Author

Topic: Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud! (Read 6228 times)

legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
You could use ecryptfs, which is used by default for encrypted home directories in Ubuntu. Thus it will have perfect support with updates.

LUKS is already part of the main Ubuntu too...

Code:
apt-get install cryptsetup

Yeah, but ecryptfs is the right thing to replace your encfs proposal.

 Sure, but the eCryptFS does not work within the Live session, I mean, across reboots, it was my first choice but it simple doesn't work.

 So, I develop this guide using the EncFS, instead of eCryptFS, which is 100% compatible with a Live session.

 The eCryptFS tries to write things under /root and/or under /home/ubuntu/.ecryptfs... Which is not stored within the Ubuntu One and it will be lost when you reboot. So, you can not mount your encrypted directory on the next boot. And a workaround on this will just make it more complicated.

 Anyway, if you can prove that I'm wrong, I'll be happy!! I honestly prefer the eCryptFS but I'm not able to put it to work on this kind of setup.

 Can you do it for us?!

Cheers!
Thiago
full member
Activity: 168
Merit: 103
You could use ecryptfs, which is used by default for encrypted home directories in Ubuntu. Thus it will have perfect support with updates.

LUKS is already part of the main Ubuntu too...

Code:
apt-get install cryptsetup

Yeah, but ecryptfs is the right thing to replace your encfs proposal.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
You could use ecryptfs, which is used by default for encrypted home directories in Ubuntu. Thus it will have perfect support with updates.

LUKS is already part of the main Ubuntu too...

Code:
apt-get install cryptsetup
full member
Activity: 168
Merit: 103
You could use ecryptfs, which is used by default for encrypted home directories in Ubuntu. Thus it will have perfect support with updates.
newbie
Activity: 22
Merit: 0


Thanks again, I will do some more research and give it a try

legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
Noob question:

I have a Macbook Pro, is a Linux VM installation in Parallels secure enough?

Hi!

 To install a secure Linux VM, download the Ubuntu Alternate CD:

 http://mirror.globo.com/ubuntu/releases/natty/
 http://mirror.globo.com/ubuntu/releases/natty/ubuntu-11.04-alternate-i386.iso

 During the installation, choose to Encrypt your home directory.

 That's it!

 Your entire /home/user directory will be encrypted.

 BTW, I prefer the VirtualBox instead of Parallels!   Wink

 http://www.virtualbox.org/wiki/Downloads

Cheers!
Thiago
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!

Great post, thanks for the ideas
I will try the ec2 option, and send you my donation from there (-:

 I'm glad that you liked it!   ^_^

 The EncFS was my choice to the LiveCD solution, because it is more space efficient, but within the Amazon cloud computing environment, you may want to choose the LUKS (cryptsetup command), which encrypt a entire partition (or disk / EBS volume), and not only a few directories / files.

 The EncFS will work, no doubt, but for the EC2 / EBS, the LUKS seems more adequate. You can have your entire /home (or /mnt) encrypted.

 Just connect the EBS volume in your instance, and "cryptsetup" it!

 LUKS - http://code.google.com/p/cryptsetup/

 BTW, do not forget to read the documentation and test 10 times all the alternatives!! And, I'm available to help with LUKS if you wish...   Grin


 References:

 Encrypting /mnt using cryptsetup on Ubuntu 8.04 Hardy on Amazon EC2 (2008):
 http://groups.google.com/group/ec2ubuntu/web/encrypting-mnt-using-cryptsetup-on-ubuntu-7-10-gutsy-on-amazon-ec2?pli=1

 Updated version - Encrypting Ephemeral Storage and EBS Volumes on Amazon EC2 (2009):
 http://alestic.com/2009/10/ec2-disk-encryption


 Just for the record, the standard Ubuntu "cryptdisk" utility is the eCryptFS, which can be used to also encrypt the entire /home/user directory.

 eCryptFS - https://launchpad.net/ecryptfs

Best!
Thiago
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!

Thiago - How can I use a Linux UI on EC2? Do I need VNC?

Hi!

 Yes you can, just make sure your are using a AMI with desktop UI applications installed on it...

 But, instead of using VNC, use the NX client / server solution. It is much better and it uses a secure connection through SSH! It is like a VPN...

 Nomachine / NX: http://www.nomachine.com/download.php

 Also, if you want purely open source free software, you can install X2GO... http://www.x2go.org/index.php?id=7 Which is based on NX too.

