Armory - Discussion Thread

[justusranvier]

there gotta be a vmless solution here

Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.

[1713914568]

1713914568

[1713914568]

1713914568

[1713914568]

1713914568

[1713914568]

1713914568

[1713914568]

1713914568

[superbit]

there gotta be a vmless solution here

Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.

Any good tutorial on this?  I've played around with it but am definitely a rookie?  I do use Tails when I run armory though, is that the same idea?

[Ente]

there gotta be a vmless solution here

We're going OT here, but obviously security is the main reason we are here to begin with :-)

Some time ago I found "Qubes OS":
https://en.wikipedia.org/wiki/Qubes_OS

It's a Linux distribution where you have different security domains. In the inner works, that's several independent virtual machines, but without all the hassle for us users.







I like their concept!

Ente

[shoesman]

Did you get any flickering as i have aka constant connected/disconnected switching as one can take from the previous post one page back in my armory log and comment which hasn't been replied to as of yet.

No flickering for me with this setup.

What specific command would i have to add to my bitcoin shortcut to get this working?

I have my computer set up with two .conf files and two shortcuts because I want to be able to use bitcoin-qt with and without Armory.  This complicates my setup a little bit.  If you just want to use bitcoin-qt with Armory all you need to do to prepare bitcoin-qt for Armory is add these two lines to your bitcoin.conf file.

Code:

bind=127.0.0.1
listen=1

Is this any different than just adding the    --satoshi-port=9150    switch to my armory shortcut?

Yes, adding the "--satoshi-port=9150" switch tells Armory to communicate with bitcoin-qt through port 9150 while adding

Code:

bind=127.0.0.1
listen=1

to bitcoin.conf tells bitcoin-qt to listen on all ports but only accept communication from your computer.

Something tells me its not good to have bitcoin core accept external connections.

Code:

bind=127.0.0.1

This line prevents bitcoin-qt from accepting external connections. (external as in from outside your computer)

yep that solved the flickering issue and armory qt is now fully detected and armory uses bitcoin cores net connection ive tested this with wireshark , as soon as ive dropped tor both bitcoin core

and armory stopped dead in theyre tracks well except bitcoin core showing 1 or 2 local connections to armory shown as bitcoin network connections in the network meter of bitcoin wich really isnt a bitcoin network it just thinks armory is due to the bind=127.0.0.1 and listen=1 commands , armory will only connect over bitcoin cores

connection wich in turn only connects over tor as ive setup bitcoin cores network connection to use tors proxy , excellent, on top of that ive disabled online check and added the skip announce

flag to my shortcut to make sure armory only connects over bitcoin cores network not doing any call back home operations, if anyone got some more ideas please do add and having a setup in a standalone vm such setup has its uses for sure theres no denying that either, id say use one or the other or both depending on your needs

[Rampion]

I managed to get Tor, Armory, and Bitcoin-qt working together.  Here's my setup:

Armory has no command line arguments, the only change is I unselected "Let Armory run Bitcoin-Qt/bitcoind in the background" in settings.

Tor was left with the default settings.

For Bitcoin-qt I first ran the program and deselected "Map port using UPnP" and selected "Connect through SOCKS proxy".  (Proxy IP: 127.0.0.1, Port: 9150, SOCKS Version: 5)  I also created a shortcut with one command line argument ("-conf=Armory.conf" to use a different .conf file in the Bitcoin data directory)

Code:

#For Armory.conf
bind=127.0.0.1
listen=1

Bind = 127.0.0.1 should mean that only local processes can connect to your node.  And listen=1 should mean that it accepts external connections (external as in not from bitcoin-qt itself, not necessarily from outside your computer)

Edit: Added which command line argument I used with bitcoin-qt (-conf=Armory.conf) NOTE: This argument is not necessary to use bitcoin-qt and Tor with Armory!

Thanks for this, it seems the best solution so far.

[pitiflin]

Maybe this is off-topic but I can't seem to find any answer to my doubts.

I'm using Armory 0.90 Beta with Bitcoin-qt 0.8.6

1- I want to update to Bitcoin core 0.9.1 but I don't know how to do it, and I'm bloody terrified of losing my coins.

2 -I have a paper wallet, does this means, that in case Armory breaks down, dissapears, whatever bad may happen to Armory, will I be able to recover my coins? 2a- If not, how can I backup my coins?

As I said, I'm sorry if this is an off-topic.

[Ente]

Maybe this is off-topic but I can't seem to find any answer to my doubts.

