Hi all.
This is a reply to a post by N.Z. that etotheipi pointed me to after I asked for how to use Armory securely with one physical machine connected to the internet. He pointed me to the following post:
Hi all
Just tested the best way of using offline part of Amory I can think of.
1. Download
Tails. This is Debian LiveCD/LiveUSB system. Why Tails? Because it is well-known system designed with max security in mind (to leave system and disks untouched in particular), has a lot of users and testers and supported by Tor project. These ones are enough for me to trust it.
2. Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen.
3. Go to online computer and download needed packages from Debian repositories or from
here, we need these:
python-twisted-conch_10.1.0-1_all.deb
python-twisted-runner_10.1.0-2_i386.deb
python-twisted-core_10.1.0-3_all.deb
python-twisted-web_10.1.0-1_all.deb
python-crypto_2.1.0-2+squeeze1_i386.deb
python-twisted-lore_10.1.0-1_all.deb
python-twisted-words_10.1.0-1_all.deb
python-openssl_0.10-1_i386.deb
python-twisted-mail_10.1.0-1_all.deb
python-twisted_10.1.0-3_all.deb
python-pyasn1_0.0.11a-1_all.deb
python-twisted-names_10.1.0-1_all.deb
python-twisted-bin_10.1.0-3_i386.deb
python-twisted-news_10.1.0-1_all.deb
Don`t forget to check hashes and signatures!
Also download latest Armory .deb file from
Armory website.
4. Make Truecrypt container in USB drive, put all debs to folder, say, 'armory' in this tc-container.
5. Plug in USB drive to computer booted with Tails as said above. Mount tc-container, run
dpkg -i /media/truecrypt1/armory/*.deb
6. We got an secure offline environment: if it is unencrypted, it disappears when you shutdown computer. Total geek
Did I miss something? Maybe we should ask etotheipi to include offline bundle for Tails as it is already made for Ubuntu?
It turns out this description is too limited for the amount of knowledge I have on the matter to follow so I'll post the quests I have to get this working here
1. I installed Tails on a USB drive and booted into the OS. (Done and I am posting this booted in Tails)
2. So here comes the first issue: What does "Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen." mean? When I boot from my USB drive it doesn't give me this option it only asks me to specify an admin password. Also what is the use of doing this? I know TrueCrypt, but have no idea what booting something Truescrypt could even mean. I mean the USB is not encrypted, it is a normal Tails boot USB drive.
3. I haven't tried but I cannot imagine this will cause difficulties
4. What USB drive do you mean here? The USB drive Tails is installed on or a second separate USB drive? What is the use of this USB drive? How do I turn it into a 'tc' (Truecrypt I presume) container? What does that mean?
5. Is this the same USB drive from 5?
So I can search around but there are just way too many unknowns for me to even get started. Am I even right about the general idea?
Is the idea that you boot into Tails with USB drive one (unencrypted) and use a second USB drive to store:
1) Armory
2) Wallet file
3) Armory dependencies
Encrypted with TrueCrypt and every time you need the cold storage wallet you:
1) Boot from USB 1 to Tails
2) Unencrypt (mount?) USB 2 (with dpkg -i /media/truecrypt1/armory/*.deb ?)
3) Start Armory
Q: if this is the case is only USB 2 essential? (the place that stores the wallet and the volume you need to backup)
Q: Why use 2 USB drives (if this is even the intention)?
Could you get me started please, thank you
