Re: [qubes-users] Bitcoin Qubes tutorial
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-15 17:50, Franz wrote: > On Thu, Sep 15, 2016 at 5:26 AM, Andrew David Wongwrote: > > On 2016-09-14 19:11, Franz wrote: On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: >> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong >> wrote: >>> On 2016-06-29 09:37, Franz wrote: But how can I trust a printing dispVM for something as sensitive as a hot wallet? We would need two different dispVMs but we are not there yet. >>> >>> Indeed, not yet, but it will be implemented in R4.0: >>> >>> https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion >>> https://github.com/QubesOS/qubes-issues/issues/866 >>> https://github.com/QubesOS/qubes-issues/issues/2075 >>> >> >> Andrew, >> After various tests I am getting a bit more confidence about bitcoins. > So I >> prepared the promised tutorial. I tried to go to Qubes documentation to > see >> if there is any way to upload it, but found no reference. So I post it >> here. Perhaps you know what to do. > > > Thank you for taking the time to write this, Franz. However, we > already have a page on using Split Bitcoin wallets (using > Electrum) here: > > https://www.qubes-os.org/doc/split-bitcoin/ > > Nonetheless, it looks like your guide has some additional > information that is missing from the current page. Please > consider submitting a pull request against this page with your > additions. > > >> Andrew >> Additions? Well I used a somehow different way, because i sign the >> transactions on both the hot and the cold VM. So the hot VM is not for >> "watching" it is for doing exactly all what does the non-connected one >> (including signing) and obviously for doing the real job of generating >> addresses for receiving and sending bitcoins to other addresses. It is what >> is called multi-signature. > >> Is it worth to sign the transaction two times, once for each VM? I do not >> know, but it is not so much additional work because in both cases you >> always have to copy a file forward and back between VMs. > >> But the two ways are somehow alternative. I see no point to mix them in the >> tutorial just to increase confusion to a matter that is already a bit >> complicated. > >> The final part of editing the firewall rules of hot VM to limit connection >> to Electrum servers may be worth to protect the keys in hot VM, but may >> have less sense if there are no keys to protect in hot VM. > >> So did nothing, but am obviously open to suggestions. >> Best >> Fran > Ok, I understand. Thanks for explaining, Fran. > > You can see the documentation guidelines including > a step-by-step how-to) here: > > https://www.qubes-os.org/doc/doc-guidelines/ > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FdMAAoJENtN07w5UDAwBxoP/11xlq+k73ECJ1HYB4otxrfa e8rlWTUrs1gbnzwJxMGKwhyRsF++oivCFmjCwFqNfL8moVQS72yIgy4rwSdmQ9gm iJNWTf+bqrYIs/yxBg3U55gdzrdiJ8CW1djnoOPqwCnCivvogmobkN4POX3vGluY LR9ni2QqzqALXU6lpfM65hllfWlxeSQQNYlE749RKxj/Yk23tE3VqWT+q7D4/K4X djymr/5ksmdHwPVrIz/Xr80XT9yo2C94+qAsE8Q5vRwD/4ik9h/jSP9byvU2cv7n OTmN0Eqsc03XHIAwbs/7Il5Lf0g7qXu0Ycb0nkwCegUhXtQFnD6kHQV9CRR8qznf wwn4sp8qPw8aufhH4BeM7GI3V71hhT3PJCI7b4+MJwJEU70vo9U0+Saos75jOYF+ szeHloKfn/k7ZcSX/q61qcuJIE4Q0u0yhb/ellohYe8WAZ+ZPoUyHmnmJpmzL0jp 52knik1Ivq3yH1raHYV5jPzA0kqfwNlD7oO54yG/F/f9QGh7cdjerY/p7uJfFUwu 3Oy2wNiIVnNHMxgkTiGQbXn8vn4zAuBHjWr4OBpw5HvqZti+1ywJBQkpoLXj89Ri GMzXQV3YhNhroe+ma77WqymJMLdw3SNE5aSoF3zvikN/Z3jJuHkd8P/QJ20DWtdG xuu01Q0m2mvlOmwZQI0f =viO+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ca4ade2-277b-688d-426f-4abddd802003%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitcoin Qubes tutorial
