[ANNOUNCE] PrivCoin v1.0 - Pendrive Linux for Offline Transaction Processing

[flipperfish]

Announcing my little project to facilitate offline processing/signing of bitcoin transactions:

PrivCoin v1.0 "Bo"

PrivCoin is a debian-live based distro, which includes Bitcoin Qt Client and Armory. Because it is a live-system it is hard to infect with malware (see Security Considerations). It allows you to manage wallets and transactions according to the Armory Offline Storage Guide. A special kernel is included to prevent any access to internal hard drives and network, so no sensitive information (like private keys) can leave your system. It is ready to be used in conjunction with Windows. A typical workflow could be: 1. Run Armory on Windows with a watch-only wallet, 2. Create a offline transaction and save it on your pendrive, 3. Reboot your machine into PrivCoin (selecting Privacy Kernel), 4. Sign the transaction with Armory in offline-mode and the corressponding wallet, which holds your private keys, 5. Save the signed transaction to your pendrive, 6. Reboot into Windows and broadcast the signed transaction with Armory.

GitHub: https://github.com/flipperfish/privcoin

Features:

• Additional Privacy-Kernel included: Disables access to hdd and network
• Bitcoin Qt and Armory included (Datadirs will be asked on launch, so with default kernel you can use already downloaded blockchain on your hdd)
• Virtualbox (to help migrate from a wallet holding VM scenario)
• "Clean" OS after each boot
• Based on debian-live: Extendable and customizable
  

Security Considerations:

• Privacy Kernel: Prevents leakage of sensitive information by disabling access to hdd and network
• Integrity of live-system: Protected by encrypted checksum (to verify you have to provide a password, which you gave at creation time)
• Based on official debian distribution (which is trusted by many webservices and checked by many eyes due to it's widespread adoption)
• Parts which are not taken from debian are compiled from source: To make process of creation totally transparent

Getting Started:
You will need a system with Debian Wheezy (amd64 preferred, other architectures are untested and you have to change config.sh accordingly).
Attention: During the build, packages needed to compile the included programs are downloaded and installed on your host system. If you don't like this, you can use a VM (I recommend Virtualbox), create a drive snapshot or do something else to reset your system after build has completed.

Then do the following:

Code:

aptitude install git live-builder
git clone https://github.com/flipperfish/privcoin.git
cd privcoin
lb config
sudo lb build

During the build you will be asked for a password. With this password the integrity of your live-system can be verified. It does NOT encrypt the live-system, only integrity is protected. Of course, you have to make sure, that the system you use for creation is clean!
After the build, there will be a file "binary.hybrid.iso" in the root of the repository.
This can be burnt to cd or written to flash-drive by using dd (Linux) or UNetbootin (Windows).


Demo:
To test-drive PrivCoin you can download the prebuilt image from here: https://github.com/flipperfish/privcoin/downloads (burn it to cd or copy to pendrive using e.g. UNetbootin, password for verify-feature: "privcoin")
Attention: This ISO is for testing purposes only. To get the full security benefits, build the image on your own machine. You can choose your own verification-password then, too.


Planned Features:

• Better language selection
• Change integrity-verification-password from within live-system
• Do compiles within chroot
• Include TrueCrypt

Version History:

v1.0 "Bo" (2012-09-13)
- Initial Release


Disclaimer:
These scripts are beta software, they are not tested well.
Please expect bugs, data loss and all other kinds of weird stuff.
Under no circumstances I will take any responsibility for damage done to your hardware, your software and/or your finances directly or indirecly caused by my software.
If you don't trust it or can't make sure it works as intended: DON'T USE IT!

PrivCoin is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

PrivCoin is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with PrivCoin.  If not, see <http://www.gnu.org/licenses/>.


