Bitcoin Forum
November 19, 2017, 04:04:02 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Armory - Using Tails for secure Armory use on a single physical machine  (Read 9046 times)
wachtwoord
Legendary
*
Offline Offline

Activity: 1624


View Profile
January 17, 2013, 07:52:47 PM
 #1

Hi all.

This is a reply to a post by N.Z. that etotheipi pointed me to after I asked for how to use Armory securely with one physical machine connected to the internet. He pointed me to the following post:

Hi all Smiley Just tested the best way of using offline part of Amory I can think of.

1. Download Tails. This is Debian LiveCD/LiveUSB system. Why Tails? Because it is well-known system designed with max security in mind (to leave system and disks untouched in particular), has a lot of users and testers and supported by Tor project. These ones are enough for me to trust it.

2. Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen.

3. Go to online computer and download needed packages from Debian repositories or from here, we need these:
Code:
python-twisted-conch_10.1.0-1_all.deb 
python-twisted-runner_10.1.0-2_i386.deb
python-twisted-core_10.1.0-3_all.deb   
python-twisted-web_10.1.0-1_all.deb
python-crypto_2.1.0-2+squeeze1_i386.deb 
python-twisted-lore_10.1.0-1_all.deb   
python-twisted-words_10.1.0-1_all.deb
python-openssl_0.10-1_i386.deb           
python-twisted-mail_10.1.0-1_all.deb   
python-twisted_10.1.0-3_all.deb
python-pyasn1_0.0.11a-1_all.deb         
python-twisted-names_10.1.0-1_all.deb
python-twisted-bin_10.1.0-3_i386.deb     
python-twisted-news_10.1.0-1_all.deb
Don`t forget to check hashes and signatures!
Also download latest Armory .deb file from Armory website.

4. Make Truecrypt container in USB drive, put all debs to folder, say, 'armory' in this tc-container.

5. Plug in USB drive to computer booted with Tails as said above. Mount tc-container, run
Code:
dpkg -i /media/truecrypt1/armory/*.deb

6. We got an secure offline environment: if it is unencrypted, it disappears when you shutdown computer. Total geek  Cool

Did I miss something? Maybe we should ask etotheipi to include offline bundle for Tails as it is already made for Ubuntu? Wink

It turns out this description is too limited for the amount of knowledge I have on the matter to follow so I'll post the quests I have to get this working here Smiley

1. I installed Tails on a USB drive and booted into the OS. (Done and I am posting this booted in Tails)
2. So here comes the first issue: What does "Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen." mean? When I boot from my USB drive it doesn't give me this option it only asks me to specify an admin password. Also what is the use of doing this? I know TrueCrypt, but have no idea what booting something Truescrypt could even mean. I mean the USB is not encrypted, it is a normal Tails boot USB drive.
3. I haven't tried but I cannot imagine this will cause difficulties
4. What USB drive do you mean here? The USB drive Tails is installed on or a second separate USB drive? What is the use of this USB drive? How do I turn it into a 'tc' (Truecrypt I presume) container? What does that mean?
5. Is this the same USB drive from 5?

So I can search around but there are just way too many unknowns for me to even get started. Am I even right about the general idea?

Is the idea that you boot into Tails with USB drive one (unencrypted) and use a second USB drive to store:

1) Armory
2) Wallet file
3) Armory dependencies

Encrypted with TrueCrypt and every time you need the cold storage wallet you:

1) Boot from USB 1 to Tails
2) Unencrypt (mount?) USB 2 (with dpkg -i /media/truecrypt1/armory/*.deb ?)
3) Start Armory

Q: if this is the case is only USB 2 essential? (the place that stores the wallet and the volume you need to backup)
Q: Why use 2 USB drives (if this is even the intention)?

Could you get me started please, thank you Smiley

1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
1511064242
Hero Member
*
Offline Offline

Posts: 1511064242

View Profile Personal Message (Offline)

Ignore
1511064242
Reply with quote  #2

1511064242
Report to moderator
N.Z.
Sr. Member
****
Offline Offline

Activity: 437



View Profile
January 17, 2013, 10:33:07 PM
 #2

About Truecrypt in Tails. You can use whatever storage device connected to your computer to store or use as truecrypt container. You don`t have to though, you can configure persistent storage for that from Tails menu, it will be encrypted as well. Truecrypt is just convenient for me.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
January 22, 2013, 03:55:06 AM
 #3

I'm not sure I even understand fully.  What is the point of the TC container?  I can think of only two reasons:

(1) You really don't trust Armory wallet encryption
(2) You want even the watching-only portions of the wallet to be encrypted, too (which will actually be an option with the new, upcoming wallets)

I only ask because it seems redundant, and makes it a bit more effort to setup and use.

Also, as Wachtwoord suggested, why bother with two USB keys?  Can't you just get yourself a single, large USB key, and partition it into OS (Tails) and data (Armory + wallet files)?

