On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-06-29 09:37, Franz wrote: > > But how can I trust a printing dispVM for something as sensitive as > > a hot wallet? We would need two different dispVMs but we are not > > there yet. > > Indeed, not yet, but it will be implemented in R4.0: > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > https://github.com/QubesOS/qubes-issues/issues/866 > https://github.com/QubesOS/qubes-issues/issues/2075 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > Andrew, After various tests I am getting a bit more confidence about bitcoins. So I prepared the promised tutorial. I tried to go to Qubes documentation to see if there is any way to upload it, but found no reference. So I post it here. Perhaps you know what to do. Best Fran BITCOIN WITH ELECTRUM Install Electrum in Fredora template Download the Electrum executable: wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz Download the signature: wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc Import the public key of the signer, ThomasV gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 Verify the executable gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) ...) it is ok independently from the subsequent warning. Install sudo apt-get update Install dependencies: sudo apt-get install python-qt4 python-pip On Qubes manager -> debian-template -> edit firewall rules -> flag “allow full access for 5 minutes” Install Electrum: sudo pip install Electrum-2.6.4.tar.gz create two new VMs depending from the same template one allowing networking, we call it “hot” the other one not allowing networking, we call it “cold” Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM” Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password. Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs. Next option on hot VM: autoconnet is the easier way. It will take some time to connect. Then on receive tab of hot VM you find you address for receiving bitcoins. It is enough to send bitcoins to this address to recieve them. They will appear only on Electrum of hot VM because it is the only one connected. Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, because the balance on cold Electrum is zero. So using "Send tab" of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and pay it. LIMIT FIREWALL RULES TO ELECTRUM SERVERS For additional security you can limit the firewall rules of hot VM to connect only to Electrum servers. To do that: Run Marek script https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585 into a terminal of hot VM then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". After some time the terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same hot VM. then from Dom0 terminal write: qvm-run --pass-io appl-VM-name 'cat path to just-created-file' This makes all the firewall setting to appear directly on Dom0 terminal. It is enough to copy all of them and past them on the same terminal and it is done. These are the firewall settings that appeared in hot VM for Electrum servers: qvm-firewall -a hot btc.mustyoshi.com. tcp 50002 qvm-firewall -a hot erbium1.sytes.net. tcp 50002 qvm-firewall -a hot electrum.trouth.net. tcp 50002 qvm-firewall -a hot eniac.snel.it. tcp 50002 qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002 qvm-firewall -a hot bitcoins.sk. tcp 50002 qvm-firewall -a hot ecdsa.net. tcp pop3 qvm-firewall -a hot antumbra.se. tcp 50002 qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002 qvm-firewall -a hot home.hach.re. tcp 50002 qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002 qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002 qvm-firewall -a hot electrum.online. tcp 50002 qvm-firewall -a hot elec.luggs.co. tcp https qvm-firewall -a hot jwu42.hopto.org. tcp 50004 qvm-firewall -a hot electrum.no-ip.org. tcp 50002 qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002 qvm-firewall -a hot VPS.hsmiths.com. tcp 50002 qvm-firewall -a hot petrkr.net. tcp 50002 qvm-firewall -a hot bitcoin.dragon.zone. tcp 50002 qvm-firewall -a hot zeus.smsys.me. tcp pop3s But I stopped it after some time so there may be other servers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qANCLhs%3DX6ujWNsA8pJiyxf4gD33sm%3D4y-jwGXkxCdPzg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