On Thu, Sep 15, 2016 at 5:26 AM, Andrew David Wongwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-09-14 19:11, Franz wrote: > > On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < > > marma...@invisiblethingslab.com> wrote: > >> On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: > >>> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong > >>> wrote: > On 2016-06-29 09:37, Franz wrote: > > But how can I trust a printing dispVM for something as sensitive as > > a hot wallet? We would need two different dispVMs but we are not > > there yet. > > Indeed, not yet, but it will be implemented in R4.0: > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > https://github.com/QubesOS/qubes-issues/issues/866 > https://github.com/QubesOS/qubes-issues/issues/2075 > > >>> > >>> Andrew, > >>> After various tests I am getting a bit more confidence about bitcoins. > >> So I > >>> prepared the promised tutorial. I tried to go to Qubes documentation to > >> see > >>> if there is any way to upload it, but found no reference. So I post it > >>> here. Perhaps you know what to do. > >> > > Thank you for taking the time to write this, Franz. However, we > already have a page on using Split Bitcoin wallets (using > Electrum) here: > > https://www.qubes-os.org/doc/split-bitcoin/ > > Nonetheless, it looks like your guide has some additional > information that is missing from the current page. Please > consider submitting a pull request against this page with your > additions. Andrew Additions? Well I used a somehow different way, because i sign the transactions on both the hot and the cold VM. So the hot VM is not for "watching" it is for doing exactly all what does the non-connected one (including signing) and obviously for doing the real job of generating addresses for receiving and sending bitcoins to other addresses. It is what is called multi-signature. Is it worth to sign the transaction two times, once for each VM? I do not know, but it is not so much additional work because in both cases you always have to copy a file forward and back between VMs. But the two ways are somehow alternative. I see no point to mix them in the tutorial just to increase confusion to a matter that is already a bit complicated. The final part of editing the firewall rules of hot VM to limit connection to Electrum servers may be worth to protect the keys in hot VM, but may have less sense if there are no keys to protect in hot VM. So did nothing, but am obviously open to suggestions. Best Fran > You can see the documentation guidelines including > a step-by-step how-to) here: > > https://www.qubes-os.org/doc/doc-guidelines/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJX2ltIAAoJENtN07w5UDAwZwwQAL6eJaF0jCqlsKkN94DTFfYw > 9fcC2w/ybGbPii7h0zHeuzpLsdKc8BQt1ijQ4UiBKzotEQIqyBGDW5xs/7ex6iYn > vZibLWsfDK9Zoxqj0kxlZrGTmHbzInvWTVIjtoKY7pOfDfosgGTBqvd9uM1RqSn3 > MfWuWbJtY2JjRp4+Q80IUS4soQB8Emcm7ZSEBqu6TvX61ycBWyxm/DDLt9xLoFNg > WFB6jVFnUGkucRoKEKwevVOfFoSiLTPjiDjIarlhTKaiG1NCT5otItbfq60mdZcf > BYqS+1vb5WDm55YdDy8p4znz0ImKcLErmUZK+TgRLK4Yi36bvKb3EXr3gUQa4Tqd > MZHpjR6IP/t4tbgBXWc7x6CDqFv+T8LRdD1v5IlsmMl7RmcyV8ES1xFwYXDl4I81 > 7iYvOPjTqoMOASIOejdkuufu+adfgy4BYLqd1SV/C1oJk8SXJ0dkuvoT4IJ1nDBc > FAHIDE9S1MiJZ2fdHGq/B6plrDe/JluhT9L0A8NPCIZetCkTcvgyQQ5CrNyR2UWw > nedk+L2zvzwNQxbZXXVmGSR3gczEkWYfn/ZT+OAFmo72qWPJmLwtmZg/q9zbm6Vw > Bd7ne4mbnOyLshrQ6ZFVui0ZnDfQn4QLauMEQEwS2xNEU88qjIjlNt4klpwtFPVN > 5AWniVUYJXpjwvKiJeSx > =OMbs > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAAHdbVz9LkTTENM-f1_%2BPhhG7HHezOv%2B%3DcMHvpVs4pRg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitcoin Qubes tutorial
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-14 19:11, Franz wrote: > On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < > marma...