Upgrading Armory in offline machine and signing transactions on Linux

[VelhoDoRio]

Hello

I have armory installed in two linux machines.
One of them is offline since the linux OS install and setup.
I sign all transactions on the offline machine and save them on a vfat usb stick and bring them to the online machine for broadcast.
I also use a vfat usb stick to upgrade the Armory software. Making a local git repository on the vfat usb stick.

In linux vfat file system can't run executable files.
I'm taking any risk doing this?

I already tough abut using one camera on the offline machine and another on the online machine for signing tx, using QR codes. But same day I have to upgrade the armory wallet software on offline machine.

[1714976035]

1714976035

[1714976035]

1714976035

[1714976035]

1714976035

[gangtraet]

In principle, a very determined hacker might be able to subvert the flashable hardware on the USB stick.  But it would need to be somebody with almost NSA grade expertise, aiming at your specific setup.  I do something similar, and do not worry about it.  I am sure NSA has more profitable things to do than stealing our bitcoins.

EDIT: But do check the cryptographic signatures on the software you run on the offline machine.

[VelhoDoRio]

The offline machine is encrypted and I always check authenticity in the offline machine doing this:

Code:

$ git tag -v v0.96

like it says in https://github.com/goatpig/BitcoinArmory/blob/master/linuxbuild/Linux_build_notes.md

but I change the version to the correct one.

I am doing this right?

[gangtraet]

Seems right to me.  But I am not an expert in this kind of stuff.

[adaseb]

Just buy an old digital camera for like $20 off eBay and just use that camera to take photos of your unsigned transactions and only plug it into the offline computer.

When the transaction is signed just take a photo of the QR code with your phone and mail it to yourself.