Bitcoin Forum
November 21, 2017, 03:33:52 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: [ANNOUNCE] PrivCoin v1.0 - Pendrive Linux for Offline Transaction Processing  (Read 4371 times)
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 14, 2012, 03:59:04 PM
 #1

Announcing my little project to facilitate offline processing/signing of bitcoin transactions:

PrivCoin v1.0 "Bo"


PrivCoin is a debian-live based distro, which includes Bitcoin Qt Client and Armory. Because it is a live-system it is hard to infect with malware (see Security Considerations). It allows you to manage wallets and transactions according to the Armory Offline Storage Guide. A special kernel is included to prevent any access to internal hard drives and network, so no sensitive information (like private keys) can leave your system. It is ready to be used in conjunction with Windows. A typical workflow could be: 1. Run Armory on Windows with a watch-only wallet, 2. Create a offline transaction and save it on your pendrive, 3. Reboot your machine into PrivCoin (selecting Privacy Kernel), 4. Sign the transaction with Armory in offline-mode and the corressponding wallet, which holds your private keys, 5. Save the signed transaction to your pendrive, 6. Reboot into Windows and broadcast the signed transaction with Armory.

GitHub: https://github.com/flipperfish/privcoin

Features:
  • Additional Privacy-Kernel included: Disables access to hdd and network
  • Bitcoin Qt and Armory included (Datadirs will be asked on launch, so with default kernel you can use already downloaded blockchain on your hdd)
  • Virtualbox (to help migrate from a wallet holding VM scenario)
  • "Clean" OS after each boot
  • Based on debian-live: Extendable and customizable

Security Considerations:
  • Privacy Kernel: Prevents leakage of sensitive information by disabling access to hdd and network
  • Integrity of live-system: Protected by encrypted checksum (to verify you have to provide a password, which you gave at creation time)
  • Based on official debian distribution (which is trusted by many webservices and checked by many eyes due to it's widespread adoption)
  • Parts which are not taken from debian are compiled from source: To make process of creation totally transparent


Getting Started:
You will need a system with Debian Wheezy (amd64 preferred, other architectures are untested and you have to change config.sh accordingly).
Attention: During the build, packages needed to compile the included programs are downloaded and installed on your host system. If you don't like this, you can use a VM (I recommend Virtualbox), create a drive snapshot or do something else to reset your system after build has completed.

Then do the following:
Code:
aptitude install git live-builder
git clone https://github.com/flipperfish/privcoin.git
cd privcoin
lb config
sudo lb build

During the build you will be asked for a password. With this password the integrity of your live-system can be verified. It does NOT encrypt the live-system, only integrity is protected. Of course, you have to make sure, that the system you use for creation is clean!
After the build, there will be a file "binary.hybrid.iso" in the root of the repository.
This can be burnt to cd or written to flash-drive by using dd (Linux) or UNetbootin (Windows).


Demo:
To test-drive PrivCoin you can download the prebuilt image from here: https://github.com/flipperfish/privcoin/downloads (burn it to cd or copy to pendrive using e.g. UNetbootin, password for verify-feature: "privcoin")
Attention: This ISO is for testing purposes only. To get the full security benefits, build the image on your own machine. You can choose your own verification-password then, too.


Planned Features:
  • Better language selection
  • Change integrity-verification-password from within live-system
  • Do compiles within chroot
  • Include TrueCrypt


Version History:

v1.0 "Bo" (2012-09-13)
- Initial Release


Disclaimer:
These scripts are beta software, they are not tested well.
Please expect bugs, data loss and all other kinds of weird stuff.
Under no circumstances I will take any responsibility for damage done to your hardware, your software and/or your finances directly or indirecly caused by my software.
If you don't trust it or can't make sure it works as intended: DON'T USE IT!

PrivCoin is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

PrivCoin is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with PrivCoin.  If not, see <http://www.gnu.org/licenses/>.



Donations:
1zhpmctK9ESWSzUuaReN7L2hEzCKdP8QV

Credits & Thanks
1511235232
Hero Member
*
Offline Offline

Posts: 1511235232

View Profile Personal Message (Offline)

Ignore
1511235232
Reply with quote  #2

1511235232
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511235232
Hero Member
*
Offline Offline

Posts: 1511235232

View Profile Personal Message (Offline)

Ignore
1511235232
Reply with quote  #2

1511235232
Report to moderator
1511235232
Hero Member
*
Offline Offline

Posts: 1511235232

View Profile Personal Message (Offline)

Ignore
1511235232
Reply with quote  #2

1511235232
Report to moderator
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 14, 2012, 03:59:29 PM
 #2

FAQ:

Why is the live-image not encrypted? Why is there no encrypted data-container?
Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in. For the wallet, Armory does a good job in encrypting the file already. It's bad for usability if you have to decrypt the same file twice. I could imagine, many people will use the same password anyways. This makes security rather worse, as an attacker has now two possible targets and it could aid in cryptoanalysis (just guessed about the latter).
N.Z.
Sr. Member
****
Offline Offline

Activity: 437



View Profile
September 14, 2012, 10:04:32 PM
 #3

Quote
4. Sign the transaction with Armory in offline-mode and the corressponding wallet, which holds your private keys,
IMO you should definitely add TrueCrypt to your distro.
Darktongue
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 15, 2012, 06:32:04 PM
 #4

Hmmm I'm going to set this up on my RaspPi.
Isokivi
Hero Member
*****
Offline Offline

Activity: 910


Items flashing here available at btctrinkets.com


View Profile WWW
September 15, 2012, 07:45:29 PM
 #5

Hmmm I'm going to set this up on my RaspPi.
Please post a followup when you do.
"If you don't trust it or can't make sure it works as intended: DON'T USE IT!"
I fall in the latter category so Im waiting for the community to give a green light on this.

Bitcoin trinkets now on my online store: btc trinkets.com <- Bitcoin Tiepins, cufflinks, lapel pins, keychains, card holders and challenge coins.
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 16, 2012, 10:38:40 AM
 #6

Quote
IMO you should definitely add TrueCrypt to your distro.
For the basic use case, IMO this is not necessary, because the private keys are encrypted anyways. But I agree, that it would be useful to support migration or advanced setups.

Quote
Hmmm I'm going to set this up on my RaspPi.
Uh, I don't know if this is the right project for the RaspPi. You would have to crosscompile the binaries and the kernel and I don't know if debian-live does support ARM already. But it would be nice to hear your results.
Evolvex
Full Member
***
Offline Offline

Activity: 179


View Profile
September 16, 2012, 02:01:59 PM
 #7

Thats awesome - I'm going to wait for the green light to use it, as I'm not a linux boff so cant check its secure and stuff - however this is something i wouldnt mind keeping an eye and using in the future Smiley.

Thanks for your efforts on this.
stepkrav
Full Member
***
Offline Offline

Activity: 182



View Profile
September 16, 2012, 02:08:33 PM
 #8

About Truecrypt, take also in consideration these :

https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

https://secure.wikimedia.org/wikipedia/en/wiki/TrueCrypt#Reasonable_paranoia
Borzoi
Jr. Member
*
Offline Offline

Activity: 54



View Profile
September 16, 2012, 02:24:45 PM
 #9

One suggestion I make is that pendrive use xen sandbox for better isolation.

Bootable usb can still access hd, etc. of machine to leave trace, taint, virus, worm, etc.  If boot kernel does only hypervisor, lightweight xen vm can host bitcoin tasks.

Takes little bit more RAM and disk space but is safer.  Plus, can easily encrypt and hide virtual machine disk image.

MS EECS MIT, PhD Math Stanford, L2 dropout American University Washington College of Law.
Forgive my English.  It is functional with good vocabulary but not so good grammar.  I give BNF for my English so not to offend you. Smiley
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 16, 2012, 07:02:54 PM
 #10


Oh, I didn't know that, thanks for the hint. Currently I see two possible solutions: 1.) Provide a script, which downloads TrueCrypt on the fly (as binary, from running live-os). I did this already manually, and it was a matter of wget, tar, ./install... 2.) Use tc-play (https://github.com/bwalex/tc-play).

If it is important for some of you, I will go for route 1.), because I can incorporate this sooner. So some feedback on this would be nice.


Quote
use xen sandbox for better isolation.

For me this seems to be a lot of effort without any major benefits. The custom kernel IMO does a good job on preventing access to network and hdd. Nevertheless I will keep it as an idea for the next/some future major version. Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in.
N.Z.
Sr. Member
****
Offline Offline

Activity: 437



View Profile
September 16, 2012, 07:44:39 PM
 #11

flipperfish, Truecrypt is old well-known open-source software, all this "security considerations" and "warnings" are about license and offenses made by that. There is no encryption software that meets all high-level paranoia conditions.  So why not just fuck all this license shit about it? Undecided
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 16, 2012, 08:19:24 PM
 #12

So why not just fuck all this license shit about it? Undecided

Because I don't want to get into legal trouble because of some hobby project.
But I think, the solutions I posted above are the best way to go. If you need TrueCrypt within the live-system right now, you can install it very fast&easy: Just download linux-binaries from TrueCrypt website, extract (tar -xf <archivename>) and run the script (./<extracted scriptname>.sh). After that, there is an entry in "Activities". The kernel does already include all necessary modules.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 18, 2012, 03:57:03 PM
 #13

Hey, fantastic project!  