@invisiblethingslab.com> wrote: >> On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: >>> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong>>> wrote: On 2016-06-29 09:37, Franz wrote: > But how can I trust a printing dispVM for something as sensitive as > a hot wallet? We would need two different dispVMs but we are not > there yet. Indeed, not yet, but it will be implemented in R4.0: https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion https://github.com/QubesOS/qubes-issues/issues/866 https://github.com/QubesOS/qubes-issues/issues/2075 >>> >>> Andrew, >>> After various tests I am getting a bit more confidence about bitcoins. >> So I >>> prepared the promised tutorial. I tried to go to Qubes documentation to >> see >>> if there is any way to upload it, but found no reference. So I post it >>> here. Perhaps you know what to do. >> Thank you for taking the time to write this, Franz. However, we already have a page on using Split Bitcoin wallets (using Electrum) here: https://www.qubes-os.org/doc/split-bitcoin/ Nonetheless, it looks like your guide has some additional information that is missing from the current page. Please consider submitting a pull request against this page with your additions. You can see the documentation guidelines including a step-by-step how-to) here: https://www.qubes-os.org/doc/doc-guidelines/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX2ltIAAoJENtN07w5UDAwZwwQAL6eJaF0jCqlsKkN94DTFfYw 9fcC2w/ybGbPii7h0zHeuzpLsdKc8BQt1ijQ4UiBKzotEQIqyBGDW5xs/7ex6iYn vZibLWsfDK9Zoxqj0kxlZrGTmHbzInvWTVIjtoKY7pOfDfosgGTBqvd9uM1RqSn3 MfWuWbJtY2JjRp4+Q80IUS4soQB8Emcm7ZSEBqu6TvX61ycBWyxm/DDLt9xLoFNg WFB6jVFnUGkucRoKEKwevVOfFoSiLTPjiDjIarlhTKaiG1NCT5otItbfq60mdZcf BYqS+1vb5WDm55YdDy8p4znz0ImKcLErmUZK+TgRLK4Yi36bvKb3EXr3gUQa4Tqd MZHpjR6IP/t4tbgBXWc7x6CDqFv+T8LRdD1v5IlsmMl7RmcyV8ES1xFwYXDl4I81 7iYvOPjTqoMOASIOejdkuufu+adfgy4BYLqd1SV/C1oJk8SXJ0dkuvoT4IJ1nDBc FAHIDE9S1MiJZ2fdHGq/B6plrDe/JluhT9L0A8NPCIZetCkTcvgyQQ5CrNyR2UWw nedk+L2zvzwNQxbZXXVmGSR3gczEkWYfn/ZT+OAFmo72qWPJmLwtmZg/q9zbm6Vw Bd7ne4mbnOyLshrQ6ZFVui0ZnDfQn4QLauMEQEwS2xNEU88qjIjlNt4klpwtFPVN 5AWniVUYJXpjwvKiJeSx =OMbs -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7525e69d-d899-3d1d-6e42-bf9c78daaca9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitcoin Qubes tutorial
On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: > > On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong> > wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA512 > > > > > > On 2016-06-29 09:37, Franz wrote: > > > > But how can I trust a printing dispVM for something as sensitive as > > > > a hot wallet? We would need two different dispVMs but we are not > > > > there yet. > > > > > > Indeed, not yet, but it will be implemented in R4.0: > > > > > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > > > https://github.com/QubesOS/qubes-issues/issues/866 > > > https://github.com/QubesOS/qubes-issues/issues/2075 > > > > > > - -- > > > Andrew David Wong (Axon) > > > Community Manager, Qubes OS > > > https://www.qubes-os.org > > > > > > > Andrew, > > After various tests I am getting a bit more confidence about bitcoins. > So I > > prepared the promised tutorial. I tried to go to Qubes documentation to > see > > if there is any way to upload it, but found no reference. So I post it > > here. Perhaps you know what to do. > > Thanks! > > Below some comments about installation. > > > Best > > Fran > > > > BITCOIN WITH ELECTRUM > > > > Install Electrum in Fredora template > > > > Download the Electrum executable: > > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz > > > > Download the signature: > > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc > > > > Import the public key of the signer, ThomasV > > gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 > > > > Verify the executable > > gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz > > > > If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) > > ...) it is ok independently from the subsequent warning. > > To this point it's ok. > > > Install > > sudo apt-get update > > Interesting - I've thought it was for Fedora template (as stated at the > beginning)... > > > Install dependencies: > > sudo apt-get install python-qt4 python-pip > > > > On Qubes manager -> debian-template -> edit firewall rules -> flag “allow > > full access for 5 minutes” > > Install Electrum: > > sudo pip install Electrum-2.6.4.tar.gz > > But if that's going to be on Debian, there is already electrum Debian > package. I suggest using version from