I'm using Armory 0.90 Beta with Bitcoin-qt 0.8.6

1- I want to update to Bitcoin core 0.9.1 but I don't know how to do it, and I'm bloody terrified of losing my coins.

2 -I have a paper wallet, does this means, that in case Armory breaks down, dissapears, whatever bad may happen to Armory, will I be able to recover my coins? 2a- If not, how can I backup my coins?

As I said, I'm sorry if this is an off-topic.

Your Armory wallet is completely independent from bitcoin-core. Even if you break bitcoin-core, your coins will still be there, Armory will just be offline. As long as you have a paper-backup, you normally can even break Armory without losing coins.

So, normally you should be able to install the newer bitcoin-core version right over the old. Close both bitcoin-core and Armory before doing that, though ;-)

What's that "Armory" that could disappear?
If Alan and the other devs (aka Armory corp) disappear, you still can download and use the Armory client.
In case the Armory software disappears from the net, isn't developed any further or is outlawed, you still have your local copy.
If all fails, and you wake up after a 10 year coma, with *everything* gone, you will surely find someone who recreates your Bitcoin private keys from the seed on your paperbackup.

In any case, you would be able to access your funds, and transfer them to whatever place, service, person, client you like.

Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well. You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address).

You do ask the right questions! Good! :-)

Ente

[pitiflin]

"Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well."

How can I do that?

"You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address)."

I don't follow you here. I thought that by making a paperbackup, I was already doing all the best for protecting my coins. Could you explain me a little more this private key thing? (I appreciate your time)

[etotheipi]

"Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well."

How can I do that?

"You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address)."

I don't follow you here. I thought that by making a paperbackup, I was already doing all the best for protecting my coins. Could you explain me a little more this private key thing? (I appreciate your time)

I actually don't agree with Ente on those statements.  Print a paper backup of your wallet, and you are protected forever.  Armory is being used on $10M+ worth of BTC.  If Bitcoin has any value, there will always be a copy of Armory floating around that can be used to recover your coins.  Or someone will create something that can produce the private keys from the paper backup.  It's not a terribly complex algorithm.

If you have to worry about change addresses, etc, you are taking unnecessary risks.  Part of the reason I made Armory was to help people avoid dealing with those low level details

[CircusPeanut]

"Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well."

How can I do that?

"You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address)."

I don't follow you here. I thought that by making a paperbackup, I was already doing all the best for protecting my coins. Could you explain me a little more this private key thing? (I appreciate your time)

Your Armory wallet has a "root" private key. All of the private keys in your Armory wallet are generated from that root key in a way that can be repeated at any point now or in the future with or without Armory as long as a copy of the source exists somewhere on the internet.

If for some reason you think that won't be the case in the future, you can lock all of your savings up in one of your Armory Wallet's private keys (One of the private keys that was generated from root private key mentioned above.) You then write that private key down, and keep that in a safe place. That private key can be used to recover your savings even if a time machine was invented and someone goes back in time and un-invent's Bitcoin Armory and deterministic wallets.

[pitiflin]

"Since you are not in a coma, you can do yourself and your family a favor, and print out the private key of your long-term savings as well."

How can I do that?

"You then have to be *very* careful to always reuse it, when transferring some coins from there (normally, the change goes to another address)."

I don't follow you here. I thought that by making a paperbackup, I was already doing all the best for protecting my coins. Could you explain me a little more this private key thing? (I appreciate your time)

I actually don't agree with Ente on those statements.  Print a paper backup of your wallet, and you are protected forever.  Armory is being used on $10M+ worth of BTC.  If Bitcoin has any value, there will always be a copy of Armory floating around that can be used to recover your coins.  Or someone will create something that can produce the private keys from the paper backup.  It's not a terribly complex algorithm.

If you have to worry about change addresses, etc, you are taking unnecessary risks.  Part of the reason I made Armory was to help people avoid dealing with those low level details

Thanks a lot man! I feel much safer now;)

[Ente]

I have to agree, and will now say the opposite of what I said before:
Forget that "private key" stuff, and stick to your paper wallet, as you were already doing. This is more than 99% sure.
With my previous suggestion, you add more uncertainity than you are removing.

To all of you: Be very careful with "individual private keys" and brainwallets. This probably is among the top 5 reasons people lose all their bitcoins.

Ente

[goatpig]

I have to agree, and will now say the opposite of what I said before:
Forget that "private key" stuff, and stick to your paper wallet, as you were already doing. This is more than 99% sure.
With my previous suggestion, you add more uncertainity than you are removing.

To all of you: Be very careful with "individual private keys" and brainwallets. This probably is among the top 5 reasons people lose all their bitcoins.