Donations:
1zhpmctK9ESWSzUuaReN7L2hEzCKdP8QV

Credits & Thanks

• Thanks to all developers and contributors of Bitcoin Armory
• Inspired by BitSafe and Ubuntu Privacy Remix

[1713886548]

1713886548

[1713886548]

1713886548

[1713886548]

1713886548

[1713886548]

1713886548

[flipperfish]

FAQ:

Why is the live-image not encrypted? Why is there no encrypted data-container?
Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in. For the wallet, Armory does a good job in encrypting the file already. It's bad for usability if you have to decrypt the same file twice. I could imagine, many people will use the same password anyways. This makes security rather worse, as an attacker has now two possible targets and it could aid in cryptoanalysis (just guessed about the latter).

[N.Z.]

4. Sign the transaction with Armory in offline-mode and the corressponding wallet, which holds your private keys,

IMO you should definitely add TrueCrypt to your distro.

[Isokivi]

Hmmm I'm going to set this up on my RaspPi.

Please post a followup when you do.
"If you don't trust it or can't make sure it works as intended: DON'T USE IT!"
I fall in the latter category so Im waiting for the community to give a green light on this.

[flipperfish]

IMO you should definitely add TrueCrypt to your distro.

For the basic use case, IMO this is not necessary, because the private keys are encrypted anyways. But I agree, that it would be useful to support migration or advanced setups.

Hmmm I'm going to set this up on my RaspPi.

Uh, I don't know if this is the right project for the RaspPi. You would have to crosscompile the binaries and the kernel and I don't know if debian-live does support ARM already. But it would be nice to hear your results.

[Evolvex]

Thats awesome - I'm going to wait for the green light to use it, as I'm not a linux boff so cant check its secure and stuff - however this is something i wouldnt mind keeping an eye and using in the future .

Thanks for your efforts on this.

[stepkrav]

About Truecrypt, take also in consideration these :

https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

https://secure.wikimedia.org/wikipedia/en/wiki/TrueCrypt#Reasonable_paranoia

[Borzoi]

One suggestion I make is that pendrive use xen sandbox for better isolation.

Bootable usb can still access hd, etc. of machine to leave trace, taint, virus, worm, etc.  If boot kernel does only hypervisor, lightweight xen vm can host bitcoin tasks.

Takes little bit more RAM and disk space but is safer.  Plus, can easily encrypt and hide virtual machine disk image.

[flipperfish]

About Truecrypt, take also in consideration these :

https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

https://secure.wikimedia.org/wikipedia/en/wiki/TrueCrypt#Reasonable_paranoia

Oh, I didn't know that, thanks for the hint. Currently I see two possible solutions: 1.) Provide a script, which downloads TrueCrypt on the fly (as binary, from running live-os). I did this already manually, and it was a matter of wget, tar, ./install... 2.) Use tc-play (https://github.com/bwalex/tc-play).

If it is important for some of you, I will go for route 1.), because I can incorporate this sooner. So some feedback on this would be nice.

use xen sandbox for better isolation.

For me this seems to be a lot of effort without any major benefits. The custom kernel IMO does a good job on preventing access to network and hdd. Nevertheless I will keep it as an idea for the next/some future major version. Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in.

[N.Z.]

flipperfish, Truecrypt is old well-known open-source software, all this "security considerations" and "warnings" are about license and offenses made by that. There is no encryption software that meets all high-level paranoia conditions.  So why not just fuck all this license shit about it?

[flipperfish]

So why not just fuck all this license shit about it?

Because I don't want to get into legal trouble because of some hobby project.
But I think, the solutions I posted above are the best way to go. If you need TrueCrypt within the live-system right now, you can install it very fast&easy: Just download linux-binaries from TrueCrypt website, extract (tar -xf <archivename>) and run the script (./<extracted scriptname>.sh). After that, there is an entry in "Activities". The kernel does already include all necessary modules.

[etotheipi]

Hey, fantastic project!  

I just wanted to point out that while Armory is advancing (with new versions), even ancient versions of Armory will work as an offline signer.  It's because neither the wallet, nor the BIP 0010 format has changed in the last 6 months.  So even if you create the image with version 0.74, you can keep upgrading the online version (say 0.82) and it will still work.  This will be true for a while.

However, there will be a hiccup after beta, where I introduce a new wallet format, which will include support for P2SH and update BIP 0010 to better handle multi-sig.  Old wallets will be still be supported, but then this image will have to be updated and redistributed to support the newer version.