backports, as the one in stable is > quite ancient. > > So, for Debian installation instruction would be: > > 1. Enable Debian Backports: > > https://backports.debian.org/Instructions/#index2h2 > > 2. Install electrum: > > sudo apt-get update && sudo apt-get -t jessie-backports install > electrum > > For Fedora on the other hand, it's better to avoid using 'pip install', > especially in template, as it does not verify any sort of signature. I > believe the only integrity assuring mechanism used there is HTTPS to the > server. But nothing to verify actually downloaded file. > I started writing this tutorial time ago using the Debian template. But then found that the available release on apt-get install was so old (1.9.8-4) that it did not include the multi-signature wallet mentioned in the tutorial. So wanted the new release and the suggested method was pip-install, but for some reason pip- install did not worked of the old release, even after removing it. So resorted to using Fedora which worked with pip-install, but forgot to correct the tutorial. Anyway, using Debian backports the installed version is 2.6.4, just the same that was available using pip. So everything ok and much easier. Thanks Marek. I have corrected the tutorial accordingly: BITCOIN WITH ELECTRUM Install Electrum in Debian template (Fedora template is not recommended because Electrum package is not available and the pip install method does not veriry signatures) Enable Debian Backports: https://backports.debian.org/Instructions/#index2h2 Install electrum: sudo apt-get update && sudo apt-get -t jessie-backports install electrum After installation, create two new VMs depending from the same Debian template one allowing networking, we call it “hot” the other one not allowing networking, we call it “cold” Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM” Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password. Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs. Next option on hot VM: autoconnet is the easier way. It will take some time to connect. Then on receive tab of hot VM you find your address for receiving bitcoins. It is enough to send bitcoins to this address to receive them. They will appear only on Electrum of hot VM because it is the only one connected. Once you have bitcoins you can send them. Transaction should
Re: [qubes-users] Bitcoin Qubes tutorial
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: > On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > On 2016-06-29 09:37, Franz wrote: > > > But how can I trust a printing dispVM for something as sensitive as > > > a hot wallet? We would need two different dispVMs but we are not > > > there yet. > > > > Indeed, not yet, but it will be implemented in R4.0: > > > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > > https://github.com/QubesOS/qubes-issues/issues/866 > > https://github.com/QubesOS/qubes-issues/issues/2075 > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > > > Andrew, > After various tests I am getting a bit more confidence about bitcoins. So I > prepared the promised tutorial. I tried to go to Qubes documentation to see > if there is any way to upload it, but found no reference. So I post it > here. Perhaps you know what to do. Thanks! Below some comments about installation. > Best > Fran > > BITCOIN WITH ELECTRUM > > Install Electrum in Fredora template > > Download the Electrum executable: > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz > > Download the signature: > wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc > > Import the public key of the signer, ThomasV > gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 > > Verify the executable > gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz > > If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) > ...) it is ok independently from the subsequent warning. To this point it's ok. > Install > sudo apt-get update Interesting - I've thought it was for Fedora template (as stated at the