I just wanted to point out that while Armory is advancing (with new versions), even ancient versions of Armory will work as an offline signer.  It's because neither the wallet, nor the BIP 0010 format has changed in the last 6 months.  So even if you create the image with version 0.74, you can keep upgrading the online version (say 0.82) and it will still work.  This will be true for a while.

However, there will be a hiccup after beta, where I introduce a new wallet format, which will include support for P2SH and update BIP 0010 to better handle multi-sig.  Old wallets will be still be supported, but then this image will have to be updated and redistributed to support the newer version.




Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
aneutronic
Full Member
***
Offline Offline

Activity: 165


View Profile
September 18, 2012, 06:02:08 PM
 #14

Nice project, thanks very much!
LiveFree
Jr. Member
*
Offline Offline

Activity: 38


View Profile
September 20, 2012, 01:41:36 AM
 #15

Why we need to assemble special OS? Why not just make portable Armory distro which can be launched on Tails?

I like 3 ideas: 1) cold storage 2) brainwallet 3) amnesic OS.

We need to compile this 3 ideas. Armory is cold storage but Armory seed is hard to remember. sha512("passphrase") as seed solves this problem (see https://bitcointalk.org/index.php?topic=96451.msg1063144). But there is no amnesic OS which can launch Armory Cry.

How I see ideal brain cold storage?

1. Put Tails, portable Armory and seed-converter-from-phrase script on usb drive.
2. Load Tails from usb drive
2. Convert passphrase to seed.
3. Open wallet from seed.
4. If need create watching-only wallet and copy it on usb.
5. When you turn off Tails then your wallet is wiped. It's cool.
6. Make outcoming txs with watching-only wallet.
7. Open wallet in Tails and sign outcoming txs.
8. Repeat 6-8 steps when your need and be happy. Your wallet live in only passphrase and your brain.


flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
September 20, 2012, 10:17:44 AM
 #16

@etotheipi / aneutronic
Thanks for your feedback! This encourages me to go on with this project.

Why we need to assemble special OS? Why not just make portable Armory distro which can be launched on Tails?
[...]
1. Put Tails, portable Armory and seed-converter-from-phrase script on usb drive.

You can use Tails-Distro, if you want to. You don't have to use PrivCoin. As far as I know Tails does not have some kind of offline mode and is more about anonymity. PrivCoin is about keeping your secret data secret. You can put any scripts in PrivCoin you like during the build process (just have a quick look at the debian-live-manual, http://live.debian.net/manual-3.x/html/live-manual/customizing-contents.en.html#476).
K1773R
Legendary
*
Offline Offline

Activity: 1680


/dev/null


View Profile
October 02, 2012, 05:40:52 AM
 #17


Oh, I didn't know that, thanks for the hint. Currently I see two possible solutions: 1.) Provide a script, which downloads TrueCrypt on the fly (as binary, from running live-os). I did this already manually, and it was a matter of wget, tar, ./install... 2.) Use tc-play (https://github.com/bwalex/tc-play).

If it is important for some of you, I will go for route 1.), because I can incorporate this sooner. So some feedback on this would be nice.


Quote
use xen sandbox for better isolation.

For me this seems to be a lot of effort without any major benefits. The custom kernel IMO does a good job on preventing access to network and hdd. Nevertheless I will keep it as an idea for the next/some future major version. Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in.

take a look at LUKS, i dont know why ppl are using TrueCrypt on linux or even intend to.

http://code.google.com/p/cryptsetup/
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
http://en.wikipedia.org/wiki/Dm-crypt

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
Borzoi
Jr. Member
*
Offline Offline

Activity: 54



View Profile
October 04, 2012, 08:06:51 PM
 #18

I started mining with VMs (USB devices only) so can separate access with VLAN tagging and ipfw.  Is working well once set up and allows lightweight virtual machines.

Next need is USB-over-ethernet or USB/IP to support migration between servers possible.

MS EECS MIT, PhD Math Stanford, L2 dropout American University Washington College of Law.
Forgive my English.  It is functional with good vocabulary but not so good grammar.  I give BNF for my English so not to offend you. Smiley
yrtrnc
Hero Member
*****
Offline Offline

Activity: 588



View Profile
October 04, 2012, 09:43:08 PM
 #19

How about an encrypted usb drive with a bitcoin wallet.. It would be bootable and runs with its own os.

Is it possible?
flipperfish
Sr. Member
****
Offline Offline

Activity: 336


Dolphie Selfie


View Profile
October 06, 2012, 04:36:52 PM
 #20

take a look at LUKS, i dont know why ppl are using TrueCrypt on linux or even intend to.

http://code.google.com/p/cryptsetup/
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
http://en.wikipedia.org/wiki/Dm-crypt

TrueCrypt is pretty widespread on windows (at least in my perception). As far as I know LUKS is not compatible with TrueCrypt's file format. One of the main goals of PrivCoin is usability and especially usability in combination with windows.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!