Armory Cold Storage Questions

[ArmoryQuestions]

So I found a few guides through google/reddit, but still have a few questions after reading them that I was hoping you all could answer. The Bitcoin Armory site has directions for cold storage, but they are pretty general and don't go much into the specifics, so I am using this tutorial as my starting point:

http://falkvinge.net/2014/02/10/placing-your-crypto-wealth-in-cold-storage-installing-armory-on-ubuntu/

So I guess my first question is, is there anything blatantly wrong that you guys see with this tutorial?

2.) Why does the tutorial recommend Ubuntu LTS, is there something you guys would recommend more?

3.) Are python-qt4, python-twisted, and python-psutil still the packages needed to be installed for Armory to function? This article is about 8 months old, so are the directions for installing apt-offline and those three packages still correct?

4.) When downloading Armory on the online computer in order to install on the offline computer, I would like to verify the signature of the download. However, the computer that I currently own is a Mac, and the Armory website says that verifying the signatures is only easily performed on a Linux Machine. I was planning on purchasing a cheap computer to install Linux on and use as my cold storage. I can't imagine that I must purchase two; one to download Armory on and one to use as my cold storage. Could anyone here walk me through how to either verify the signature on a Mac or let me know of some other way to do this securely?

5.) At the bottom on Armory's tutorial, they recommend disabling autorun functionality for USB's in the case of USB virus's (highly unlikely, but if there's something that can be done to prevent it, why not). They link to instructions for Windows, and I was wondering if anyone knew how to get this done on Ubuntu.

I apologize if these questions have been answered before, but I was unable to find them. Thank you in advance for all the help and I appreciate your time!

[ArmoryQuestions]

Hello everyone,

I didn't want to annoy you all with a bunch of bump posts...

So I waited close to two weeks.

I hope this doesn't piss anyone off but I noticed this page was getting a few hundred reads and I was really hoping someone could help me out with all of this.

Thank you for your time, I know this post is technical/not at all exciting!

[Newar]

I had a quick look and one thing I miss in the tutorial is that he does not check file signature hashes, yes, do it for the Ubuntu download too.

I had 12.04 and encrypted my disk, not sure why he recommends the alternate installer.

The quickest way is to use the offline bundle provided by Armory. The offline bundle needs to match the Ubuntu release it was built for, so get that particular release that is mentioned on the download page. This will also save you the whole apt-offline part.

If you want or need (depending on your offline computer specs) any other Ubuntu flavour, I wrote a quick guide how to update an offline Lubuntu 14.04 using Synaptic: https://bitcointalk.org/index.php?topic=777625.0 This can be adapted to other flavours too.

So, it really depends on your preference. The easiest way for sure is the one described on the Armory website with getting the offline bundles from them.

I don't know about verifying signatures on a Mac, but I thought Mac has a terminal too? You could try the commands given there. As an option you could run a small Linux in a VM.

5.) Is a non-issue on Linux. A file can not be automatically run, just because it's called autorun.bat

[goatpig]

1) I didn't read the tutorial, hence idk

2) For offline signing, 12.04 or 14.04 LTS are your better choices. We have offline bundles targeted specifically at those. For the online counterpart, frankly anything can fly as long as you have the necessary hardware resources, granted OSX is the least stable of all due to its love/hate relationship with Qt4.

3) https://bitcoinarmory.com/download/building-armory-from-source/

4) I got no idea, but I suspect you can somehow find equivalent command line calls in OSX's terminal. Either that or run a Ubuntu/Debian VM on your OSX and do it from there.

5) Afaik, if none of the files in the USB have the exe bit set, they can't run, so maybe a chmod -R 600 ./* would make you feel better. Generally, if the attack medium is something as trivial as an autorun file, you'll catch it with a little scrutiny. If it's something like the Stuxnet USB rootkit, you're kebab anyways.

[ArmoryQuestions]

Newar,

Thanks for all the help!

I definitely would have forgotten to check the signature of the Ubuntu download...thanks for the reminder.

Wow, missed the offline bundle as well. Must have been because I was viewing it on my Mac and I stupidly didn't view the download options under Ubuntu.  That makes the whole process much easier without having to deal with all the apt-offline instructions.

Thanks for that other link as well, but I think I'll stick with ubuntu.

Yeah, mac does have a terminal.  Don't know why they say its not possible, I think checking the signatures would work just fine.  It has on other downloads I've done at least.

Haha true.

Once again, thanks for all the help!  Glad I've gotten this all figured out, looking forward to transferring all my coins over to cold storage.  Hoping to get it done sometime this weekend, I'll let you know how it goes!

[goatpig]

Once again, thanks for all the help!  Glad I've gotten this all figured out, looking forward to transferring all my coins over to cold storage.  Hoping to get it done sometime this weekend, I'll let you know how it goes!

Please make sure you can get Armory online first.

[ArmoryQuestions]

goatpig,

Thanks for the more info!

Rather than building from source, I think I'll just download the offline bundle onto a USB and transfer over to my dedicated offline Ubuntu computer.

[ArmoryQuestions]

Sorry my replies are so staggered, I have a time limit I must wait between posts.

Why would I be unable to get Armory online?

[goatpig]

Sorry my replies are so staggered, I have a time limit I must wait between posts.

Why would I be unable to get Armory online?

You can receive coins with offline Armory, but you can't spend unless you get Armory online. So get Armory online before you fund your wallet. Common sense. Also, you have to read the tutorials and get familiar with Bitcoin and Armory to get it online. After all, Armory requires a full node.

On the other hand, starting offline Armory is cake and any Bitcoin inept can go as far as creating a wallet and funding it. Then comes the day you want to spend these coins and you realize you don't even have an adequate machine, or have never downloaded the blockchain, and best case scenario, you have to wait a couple days to spend your coins.

So do yourself a favor and make sure you can go online first.

[Muhammed Zakir]

Sorry my replies are so staggered, I have a time limit I must wait between posts.

Why would I be unable to get Armory online?

You can receive coins with offline Armory, but you can't spend unless you get Armory online. So get Armory online before you fund your wallet. Common sense. Also, you have to read the tutorials and get familiar with Bitcoin and Armory to get it online. After all, Armory requires a full node.

On the other hand, starting offline Armory is cake and any Bitcoin inept can go as far as creating a wallet and funding it. Then comes the day you want to spend these coins and you realize you don't even have an adequate machine, or have never downloaded the blockchain, and best case scenario, you have to wait a couple days to spend your coins.

So do yourself a favor and make sure you can go online first.

I haven't used Armory, but can't we sign the transaction and push it through online services like Blockchain, Eligius and Blockr.io?

   ~~MZ~~

[Newar]

I haven't used Armory, but can't we sign the transaction and push it through online services like Blockchain, Eligius and Blockr.io?

   ~~MZ~~

Maybe you should

No, the offline system does not know about the blockchain and Armory uses its own database format for this info. The online system does not know about the private keys. So the info about input/output selection needs to go from the online to the offline system first. Only once that's signed it could pushed on those services.

[...]  Why would I be unable to get Armory online?

Another advantage getting Armory online first is that you could download the offline bundle using the secure downloader including offline verifiable signatures. Might make it a bit more convenient.

[goatpig]

I haven't used Armory, but can't we sign the transaction and push it through online services like Blockchain, Eligius and Blockr.io?

   ~~MZ~~

You can push the signed transaction through any mean you can design, the issue isn't the pushing, it's creating the raw tx to sign. How are you supposed to do that without identifying your UTXOs (which is basically what online mode does) ?