beginning)... > Install dependencies: > sudo apt-get install python-qt4 python-pip > > On Qubes manager -> debian-template -> edit firewall rules -> flag “allow > full access for 5 minutes” > Install Electrum: > sudo pip install Electrum-2.6.4.tar.gz But if that's going to be on Debian, there is already electrum Debian package. I suggest using version from backports, as the one in stable is quite ancient. So, for Debian installation instruction would be: 1. Enable Debian Backports: https://backports.debian.org/Instructions/#index2h2 2. Install electrum: sudo apt-get update && sudo apt-get -t jessie-backports install electrum For Fedora on the other hand, it's better to avoid using 'pip install', especially in template, as it does not verify any sort of signature. I believe the only integrity assuring mechanism used there is HTTPS to the server. But nothing to verify actually downloaded file. > create two new VMs depending from the same template > > one allowing networking, we call it “hot” > the other one not allowing networking, we call it “cold” > > Launch the Electrum application in the cold VM for example writing > “electrum” in Qubes Manager/”run command in VM” > > Create a new 2-2 Multi-Signature wallet and properly save the “seed” and > the password. > > Do the same with the hot VM, then follow the GUI exchanging the public kays > between hot and cold VMs. > > Next option on hot VM: autoconnet is the easier way. It will take some time > to connect. > > Then on receive tab of hot VM you find you address for receiving bitcoins. > It is enough to send bitcoins to this address to recieve them. They will > appear only on Electrum of hot VM because it is the only one connected. > > Once you have bitcoins you can send them. Transaction should start on hot > VM Electrum, because the balance on cold Electrum is zero. So using "Send > tab" of hot Electrum you prepare you transaction with the address of the > beneficiery. Then you clik on send button. On the next window you can save > your transaction file and then move your file to the cold VM see: > https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load > transaction on cold Electrum you can find the moved file, sign it and save > it again. Finally you move the signed transaction file to the hot VM in the > same way, load it to the hot Electrum and pay it. > > LIMIT FIREWALL RULES TO ELECTRUM SERVERS > For additional security you can limit the firewall rules of hot VM to > connect only to Electrum servers. > To do that: > Run Marek script > https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585 > into a terminal of hot VM then launch Electrum that tries to connect to the > net, but cannot because the firewall is manually set to "Deny network > access except...". After some time the terminal will fill with firewall > setting of Electrum servers. Then copy these settings into a file in the > same hot VM. > > then from Dom0 terminal write: > > qvm-run --pass-io appl-VM-name 'cat path to just-created-file' > > This makes all the firewall setting to appear
Re: [qubes-users] Bitcoin Qubes tutorial
On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wongwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-06-29 09:37, Franz wrote: > > But how can I trust a printing dispVM for something as sensitive as > > a hot wallet? We would need two different dispVMs but we are not > > there yet. > > Indeed, not yet, but it will be implemented in R4.0: > > https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion > https://github.com/QubesOS/qubes-issues/issues/866 > https://github.com/QubesOS/qubes-issues/issues/2075 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > Andrew, After various tests I am getting a bit more confidence about bitcoins. So I prepared the promised tutorial. I tried to go to Qubes documentation to see if there is any way to upload it, but found no reference. So I post it here. Perhaps you know what to do. Best Fran BITCOIN WITH ELECTRUM Install