 Never use VNC!!  Wink

Best,
Thiago
full member
Activity: 136
Merit: 100
Noob question:

I have a Macbook Pro, is a Linux VM installation in Parallels secure enough?

newbie
Activity: 22
Merit: 0

Thiago - How can I use a Linux UI on EC2? Do I need VNC?
newbie
Activity: 22
Merit: 0

Great post, thanks for the ideas
I will try the ec2 option, and send you my donation from there (-:

legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
Hi everybody!!

 It's a pleasure to be part of this revolution! I'll do my best to help every single person who wants to use Bitcoins and Linux.



 Following the recent events about the crimes around the Bitcoins, like the theft of wallets by viruses or even by human thieves, I decided to help all people who wish to have their wallet in a safe place, being virus and crackers proof, at last I hope so.


   Scope of the solution

  • Use a well know Live CD and applications to access your Bitcoins, no bizarre applications needed
  • Store all the Bitcoin data, including your wallet, of course, into the Cloud (Ubuntu One)
  • Encrypt all Bitcoin information, it will remain encrypted permanently within the Cloud
  • Safely access your Bitcoins from anywhere in the Solar System, since you have an Internet connection
  • Procedure easy to follow


   Summary of this solution

 1- Download Ubuntu Natty

 2- Reboot your computer with Ubuntu

 3- Configure your Internet access

 4- Sign up in Ubuntu One service

 5- Prepare the encrypted Bitcoin directory

 6- Install and run Bitcoin client

 7- Close your session

 8- Wait the synchronization and visualise the network traffic until it finishes

 9- Go sleep without nightmares


   This solution depends the following softwares:

 1- Ubuntu Natty Linux distribution

 2- Ubuntu One client (Storage in the Cloud, default in Ubuntu Natty)

 3- EncFS (an encrypted filesystem in user-space)


   The complete procedure

 1- Download the Ubuntu 11.04 Desktop CD ISO Image and burn it

  http://www.ubuntu.com/download/ubuntu/download


 2- Reboot your computer with the Ubuntu Live CD on the CDROM drive


 3- Configure your Internet access


 4- Start Ubuntu One Client (Menu "System -> Preferences -> Ubuntu One")

   4.1- Click "Join Now"

   4.2- Fill out the form to sign up

   4.3- You'll receive a activation code, confirm your registration with it

   4.4- New Keyring Password window may appear - Each live session have its own Keyrings

   4.5- Just close the Ubuntu One window


 5- Preparing the encrypted Bitcoin directory

  5.1- Open Ubuntu Software Center (Applications Menu)

   5.1.1- Activate the Universe Repository

        A) Click on "Edit menu -> Software Sources"

        B) Enable Universe repository


   5.1.2- Search and get (install) the encfs package

        Tip: Wait 20 seconds before searching for encfs package.

        If this not work, open the Terminal and run:

Code:
sudo apt-get install encfs

  5.2- Open the "Gnome Terminal" application

   5.2.1- Make two directories ("~/Ubuntu One/Bitcoin-Data" and "~/.bitcoin"):

Code:
mkdir ~/Ubuntu\ One/Bitcoin-Data ~/.bitcoin


   5.2.2- Encrypt (or mount) the .bitcoin data directory:

Code:
encfs /home/ubuntu/Ubuntu\ One/Bitcoin-Data/ /home/ubuntu/.bitcoin/

        Select "p"

        Choose your password, DO NOT LOSE THIS PASSWORD!!! NEVER EVER!!!!

        Well done!


 6- Install Bitcoin client

  6.1- Add the Bitcoin Ubuntu PPA repository (yes, it is safe and open source)

Code:
sudo add-apt-repository ppa:stretch/bitcoin

  6.2- Update the application list and install Bitcoin client

Code:
sudo apt-get update
sudo apt-get install bitcoin

  6.3- Run Bitcoin (Menu "Applications -> Internet -> Bitcoin")

        Do whatever you want to do


  7- Closing your activities

   7.1- Close Bitcoin Application

   7.2- Umount the encrypted directory

Code:
fusermount -u /home/ubuntu/.bitcoin


  8- WAIT, WAIT AND WAIT! Wait the synchronization ends and visualise the network traffic until it finishes.

