When backing up your cold wallet, make sure it's heavily encrypted with a
strong password so no one can access the signing key from the backup. It's
impossible to really know if someone has a copy of your key until they use
it to spend your coins, at which point it would be too late to get them
back.
Its not really the bitcoins you are storing. What you are storing is the
signing key that authorizes you to reallocate the bitcoins on the public
ledger (to some other bitcoin address).
I think electrum also has x of y multi-sig. So instead of (or in addition
to) having a cold wallet, you could just have different signing keys
scattered on 'y' different VMs, whereby you have to manually sign the
transaction with at least 'x' signing keys before it is able to broadcast
successfully. Whilst a bit cumbersome, it allows you to develop different
risk profiles for different bitcoin addresses.
Qubes lends itself very well to handling bitcoin with isolated VMs.
You might have:
- a hot wallet (networked VM) with a small balance
- a cold wallet (offline VM) with a corresponding watching-only hot wallet
(networked VM)
- a multi-sig cold wallet (offline VM) that also needs 2 other signatures
which may be in hot wallets (3 of 3 multisig).
- a multi-sig cold wallet where you have 2 separate cold wallet VMs that
both have to sign (2 of 2 cold wallets)
- a multi-sig where one of the keys is on your phone running electrum
- a multi-sig where one of the keys is on a piece of paper at a second
location
Options are limitless and all depends on what risk level you are
comfortable with.
(As for myself, Armory has been downloading the blockchain for many weeks
at a snail's pace for some reason, ever since I installed qubes, so still
waiting to transfer my coins to electrum for faster access and see what
arrangement I'm most comfortable with - just 15 weeks left to catch up now
- so much for selling any of them at any of the recent peaks)
On Wednesday, 29 June 2016 08:37:43 UTC+10, Marek Marczykowski-Górecki
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Tue, Jun 28, 2016 at 02:01:39PM -0700, Todd Lasman wrote:
> > On 2016-06-28 12:01, Franz wrote:
> > > Hello,
> > >
> > > is there some form of tutorial for using Bitcoins with Qubes,
> > > considering that I have no experience of bitcoins?
> > >
> > > It seem I should have a VM for a hot wallet for making transactions
> > > and another for a cold wallet to keep the bitcoins. But have no idea
> > > if it is possible to move bitcoins between the two
> > >
> > > Also imagine a good practice would be to make a backup of the VMs
> > > containing the wallets using Qubes backup.
> > >
> > > It would be also interesting to know which clients you consider safer
> > > for buying and selling bitcoins.
> > >
> > > Thanks
> > >
> > > Best
> > > Fran
> >
> > Hi, Fran. I've done exactly this using the Electrum bitcoin wallet. I
> have a
> > dedicated hot ("watching") wallet in its own VM, and a cold (offline)
> wallet
> > in a separate VM that's never network-connected. Although I'm hardly a
> > bitcoin expert, I don't think it's a matter of "transferring bitcoin
> from
> > one wallet to another." Rather, I think the cold wallet just holds the
> > private keys used when authorizing bitcoin transactions. For example, if
> I'm
> > buying something with 1 bc, I generate a pending transaction in the hot
> > wallet, sign that transaction in the cold wallet, transfer the signed
> > transaction back to the hot wallet, and then broadcast it from there.
> That
> > way, only that 1 bc is ever vulnerable in a network-connected VM.
>
> Yes, this looks like a sensible workflow: one offline VM for holding
> private keys and the other one with only public keys to watch account
> balance, prepare transactions etc. It is critical in such setup to not
> blindly trust what is produced in the online VM - for example carefully
> examine transaction before signing it (in offline VM).
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXcvwwAAoJENuP0xzK19csDu8H/j7MfDchJMwMKvMI8ombAt5B
> GjkkLHPtgr522Ac5nda74YAX6HLpm9mI+KPzvW/3ciSWO8kLQqG8Vnkn21tcyo7J
> 4lWsnAM92s12ktC91JB3PiQmvq41PhMqbDY8hZge017IOoaV2juNjOZzFgURsx9i
> uPXvuczHRe3iPqFN/bxePe/4naqtNPKNrf10PYwNOP6Ph6AWoU8c+Idt9YW/BnvE
> HIULTuwbitINDl4UjvwyzgxoJ4ckJFre2fSxT/HQ3TptBwCeCvrvIX9OWX4AVA74
> M1j6eJ//J3STvkRXL44W5LMmx7hdRbQ/f4FfSaTZFlDkb7Sl6h5clpHtW/8yn+A=
> =pFEx
> -----END PGP SIGNATURE-----
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/72f1ca9a-8782-4128-aa1b-2a06b1b49200%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