Electrum in Fredora template Download the Electrum executable: wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz Download the signature: wget https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz.asc Import the public key of the signer, ThomasV gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 Verify the executable gpg --verify Electrum-2.6.4.tar.gz.asc Electrum-2.6.4.tar.gz If it tells “Good signature from “Thomas Voegtlin (https://electrum.org) ...) it is ok independently from the subsequent warning. Install sudo apt-get update Install dependencies: sudo apt-get install python-qt4 python-pip On Qubes manager -> debian-template -> edit firewall rules -> flag “allow full access for 5 minutes” Install Electrum: sudo pip install Electrum-2.6.4.tar.gz create two new VMs depending from the same template one allowing networking, we call it “hot” the other one not allowing networking, we call it “cold” Launch the Electrum application in the cold VM for example writing “electrum” in Qubes Manager/”run command in VM” Create a new 2-2 Multi-Signature wallet and properly save the “seed” and the password. Do the same with the hot VM, then follow the GUI exchanging the public kays between hot and cold VMs. Next option on hot VM: autoconnet is the easier way. It will take some time to connect. Then on receive tab of hot VM you find you address for receiving bitcoins. It is enough to send bitcoins to this address to recieve them. They will appear only on Electrum of hot VM because it is the only one connected. Once you have bitcoins you can send them. Transaction should start on hot VM Electrum, because the balance on cold Electrum is zero. So using "Send tab" of hot Electrum you prepare you transaction with the address of the beneficiery. Then you clik on send button. On the next window you can save your transaction file and then move your file to the cold VM see: https://www.qubes-os.org/doc/copying-files/. Using Tools tab/load transaction on cold Electrum you can find the moved file, sign it and save it again. Finally you move the signed transaction file to the hot VM in the same way, load it to the hot Electrum and pay it. LIMIT FIREWALL RULES TO ELECTRUM SERVERS For additional security you can limit the firewall rules of hot VM to connect only to Electrum servers. To do that: Run Marek script https://gist.github.com/marmarek/1d0a296930b7784327aaf9a801ec5585 into a terminal of hot VM then launch Electrum that tries to connect to the net, but cannot because the firewall is manually set to "Deny network access except...". After some time the terminal will fill with firewall setting of Electrum servers. Then copy these settings into a file in the same hot VM. then from Dom0 terminal write: qvm-run --pass-io appl-VM-name 'cat path to just-created-file' This makes all the firewall setting to appear directly on Dom0 terminal. It is enough to copy all of them and past them on the same terminal and it is done. These are the firewall settings that appeared in hot VM for Electrum servers: qvm-firewall -a hot btc.mustyoshi.com. tcp 50002 qvm-firewall -a hot erbium1.sytes.net. tcp 50002 qvm-firewall -a hot electrum.trouth.net. tcp 50002 qvm-firewall -a hot eniac.snel.it. tcp 50002 qvm-firewall -a hot electrum.vom-stausee.de. tcp 50002 qvm-firewall -a hot bitcoins.sk. tcp 50002 qvm-firewall -a hot ecdsa.net. tcp pop3 qvm-firewall -a hot antumbra.se. tcp 50002 qvm-firewall -a hot ELECTRUM.jdubya.info. tcp 50002 qvm-firewall -a hot home.hach.re. tcp 50002 qvm-firewall -a hot JElectrum.jdubya.info. tcp 50002 qvm-firewall -a hot us4.einfachmalnettsein.de. tcp 50002 qvm-firewall -a hot electrum.online. tcp 50002 qvm-firewall -a hot elec.luggs.co. tcp https qvm-firewall -a hot jwu42.hopto.org. tcp 50004 qvm-firewall -a hot electrum.no-ip.org. tcp 50002 qvm-firewall -a hot electrum-europe.trouth.net. tcp 50002 qvm-firewall -a hot VPS.hsmiths.com. tcp 50002 qvm-firewall -a hot petrkr.net. tcp 50002 qvm-firewall -a hot bitcoin.dragon.zone.