Ente

Well yes and no. Low hanging fruit right now are people using an online wallet with 2FA, shoving all their coins in there and backing up the plain private keys in the hotmail account they used for their MMO subscription 10 years ago...

[RoadStress]

-maxconnections=8
-addnode=127.0.0.1

That worked! Thank you.

If you are using Tor, I believe you should avoid -addnode=127.0.0.1.  I believe that Tor connections all appear to be from localhost, so if you are attempting to only allow actual-localhost connections, you won't get what you think you're getting.

(again, I don't know much about Tor -- just relaying a warning I was given a while ago)

I am not, but thank you. I noticed a strange behavior with those 2 line arguments. The transaction history seems to noticeable lag and i stop receiving notifications on transfers.

Ok i am back. So i when using Bitcoin Core with the following arguments: "-datadir", "-maxconnections=8", "-addnode=127.0.0.1" and Armory always with "--datadir=" and "--satoshi-datadir" i get no notifications about transactions. I can't tell for sure if there is a bigger lag than usual. Removing "-maxconnections=8" and "-addnode=127.0.0.1" from Bitcoin Core and keeping everything else bring me back the notifications.

It's not such a big deal, but just wanted to report it.

[Ente]

Is there any way to sweep a private key without typing in on a connected computer ?

Something like :
- enter the bitcoin address on the connected computer in a watch only wallet
- scan the blockchain for all funds on this address
- create a raw transaction to move them to the armory wallet
- move the transaction to the offline computer
- enter the private key there, sign the transaction
- broadcast the transaction back from the online computer ?

That would be a very handy feature!
Sweeping brainwallets, coins, paperwallets and all.

Ente

[etotheipi]

Is there any way to sweep a private key without typing in on a connected computer ?

Something like :
- enter the bitcoin address on the connected computer in a watch only wallet
- scan the blockchain for all funds on this address
- create a raw transaction to move them to the armory wallet
- move the transaction to the offline computer
- enter the private key there, sign the transaction
- broadcast the transaction back from the online computer ?

That would be a very handy feature!
Sweeping brainwallets, coins, paperwallets and all.

Ente

Had a lot of requests for this.  Right now the only way to do it is to create a new wallet on the offline computer, import the keys, export the new watch-only wallet to the online computer, then perform an offline transaction to move all the coins.  It's four steps... If you have the public key already it could theoretically be three steps, but Armory doesn't allow importing of public keys into WO wallets. 

[etotheipi]

Anyone with a RaspberryPi try this out!  I finally got my RPi up and working and was able to extract the dependency tree into an offline bundle.  It seemed to work on mine, someone else please try it with a fresh raspbian install and let me know:

https://s3.amazonaws.com/bitcoinarmory-testing/armory_0.91.1-rc1_raspbian.tar.gz
https://s3.amazonaws.com/bitcoinarmory-testing/armory_raspbian_deps.tar.gz

If that works, then I'll finally be able to start packing RPi offline bundles with every release.

I'd like to do the same for Tails, but the latest Tails actually uses python2.6, for which we have temporarily broken support   Until we fix that, I'm going to have to pass on Tails support ...

P.S. -- Holy hell the RPi is slow as dirt! 

[TierNolan]

I compiled the latest build yesterday, though it would have been with an old OS.

I had to make a tiny tweak in one of the makefiles to get cryptopp to work.

This line needs to be moved up to line 15 (after ISX86 = ...).

I guess the latest version of raspbian works without needing mods?

[etotheipi]

I compiled the latest build yesterday, though it would have been with an old OS.

I had to make a tiny tweak in one of the makefiles to get cryptopp to work.

This line needs to be moved up to line 15 (after ISX86 = ...).

I guess the latest version of raspbian works without needing mods?

I have been cross-compiling it for Pi on one of my Ubuntu VMs.  I downloaded crosstool-ng and built the armhf g++ from scratch, then used that to compile _CppBlockUtils.so.  I had to make one small modification to the Armory Makefile to make sure it's linking against the armhf python, but it didn't need any further modification (and that can be easily removed as well).    Once it's all setup, it actually compiles no differently than regular building.   I didn't need to mess with the crypto++ libraries or makefiles at all.

It worked on my freshboot RPi with those dependencies, but I was also online so I wonder if it really got everything or if it silently installed some stuff in the background.  That's why I wanted someone else to try it.

[TierNolan]

I have been cross-compiling it for Pi on one of my Ubuntu VMs. 

I compiled it using the pi itself.  That is very slow , but less hassle than cross compiling.