On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < [email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: > > On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong <[email protected]> > > wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA512 > > > > > > On 2016-06-29 09:37, Franz wrote: > > > > But how can I trust a printing dispVM for something as sensitive as > > > > a hot wallet? We would need two different dispVMs but we are not > > > > there yet. > > > > > > Indeed, not yet, but it will be implemented in R4.0: > > > > > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > > > https://github.com/QubesOS/qubes-issues/issues/866 > > > https://github.com/QubesOS/qubes-issues/issues/2075 > > > > > > - -- > > > Andrew David Wong (Axon) > > > Community Manager, Qubes OS > > > https://www.qubes-os.org > > > > > > > Andrew, > > After various tests I am getting a bit more confidence about bitcoins. > So I > > prepared the promised tutorial. I tried to go to Qubes documentation to > see > > if there is any way to upload it, but found no reference. So I post it > > here. Perhaps you know what to do. > > Thanks! > > Below some comments about installation. > > > Best > > Fran > > > > BITCOIN WITH ELECTRUM > > > > Install Electrum in Fredora template > > > > Download the Electrum executable: > > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz > > > > Download the signature: > > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc > > > > Import the public key of the signer, ThomasV > > gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 > > > > Verify the executable > > gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz > > > > If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) > > ...) it is ok independently from the subsequent warning. > > To this point it's ok. > > > Install > > sudo apt-get update > > Interesting - I've thought it was for Fedora template (as stated at the > beginning)... > > > Install dependencies: > > sudo apt-get install python-qt4 python-pip > > > > On Qubes manager -> debian-template -> edit firewall rules -> flag “allow > > full access for 5 minutes” > > Install Electrum: > > sudo pip install Electrum-2.6.4.tar.gz > > But if that's going to be on Debian, there is already electrum Debian > package. I suggest using version from backports, as the one in stable is > quite ancient. > > So, for Debian installation instruction would be: > > 1. Enable Debian Backports: > > https://backports.debian.org/Instructions/#index2h2 > > 2. Install electrum: > > sudo apt-get update && sudo apt-get -t jessie-backports install > electrum > > For Fedora on the other hand, it's better to avoid using 'pip install', > especially in template, as it does not verify any sort of signature. I > believe the only integrity assuring mechanism used there is HTTPS to the > server. But nothing to verify actually downloaded file. > I started writing this tutorial time ago using the Debian template. But then found that the available release on apt-get install was so old (1.9.8-4) that it did not include the multi-signature wallet mentioned in the tutorial. So wanted the new release and the suggested method was pip-install, but for some reason pip- install did not worked of the old release, even after removing it. So resorted to using Fedora which worked with pip-install, but forgot to correct the tutorial. Anyway, using Debian backports the installed version is 2.6.4, just the same that was available using pip. So everything ok and much easier. Thanks Marek. I have corrected the tutorial accordingly: BITCOIN WITH ELECTRUM Install Electrum in Debian template (Fedora template is not recommended because Electrum package is not available and the pip install method does not veriry signatures) Enable Debian Backports: https://backports.debian.org/Instructions/#index2h2 Install electrum: sudo apt-get update && sudo apt-get -t jessie-backports install electrum After installation, create two new VMs depending from the same Debian template one allowing networking, we call it “hot” the other one not allowing networking, we call it “cold” Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM” Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password. Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs. Next option on hot VM: autoconnet is the easier way. It will take some time to connect. Then on receive tab of hot VM you find your address for receiving bitcoins. It is enough to send bitcoins to this address to receive them. They will appear only on Electrum of hot VM because it is the only one connected. Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, becaue the balance on cold Electrum is zero. So using Send tab of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and send it. Then just wait, it may take a long time to properly execute. LIMIT FIREWALL RULES TO ELECTRUM SERVERS For additional security you can limit the firewall rules of hot VM to only Electrum servers. to do that Run Marek script https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585 into a terminal of hot VM. Then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". The terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same applVM. then from Dom0 terminal write: qvm-run --pass-io appl-VM-name 'cat path to just-created-file' This makes all the firewall setting to appear directly on Dom0 terminal. It is enough to copy all of them and past them on the same terminal and it is done. This is what appeared in my case: qvm-firewall -a hot btc.mustyoshi.com. tcp 50002 qvm-firewall -a hot erbium1.sytes.net. tcp 50002 qvm-firewall -a hot electrum.trouth.net. tcp 50002 qvm-firewall -a hot eniac.snel.it. tcp 50002 qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002 qvm-firewall -a hot bitcoins.sk. tcp 50002 qvm-firewall -a hot ecdsa.net. tcp pop3 qvm-firewall -a hot antumbra.se. tcp 50002 qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002 qvm-firewall -a hot home.hach.re. tcp 50002 qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002 qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002 qvm-firewall -a hot electrum.online. tcp 50002 qvm-firewall -a hot elec.luggs.co. tcp https qvm-firewall -a hot jwu42.hopto.org. tcp 50004 qvm-firewall -a hot electrum.no-ip.org. tcp 50002 qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002 qvm-firewall -a hot VPS.hsmiths.com. tcp 50002 qvm-firewall -a hot petrkr.net. tcp 50002 qvm-firewall -a hot bitcoin.dragon.zone. tcp 50002 qvm-firewall -a hot zeus.smsys.me. tcp pop3s But I stopped after a while. There should be other servers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBbFvBf%3DP-X5ZDSVK2NY6pdOcsF2vMs-Wddbc9NxEuj0A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