Re: [qubes-users] Bitcoin Qubes tutorial
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-29 09:37, Franz wrote: > But how can I trust a printing dispVM for something as sensitive as > a hot wallet? We would need two different dispVMs but we are not > there yet. Indeed, not yet, but it will be implemented in R4.0: https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion https://github.com/QubesOS/qubes-issues/issues/866 https://github.com/QubesOS/qubes-issues/issues/2075 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXdJUiAAoJENtN07w5UDAwemsP/igQT206kD3EZ+wUymvNzw1A 8edG9ubseQjZNsSfENGTXzBIX4OG4Hh5DGcHUpyRqywl70/teUThfV/WdaeJ2Iib k5iE1OYwwnEgoXKktx+hKPJ6Bazq66Reas0xElzS7z3pGH/sbWz5NJLT5sczv9BP qO+djAXvaLyqN8HhmeWDeOWqgHQ5OaV7vJcEZpAfxvX4crGDOXWEuqBs6CaTT1L/ R5NXh+q64StVUbPDpZQV8OsbbD8G/6Gvq1e/G90YusNzZuuPhpLpLiwVYJzCt9D4 p0ZYm51SEpCQu6+yGrEZY6Bf7v9cC19NUMRZQQbzyfRj9zoKXw043xS9aa3d4T6u tBQskcF36zdyetula50vQFP9nLlhZwEXtgARHjIadeJ5B6sGGCufcwks8eVMTg6Q SnF7FxPVbGU122OBXHNE6R20uwxPIhCU7Npp3A4SSdy6tFW6JPdvBmgHF4aeaq9m sYxAcG8T1JTjfJBqB3ndL4Tb9LQh2aG7gzntRRQi6qAE0xIKB2Xvxlee2OnWff38 rYvMZKjNVEoRLYrxfHF/2lFNPXIFmcHWBq5NTX5BgYeAcqcJ8ojvomnBPyZ45CUg qchcoUXj3FEnQ90OO73t6XiclcarbTEzsOEFHbv6f6sm9n2QOL7hjuSemX07VESe cgNngS/j1o8z35WizQ2X =wbxB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e636b464-e106-7439-be0d-97876f554302%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitcoin Qubes tutorial
On 2016-06-28 12:01, Franz wrote: Hello, is there some form of tutorial for using Bitcoins with Qubes, considering that I have no experience of bitcoins? It seem I should have a VM for a hot wallet for making transactions and another for a cold wallet to keep the bitcoins. But have no idea if it is possible to move bitcoins between the two Also imagine a good practice would be to make a backup of the VMs containing the wallets using Qubes backup. It would be also interesting to know which clients you consider safer for buying and selling bitcoins. Thanks Best Fran Hi, Fran. I've done exactly this using the Electrum bitcoin wallet. I have a dedicated hot ("watching") wallet in its own VM, and a cold (offline) wallet in a separate VM that's never network-connected. Although I'm hardly a bitcoin expert, I don't think it's a matter of "transferring bitcoin from one wallet to another." Rather, I think the cold wallet just holds the private keys used when authorizing bitcoin transactions. For example, if I'm buying something with 1 bc, I generate a pending transaction in the hot wallet, sign that transaction in the cold wallet, transfer the signed transaction back to the hot wallet, and then broadcast it from there. That way, only that 1 bc is ever vulnerable in a network-connected VM. If I'm misunderstanding this, or doing it wrong, I'd love to be educated by a bitcoin guru! Todd -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59a6d11ff0484fc1ae7bda853f9dbada%40nowlas.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Bitcoin Qubes tutorial
Hello, is there some form of tutorial for using Bitcoins with Qubes, considering that I have no experience of bitcoins? It seem I should have a VM for a hot wallet for making transactions and another for a cold wallet to keep the bitcoins. But have no idea if it is possible to move bitcoins between the two Also imagine a good practice would be to make a backup of the VMs containing the wallets using Qubes backup. It would be also interesting to know which clients you consider safer for buying and selling bitcoins. Thanks Best Fran -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBkNyzzNnp-dX9%3DpFL3_B6hwu6kVgUNXsLFz_D0wRxb7Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.