   8.1- You can watch the network traffic by running the following commands:

Code:
sudo apt-get install bwm-ng iptraf ethstatus

Code:
bwm-ng

        or

Code:
iptraf
  # Menu "Detailed interface statistics"

        or

Code:
ethstatus
# Works only for ethernets, not wireless.

        So, when the network traffic stop, you can safely shutdown your machine.

   8.2- Pay attention to Ubuntu One notify window, when it appear, the network traffic will cease and you are ready to the next step.


  9- Shutdown your computer and go sleep well, your Bitcoin wallet is in a safe place!



   Using it on a Daily Basis

 Basically, every time we want access our Bitcoins, we need to repeat the above steps.


 1- Repeat the previous steps 1, 2 and 3


 2- Start Ubuntu One Client (System -> Preferences -> Ubuntu One)

  2.1- Click "I already have a account!"

  2.1- Type your login and password

  2.3- Click "Connect"

  2.4- Wait until the "File sync in progress" finishes


 3- Repeat the previous steps 5, except the step 5.2.1

 4- Repeat the previous steps 6, 7, 8 and 9



   The limitations of this approach are:

 1- The Bitcoin data directory can be really big, around ~500MB, so, every time you want to access your Bitcoins using the presented solution, you will need to wait the end of the synchronizations tasks, I mean, you'll need to do step 4, wait the download of the files from the Cloud, and proceed with step 5.

 2- The reverse too, when you're done, you'll need to wait the upload task of the new encrypted files. Do not cry if your power goes down before the upload finishes!! Maybe it can be a good idea to rapidly backup your unencrypted ~/.bitcoin to a USB pendrive until the sync ends.

 3- You'll need a lot of bandwidth!

 4- Since the Live CD root directory lives in the RAM and Ubuntu One makes a local copy of the Cloud data, you'll need at last 2048MB of RAM to run this solution smoothly.

 5- Ubuntu One definly needs a progress bar!


 Subtracting these limitations, this is the most secure solution for now, from my point of view.


Future

 I know how to make a better solution than this, less limited and even more safe (at least from power loss), but it costs a time $_$ that I don't have right now.

 This new approach will be based on Amazon EC2. The Linux and the Bitcoin client will be installed within a customised AMI. The ~/.bitcoin directory will be hosted within the Amazon Persistent Storage...

 But this will be based entirely in open source software, the Eucalyptus and the KVM hypervisor. I'm an expert with this kind of Cloud Computing softwares and I'll make the first Bitcoin Cloud to host our wallets in a safe and private place. Of course, the persistent storage will be encrypted within the Cloud too (Eucalyptus Walrus).

 But huge the difference from this presented solution will be that you will run the Bitcoin client and host the ~/.bitcoin data within the cloud, and not just only host the ~/.bitcoin directory within a Cloud environment.

 If anybody wants to talk more about the Bitcoin Cloud, based on Eucalyptus, let me know! We can work together to bring the best of the technology for human kind!

 BTW, if you want, you can use GMailFS or DropBox instead of Ubuntu One, or even a USB pendrive.

   BACKUPS!

 Create a backup every time you make a new financial transaction. I'm preparing a backup / restore solution and I'll post it here soon as possible...


   Virus for Linux?! I hardly think so...

 Just to clarify, Linux do not "catch" viruses! If some cracker tries to write a virus for Linux, it will simple NOT work, it will not be capable to propagate itself, it will not be able to "infect" the binaries of the system...

 So, there is no viable way to build a virus for Linux (for BSDs too). The Linux style of development also limits much more the viability of a Linux virus... So, if you want to live free of viruses, USE LINUX!

 Forget about Windows, it reeeeeeally suckz. You do not even need a anti-virus installed! I do not have any anti-virus in my computers. My computer CPU and RAM is for my use, not for some "anti-virus".

 Think about it, it is a big business in letting Windows insecure! So, more companies will sell anti-viruses... If everybody migrates to Linux, the World does not need the anti-virus companies anymore...

 Conclusions

 This entire procedure is a "kind of desperate" measure for security, who owns many Bitcoins and want to have a minimum of security to keep them, should follow this guide.



 Guys, believe or not... I do not have any Bitcoin cent!   Cry
 So, I appreciate any donations if somebody think this guide useful!   Grin

 My Bitcoin Address is: 18tACMonUoKu5P2b8YscMkKLPyZzRpEUkm

Best regards,
Thiago Martins
Jump to: