Bitcoin Forum
July 10, 2025, 04:02:41 AM *
News: Latest Bitcoin Core release: 29.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Armory / Verifying/testing offline signer safely? on: February 06, 2025, 04:14:23 AM
In a typical split setup:
  • An offline computer with the private keys and Armory running in offline mode
  • An online computer with a full Bitcoin Core node & Armory watching wallet (i.e. Security: Offline)

What is the safest way to test the spending of coins in the wallet without actually spending them? i.e. doing everything but broadcasting the transaction. By safe I mean the avoidance of loss of coins.
Possibly paranoia but given there are so many stories of lost coins over the years I personally feel it is warranted to be confident in performing a dry run.
I think these are the safest steps below but I don't know beyond a shadow of a doubt, and reassurance from experienced users would be very welcome.

Open Armory on the Online Computer (PC 1)
Select wallet with coins, choose Send Bitcoins
Check "MAX" next to amount in order to test all private keys in wallet with UTXOs.
Open address book, and find a "Receiving" address that already has coins in your same wallet. Select that address.

Why? My logic being that worst case if the transaction is broadcast accidentally you've compromised your privacy but the coins are going to go straight back to an address for a private key you know you control, without a doubt.

Drop fees to 1 sat/byte
Turn off RBF? May not matter if on or off?
Preview transaction and ensure the only output is the previously selected address and that address is one of the inputs. No "change addresses" to cause slip ups.
Continue to the "Review Offline Transaction" page.
Follow instructions to save the unsigned transaction to USB drive or other removable media.
Transfer to the Offline Computer (PC 2)
Load transaction in offline Armory on PC 2.
Review transaction fully and check it is as expected.
Sign the transaction.
Final step since we don't want to broadcast is to delete the signed transaction on PC 2.

At this point I assume the transaction signer is functioning as expected because PC 2 was able to sign the transaction. If I didn't have the right private keys signing would presumably fail in some way, is that correct?
Or is it not 100% assured until the transaction is loaded into Armory on PC 1?

Am I missing anything? Any pitfalls?

Thank you,
PhoenixFire
2  Bitcoin / Armory / New research paper exploting air-gapped wallets: "BeatCoin" on: April 24, 2018, 01:03:24 AM
https://cyber.bgu.ac.il//advanced-cyber/airgap
There are a couple of videos on the page above, but this is the direct link to the "BeatCoin" paper's pdf.

I've seen exploits of this nature in the past but this one can use the GPIO pins on a raspberry pi to transmit the data (see first video). Given that historically Armory has offered downloads for the raspberry pi, and many here use the split online-offline/cold storage setup, I've posted here for awareness/discussion. Relevant to more typical computers/laptops too.

This all assumes the offline machine has been compromised. While we can minimise the chances of that by not attaching USB drives and other external media, the reality is that software upgrades to the offline system (i.e. Armory's signer) do need to happen to ensure compatibility from time to time. Excluding that, there is still the need to get transactions on and off the offline system, which provides the opportunity for an attacker if the online system is compromised.
For the RPi: this thread by TierNolan seems to offer an alternative to using USB devices for data transfer in order to help keep the offline system clean/secure. I'm unsure whether the GPIO being in use would mitigate outgoing transmissions by malware, but inclined to assume not.

I'm not an expert, but it certainly unnerves me to see a layer of the security model eroded like this - the suggestion of needing some sort of Faraday cage doesn't seem as excessively cautious as it used to be. Certainly a win for dedicated hardware wallets that only have the required components included Undecided
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!