downloaded them straight from your site.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
The one from website. And it's Deps not Debs, my bad.

I'd like to give the command line a chance, I'll go test it now. Probably don't know exactly what to write but I'll try to look for the directory. Never used Linux before nor have I needed to use command prompt much with Windows.

Don't bother with the command-line until you try the "Run from Terminal" thing.  When you double-click the .sh file, doens't it pop up with a window like this? 




Click "run in terminal".  In fact, I think I will modify the next bundle so that the file is named "Install_Armory_DoubleClick_RunInTerminal.sh"
newbie
Activity: 14
Merit: 0
The one from website. And it's Deps not Debs, my bad.

I'd like to give the command line a chance, I'll go test it now. Probably don't know exactly what to write but I'll try to look for the directory. Never used Linux before nor have I needed to use command prompt much with Windows.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
I am trying to do the same, to use Armory with Live USB Ubuntu, but I can't get Armory to install. I use Lucid Lynx and the offline bundle. When I unzip the bundle and double click "Install_All_Debs.sh" (or something like that) it opens a text document and I have no idea how to proceed from there. If I try to install the various files separately, with most of them it ends up saying "couldn't download all the required packages", which obviously shouldn't be the case with the bundle. In essence, the problem is that I can't get to click any "Run In Terminal" thing. I just get a text file with not much text.

What should I do?

You should double-click " Install_All_Debs.sh and say "Run in Terminal...".    Or maybe you right click and select that.  Either way, the problem is that Ubuntu doesn't know whether you want to examine the file code, or run it as a script.  You want to run it.

If instead, you go to the command line (Applications->Accessories->Terminal), you can "cd" to that directory, and then "sudo sh Install_All_Debs.sh".

Are you using the offline bundle from the website (0.87.2)?  Or the one that I posted recently on the main thread (0.87.95)?
newbie
Activity: 14
Merit: 0
I am trying to do the same, to use Armory with Live USB Ubuntu, but I can't get Armory to install. I use Lucid Lynx and the offline bundle. When I unzip the bundle and double click "Install_All_Debs.sh" (or something like that) it opens a text document and I have no idea how to proceed from there. If I try to install the various files separately, with most of them it ends up saying "couldn't download all the required packages", which obviously shouldn't be the case with the bundle. In essence, the problem is that I can't get to click any "Run In Terminal" thing. I just get a text file with not much text.

What should I do?
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Entry level printers are typically sold below cost because they gouge you for replacement ink.

For something as important as an offline wallet backup, it's worth it to buy a brand new one that's on sale, hook it up to your offline computer to print a few backups, then destroy the printer just to avoid that particular attack vector.

Or:

(1) Write it down by hand

Or:

(2) I will implement backups that print encrypted and flash on the screen "Write this code on your paper backup.  Your backup cannot be used without it!"
legendary
Activity: 1400
Merit: 1013
Entry level printers are typically sold below cost because they gouge you for replacement ink.

For something as important as an offline wallet backup, it's worth it to buy a brand new one that's on sale, hook it up to your offline computer to print a few backups, then destroy the printer just to avoid that particular attack vector.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
In such cases, it's probably best to just write the data down by hand.  Pen and paper is fine.

Only the four lines of text are important.  The QR code is just there for convenience (it contains those four lines).   Arguably, many people feel safer doing this, anyway, to limit the number of devices that have seen your unencrypted root key.
If someone has hijacked my printer I have more pressing problems methinks.

For a lot of people: "if someone has hijacked my printer I am totally freakin' screwed".  A lot of people are holding extraordinary amounts of money offline, and with the recent rise in price of BTC, their lives have changed, and will change for the worst if that happens.  Don't want to be another "allinvain"
I understand that, i was more making a comment on how likely that is to happen in the real world.  I am reminded of this comic:


Yeah I love that XKCD one.  Including the mouseover text "Actual ACTUAL reality: you'd be hard-pressed to find that wrench for $5" Smiley

The printer thing is actually in line with that comic, though :  they're not breaking your encryption, they're just compromising one of your devices and getting around the encryption.  It's scary how bad some companies are with security.
hero member
Activity: 560
Merit: 500
I am the one who knocks
In such cases, it's probably best to just write the data down by hand.  Pen and paper is fine.