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
N.Z.
Sr. Member
****
Offline Offline

Activity: 437



View Profile
January 22, 2013, 09:16:51 PM
 #4

Quote
What is the point of the TC container?
1. It is cross-platfrorm
2. It hides the fact that you have armory (bitcoin) wallet
3. It works in Tails as persistent container
Quote
Also, as Wachtwoord suggested, why bother with two USB keys?  Can't you just get yourself a single, large USB key, and partition it into OS (Tails) and data (Armory + wallet files)?
Yes we can Smiley Tails is Live-CD/Live-USB distro. That means no data is saved after shutting it down, moreover Tails mount ALL disks as read-only. But data can be saved on encrypted partitions, it is achieved with Truecrypt containers OR special "Tails Persistent Volume" with Luks encyption. With first one you have to boot Tail by whatever method you choose - DVD, USB-drive, Virtualbox, etc. and have TC-container on whatever disk (even on that you booted from). The last one you can get when you install Tails on USB stick with built-in "Tails LiveUSB installer": so you will have two partitions on one USB - one for Tails installation and one encrypted persistent volume you mount when you boot from USB. You should really spent some time and try Tails Smiley
N.Z.
Sr. Member
****
Offline Offline

Activity: 437



View Profile
January 22, 2013, 10:53:00 PM
 #5

wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
January 23, 2013, 01:05:08 AM
 #6

wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.

Come on N.Z., go a little easy on the linux-n00b Smiley   I remember those days... lots of confusing command line arguments, figuring out how to re-add windows to my grub menu, the dreadful "kernel panic"... great fun!

If I get some time, I might try the Tails thing, too.  Maybe I can write up a more-specific instructions.  I think having an 'offline" setup that doesn't require separate hardware is a nice alternative.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Rampion
Legendary
*
Offline Offline

Activity: 1106


View Profile
February 19, 2013, 09:00:16 AM
 #7

wachtwoord, dude, I gave you the link to official Tails description on how to use Truecrypt, how can I unambiguify it more? Except if you are using some software called TrueScrypt, I can`t help then, lol Smiley Also I won`t teach you how to use Truecrypt itself, I`ll leave it to very good documentation and Mr. Google

I suggest you to install Tails with its built-in installer to USB and configure Persistent volume with built-in configure tool. It is easier and more "official way" than Truecrypt in Tails.

Come on N.Z., go a little easy on the linux-n00b Smiley   I remember those days... lots of confusing command line arguments, figuring out how to re-add windows to my grub menu, the dreadful "kernel panic"... great fun!

If I get some time, I might try the Tails thing, too.  Maybe I can write up a more-specific instructions.  I think having an 'offline" setup that doesn't require separate hardware is a nice alternative.

Specific instructions for Tails or UPR would be great. Or even better, a downloadable ISO including armory for a Tails / UPR livecd.

The only inconvenience in Tails is the difficulty in creating an USB with persistence that will boot on macs. I found a workaround using one CD with refit + Tails USB 1 made with Unetbootin + Tails USB 2 made with the Live USB Installer inside Tails.

The system will boot with the CD + USB 1, but the OS will run in USB 2, with persistence (don't ask me why).

If you use only refit + USB 2 Tails will not boot on a mac.

It's not the best way, but at least works.

etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
April 08, 2013, 01:47:12 AM
 #8

By the way, I retract my statement about "why use disk encryption when you use an encrypted Armory wallet"?    There's two reasons I came across, one of them I became aware of recently:

(1) If you make sure you do everything on the encrypted partition, you're protected from even carelessness, like copying stuff into another program to print and it auto-saves.  Or you use the Shamir's Secret Sharing script which writes the results to disk.  It basically picks up the slack if you're a little careless with handling private key data.
(2) This doesn't apply to TrueCrypt, but if you use something like Ubuntu alternate installer and select that you want encrypted home partition, it actually sets up encrypted swap, too.  This is super nice, since it effectively negates any defects in my own attempts to keep key data out of swap/disk.  My implementation is the same one used by the Bitcoin-Qt devs, but I'm told it's not bulletproof.  Especially if you ever accidentally hit "hibernate" on your laptop (which will write it to disk even if it's in memory-locked RAM).

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
NoL1m1tZ
Member
**
Offline Offline

Activity: 80


View Profile
April 09, 2014, 07:56:39 PM
 #9

Sorry for the Necro, but I cant seem to access the Tails encrypted persistent partition in windows. The drive doesn't seem to mount? How can I mount the partition so that I can decrypt it and use it to broadcast signed transactions from windows?
NoL1m1tZ
Member
**
Offline Offline

Activity: 80


View Profile
April 10, 2014, 08:53:14 PM
 #10

I'm not sure why you would use TrueCrypt over Linux's own dm-crypt/LUKS. Unlike the former, the latter is well-audited.

I believe this is what Tails is using to create it own secure persistent partition. The problem is that you can not access that partition on a windows based computer, hence my above question.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!