[aneutronic]

Nice project, thanks very much!

[LiveFree]

Why we need to assemble special OS? Why not just make portable Armory distro which can be launched on Tails?

I like 3 ideas: 1) cold storage 2) brainwallet 3) amnesic OS.

We need to compile this 3 ideas. Armory is cold storage but Armory seed is hard to remember. sha512("passphrase") as seed solves this problem (see https://bitcointalk.org/index.php?topic=96451.msg1063144). But there is no amnesic OS which can launch Armory .

How I see ideal brain cold storage?

1. Put Tails, portable Armory and seed-converter-from-phrase script on usb drive.
2. Load Tails from usb drive
2. Convert passphrase to seed.
3. Open wallet from seed.
4. If need create watching-only wallet and copy it on usb.
5. When you turn off Tails then your wallet is wiped. It's cool.
6. Make outcoming txs with watching-only wallet.
7. Open wallet in Tails and sign outcoming txs.
8. Repeat 6-8 steps when your need and be happy. Your wallet live in only passphrase and your brain.

[flipperfish]

@etotheipi / aneutronic
Thanks for your feedback! This encourages me to go on with this project.

Why we need to assemble special OS? Why not just make portable Armory distro which can be launched on Tails?
[...]
1. Put Tails, portable Armory and seed-converter-from-phrase script on usb drive.

You can use Tails-Distro, if you want to. You don't have to use PrivCoin. As far as I know Tails does not have some kind of offline mode and is more about anonymity. PrivCoin is about keeping your secret data secret. You can put any scripts in PrivCoin you like during the build process (just have a quick look at the debian-live-manual, http://live.debian.net/manual-3.x/html/live-manual/customizing-contents.en.html#476).

[K1773R]

About Truecrypt, take also in consideration these :

https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt

https://secure.wikimedia.org/wikipedia/en/wiki/TrueCrypt#Reasonable_paranoia

Oh, I didn't know that, thanks for the hint. Currently I see two possible solutions: 1.) Provide a script, which downloads TrueCrypt on the fly (as binary, from running live-os). I did this already manually, and it was a matter of wget, tar, ./install... 2.) Use tc-play (https://github.com/bwalex/tc-play).

If it is important for some of you, I will go for route 1.), because I can incorporate this sooner. So some feedback on this would be nice.

use xen sandbox for better isolation.

For me this seems to be a lot of effort without any major benefits. The custom kernel IMO does a good job on preventing access to network and hdd. Nevertheless I will keep it as an idea for the next/some future major version. Encrypting the whole image of the live-os is overkill IMHO. There's no sensitive data in there whose privacy needs to be protected. It's only important to protect the integrity of the image (and the bootloader and kernel, too), so no malware can sneak in.

take a look at LUKS, i dont know why ppl are using TrueCrypt on linux or even intend to.

http://code.google.com/p/cryptsetup/
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
http://en.wikipedia.org/wiki/Dm-crypt

[Borzoi]

I started mining with VMs (USB devices only) so can separate access with VLAN tagging and ipfw.  Is working well once set up and allows lightweight virtual machines.

Next need is USB-over-ethernet or USB/IP to support migration between servers possible.

[yrtrnc]

How about an encrypted usb drive with a bitcoin wallet.. It would be bootable and runs with its own os.

Is it possible?

[flipperfish]

take a look at LUKS, i dont know why ppl are using TrueCrypt on linux or even intend to.

http://code.google.com/p/cryptsetup/
http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
http://en.wikipedia.org/wiki/Dm-crypt

TrueCrypt is pretty widespread on windows (at least in my perception). As far as I know LUKS is not compatible with TrueCrypt's file format. One of the main goals of PrivCoin is usability and especially usability in combination with windows.

[K1773R]

2 thigns to fix:

checkout version 0.7.0 as the 0.6.3 has a problem compiling and is outdated.
automatically install scrypt (apt-get install scrypt) since ur script is using it, but if you dont have it installed before it wont work

greetings