Only the four lines of text are important.  The QR code is just there for convenience (it contains those four lines).   Arguably, many people feel safer doing this, anyway, to limit the number of devices that have seen your unencrypted root key.
If someone has hijacked my printer I have more pressing problems methinks.

For a lot of people: "if someone has hijacked my printer I am totally freakin' screwed".  A lot of people are holding extraordinary amounts of money offline, and with the recent rise in price of BTC, their lives have changed, and will change for the worst if that happens.  Don't want to be another "allinvain"
I understand that, i was more making a comment on how likely that is to happen in the real world.  I am reminded of this comic:
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
In such cases, it's probably best to just write the data down by hand.  Pen and paper is fine.

Only the four lines of text are important.  The QR code is just there for convenience (it contains those four lines).   Arguably, many people feel safer doing this, anyway, to limit the number of devices that have seen your unencrypted root key.
If someone has hijacked my printer I have more pressing problems methinks.

For a lot of people: "if someone has hijacked my printer I am totally freakin' screwed".  A lot of people are holding extraordinary amounts of money offline, and with the recent rise in price of BTC, their lives have changed, and will change for the worst if that happens.  Don't want to be another "allinvain"
hero member
Activity: 560
Merit: 500
I am the one who knocks
In such cases, it's probably best to just write the data down by hand.  Pen and paper is fine.

Only the four lines of text are important.  The QR code is just there for convenience (it contains those four lines).   Arguably, many people feel safer doing this, anyway, to limit the number of devices that have seen your unencrypted root key.
If someone has hijacked my printer I have more pressing problems methinks.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
In such cases, it's probably best to just write the data down by hand.  Pen and paper is fine.

Only the four lines of text are important.  The QR code is just there for convenience (it contains those four lines).   Arguably, many people feel safer doing this, anyway, to limit the number of devices that have seen your unencrypted root key.
newbie
Activity: 34
Merit: 0
Probably cheaper and easier to get a $30 HP inkjet printer from Wal-Mart or some such place.  HPs are really well supported under Ubuntu, pretty much just plug it in and print.
full member
Activity: 218
Merit: 100

Thanks, actually installing "Armory offline" went well, but my printer is a Canon mp990 and when I tried to print a paper backup plus the private keys I discovered that Canon don't really support Linux drivers. Tried Turboprint, but when trying to install that I bumped into a "missing dependencies" error...ironic huh.  Roll Eyes
So after all tha hassle (getting the LiveUSB to work was also a real hassle) I couldn't be bothered anymore, So now I guess I'll just buy a cheap, refurbished laptop with win7...

Yeah, that reminds me of what I ended up going through trying to print a paper backup. Using the older OS (Ubuntu 10.04) without a network connection.
Ubuntu had some print drivers pre-installed, but not any drivers for newer printers (like the ones we have here at the office).
I was able to find printer drivers for Linux, but those drivers had dependencies, and those dependencies had dependencies, and those . . . .
I thought about getting an old ass printer off of Ebay for $30 and hope it had enough ink to print 2 pages.
But I got lucky when I found a printer at home that was old enough to get the job done.  Grin

legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Great, thanks for the quick reply!
Wish me luck, I'm not really familiar with Linux, so my guess is just installing Armory on the LiveCD will be quite the challenge.  Cheesy

The process shouldn't be too bad. You just need the correct dependency's for Armory. There is an Armory package that includes these for a Ubuntu 10.04 install on the Armory site under "Get Armory"
This is what I used for my offline machine. Not a LiveCD system but it's Linux none the less.

