-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: > On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <[email protected]> > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 2016-06-29 09:37, Franz wrote: > > > But how can I trust a printing dispVM for something as sensitive as > > > a hot wallet? We would need two different dispVMs but we are not > > > there yet. > > > > Indeed, not yet, but it will be implemented in R4.0: > > > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > > https://github.com/QubesOS/qubes-issues/issues/866 > > https://github.com/QubesOS/qubes-issues/issues/2075 > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > > > Andrew, > After various tests I am getting a bit more confidence about bitcoins. So I > prepared the promised tutorial. I tried to go to Qubes documentation to see > if there is any way to upload it, but found no reference. So I post it > here. Perhaps you know what to do.
Thanks! Below some comments about installation. > Best > Fran > > BITCOIN WITH ELECTRUM > > Install Electrum in Fredora template > > Download the Electrum executable: > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz > > Download the signature: > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc > > Import the public key of the signer, ThomasV > gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 > > Verify the executable > gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz > > If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) > ...) it is ok independently from the subsequent warning. To this point it's ok. > Install > sudo apt-get update Interesting - I've thought it was for Fedora template (as stated at the beginning)... > Install dependencies: > sudo apt-get install python-qt4 python-pip > > On Qubes manager -> debian-template -> edit firewall rules -> flag “allow > full access for 5 minutes” > Install Electrum: > sudo pip install Electrum-2.6.4.tar.gz But if that's going to be on Debian, there is already electrum Debian package. I suggest using version from backports, as the one in stable is quite ancient. So, for Debian installation instruction would be: 1. Enable Debian Backports: https://backports.debian.org/Instructions/#index2h2 2. Install electrum: sudo apt-get update && sudo apt-get -t jessie-backports install electrum For Fedora on the other hand, it's better to avoid using 'pip install', especially in template, as it does not verify any sort of signature. I believe the only integrity assuring mechanism used there is HTTPS to the server. But nothing to verify actually downloaded file. > create two new VMs depending from the same template > > one allowing networking, we call it “hot” > the other one not allowing networking, we call it “cold” > > Launch the Electrum application in the cold VM for example writing > “electrum” in Qubes Manager/”run command in VM” > > Create a new 2-2 Multi-Signature wallet and properly save the “seed” and > the password. > > Do the same with the hot VM, then follow the GUI exchanging the public kays > between hot and cold VMs. > > Next option on hot VM: autoconnet is the easier way. It will take some time > to connect. > > Then on receive tab of hot VM you find you address for receiving bitcoins. > It is enough to send bitcoins to this address to recieve them. They will > appear only on Electrum of hot VM because it is the only one connected. > > Once you have bitcoins you can send them. Transaction should start on hot > VM Electrum, because the balance on cold Electrum is zero. So using "Send > tab" of hot Electrum you prepare you transaction with the address of the > beneficiery. Then you clik on send button. On the next window you can save > your transaction file and then move your file to the cold VM see: > https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load > transaction on cold Electrum you can find the moved file, sign it and save > it again. Finally you move the signed transaction file to the hot VM in the > same way, load it to the hot Electrum and pay it. > > LIMIT FIREWALL RULES TO ELECTRUM SERVERS > For additional security you can limit the firewall rules of hot VM to > connect only to Electrum servers. > To do that: > Run Marek script > https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585 > into a terminal of hot VM then launch Electrum that tries to connect to the > net, but cannot because the firewall is manually set to "Deny network > access except...". After some time the terminal will fill with firewall > setting of Electrum servers. Then copy these settings into a file in the > same hot VM. > > then from Dom0 terminal write: > > qvm-run --pass-io appl-VM-name 'cat path to just-created-file' > > This makes all the firewall setting to appear directly on Dom0 terminal. It > is enough to copy all of them and past them on the same terminal and it is > done. These are the firewall settings that appeared in hot VM for Electrum > servers: > qvm-firewall -a hot btc.mustyoshi.com. tcp 50002 > qvm-firewall -a hot erbium1.sytes.net. tcp 50002 > qvm-firewall -a hot electrum.trouth.net. tcp 50002 > qvm-firewall -a hot eniac.snel.it. tcp 50002 > qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002 > qvm-firewall -a hot bitcoins.sk. tcp 50002 > qvm-firewall -a hot ecdsa.net. tcp pop3 > qvm-firewall -a hot antumbra.se. tcp 50002 > qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002 > qvm-firewall -a hot home.hach.re. tcp 50002 > qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002 > qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002 > qvm-firewall -a hot electrum.online. tcp 50002 > qvm-firewall -a hot elec.luggs.co. tcp https > qvm-firewall -a hot jwu42.hopto.org. tcp 50004 > qvm-firewall -a hot electrum.no-ip.org. tcp 50002 > qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002 > qvm-firewall -a hot VPS.hsmiths.com. tcp 50002 > qvm-firewall -a hot petrkr.net. tcp 50002 > qvm-firewall -a hot bitcoin.dragon.zone. tcp 50002 > qvm-firewall -a hot zeus.smsys.me. tcp pop3s > > But I stopped it after some time so there may be other servers. > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX2eMnAAoJENuP0xzK19csxxMH/34p1Iq0FuJD8oB6D0zK2Q2N vEzMvo4IGb8btlBzP6ss2z8qLqSmUXPnIDaoOHBZKdHg/WzmOvbgtVkAggj/uvvz l8m1OlQSw0KoaDpuAoPYJsn+/Bcsf9/uWTGaO0O9gIoAv++yaxyrI2tG1NwUB4Db o4nXXn+STmHM9NYTcXcTbjrjJTlVs8Gvx+I3rEBMgJ7WhwDVl3ILko/y9CLow4qv 7Au8ARhMJSpzqZ4FY0Ryj0j/CPWtmhUORzLzfHehhv4cYc/auXOSHcm8b2KLmntm Nl30346VjC3sPNpyQF96sW4hBZAIBVd7gAc7sv2HAwjPELjlNhTZfIK5ekBJO8A= =yd+l -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160914235414.GU31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.