Not sure if you'll need it, but I'm working on a Tutorial for my friends and family.
Note that most of them are not as computer literate as the rest of us, so don't be offended if it's spelled out too clearly for your taste.

Thanks, actually installing "Armory offline" went well, but my printer is a Canon mp990 and when I tried to print a paper backup plus the private keys I discovered that Canon don't really support Linux drivers. Tried Turboprint, but when trying to install that I bumped into a "missing dependencies" error...ironic huh.  Roll Eyes
So after all tha hassle (getting the LiveUSB to work was also a real hassle) I couldn't be bothered anymore, So now I guess I'll just buy a cheap, refurbished laptop with win7...

You can just manually copy the code from the paper backup.  It's a nice convenience to be able to print it, but not strictly necessary.  Just copy the four lines by hand and store it in a safe place.
full member
Activity: 134
Merit: 100
Great, thanks for the quick reply!
Wish me luck, I'm not really familiar with Linux, so my guess is just installing Armory on the LiveCD will be quite the challenge.  Cheesy

The process shouldn't be too bad. You just need the correct dependency's for Armory. There is an Armory package that includes these for a Ubuntu 10.04 install on the Armory site under "Get Armory"
This is what I used for my offline machine. Not a LiveCD system but it's Linux none the less.

Not sure if you'll need it, but I'm working on a Tutorial for my friends and family.
Note that most of them are not as computer literate as the rest of us, so don't be offended if it's spelled out too clearly for your taste.

Thanks, actually installing "Armory offline" went well, but my printer is a Canon mp990 and when I tried to print a paper backup plus the private keys I discovered that Canon don't really support Linux drivers. Tried Turboprint, but when trying to install that I bumped into a "missing dependencies" error...ironic huh.  Roll Eyes
So after all tha hassle (getting the LiveUSB to work was also a real hassle) I couldn't be bothered anymore, So now I guess I'll just buy a cheap, refurbished laptop with win7...
full member
Activity: 218
Merit: 100
Great, thanks for the quick reply!
Wish me luck, I'm not really familiar with Linux, so my guess is just installing Armory on the LiveCD will be quite the challenge.  Cheesy

The process shouldn't be too bad. You just need the correct dependency's for Armory. There is an Armory package that includes these for a Ubuntu 10.04 install on the Armory site under "Get Armory"
This is what I used for my offline machine. Not a LiveCD system but it's Linux none the less.

Not sure if you'll need it, but I'm working on a Tutorial for my friends and family.
Note that most of them are not as computer literate as the rest of us, so don't be offended if it's spelled out too clearly for your taste.
full member
Activity: 134
Merit: 100
I have the same setup, but with MacOSX as an online environment instead of Windows 7. It works effortlessly and smooth.

Great, thanks for the quick reply!
Wish me luck, I'm not really familiar with Linux, so my guess is just installing Armory on the LiveCD will be quite the challenge.  Cheesy
legendary
Activity: 1148
Merit: 1018
Title says it all maybe, but to elaborate (and very sorry if this has been answered, couldn't find it explicitly mentioned anywhere).

I want to setup Armory as follows:
1. Offline wallet on Ubuntu LiveCD (USB-stick).
2. Online wallet on my Windows 7 installation.

I will switch between offline and online wallet using the same PC.

Will the wallet created from the Ubuntu LiveCD-environment work effortlessly with my Armory Windows installation?

I have the same setup, but with MacOSX as an online environment instead of Windows 7. It works effortlessly and smooth.
full member
Activity: 134
Merit: 100
Title says it all maybe, but to elaborate (and very sorry if this has been answered, couldn't find it explicitly mentioned anywhere).

I want to setup Armory as follows:
1. Offline wallet on Ubuntu LiveCD (USB-stick).
2. Online wallet on my Windows 7 installation.

I will switch between offline and online wallet using the same PC.

Will the wallet created from the Ubuntu LiveCD-environment work effortlessly with my Armory Windows installation?
Jump to: