Armory 0.96.5 Released – Bitcoin Armory – Python-based ...
A Guide to Keeping Keys Offline Using Armory +rPi
Hi Redditors. I am going to post in this thread my experiences in getting my Desktop (Debian) machine running Armory in watch-only mode, and coupling that with an offline Raspberry Pi (which holds my private keys) for signing the transactions previously made in watch-only mode. I actually compiled Armory from source directly on my Pi. This guide is probably more for the bitcoin 'power user', as to run Armory online, and broadcast the signed transactions, you need to have a bitcoin full node running (bitcoind). Basic requirements:
Online machine - running a full node (bitcoind)
Raspberry Pi - I used an old Pi 1 Model B with just 512Mb memory, and 2 USB slots.
2x USB thumb-drives. One for wallet backups, the other for transferring unsigned tx's to the rPi, and signed tx's back to the Desktop.
Armory 0.96.4 for the Raspberry Pi 1, Model B (512Mb RAM, 2xUSB) (compiled from github sourcecode on the Pi itself!)
Using the Pi as an offline complement to a Debian Desktop "watch-only" Armory install.
Desktop Debian Armory watch-only talks to my full node, bitcoind, which is also on the Debian desktop.
I'll post the guide in digestible sections...
I should begin by saying I installed source code from git, and got Armory to build the DB on my desktop initially, WITHOUT creating a wallet.. (This allowed me to debug what was going on a little!)
Go to Bitcoin.org, select Armory.. It leads to a Download from Git: https://github.com/goatpig/BitcoinArmory/releases Followed the procedure for Linux Debian verify code, compile, install, all straight-forward.. Began by running bitcoind, and telling Armory where to find it. This is the command I used, obviously it was all on one line and didn't include the arrows/explanations!:
python ArmoryQt.py \ --satoshi-datadir=/BlockChain/chain20180414/blocks \ # <-----(where my bitcoind blocks live) --datadir=/ArmoryDataDi \ # <-----(this is instead of ~/.armory) --dbdir=/ArmoryDataDidatabases # <-------(again, non std. place used for Armory's databases.. my choice.)
So, on the Desktop, after the initial "build databases" (NB the initial "Build Databases" took about 1.5h and my two CPUs were maxed the whole time, Temps up to 62C. Not ideal; Im not in a rush!) I then wanted to import a watch-only wallet. Before I did this, I took a full backup of the Armory data dir: /ArmoryDataDi (or ~/.armory in a default installation). I'd hate to have to make Armory do another full sync with the bitcoind node!
Next step: offline wallet (with Private Keys) is on a Raspberry Pi. I downloaded the source and managed to compile it on the pi itself! :) Though there were some gymnastics needed to setup the Pi. My Pi is running Raspbian based on Wheezy.. quite old! I did the following on the Pi:
apt-get update apt-get upgrade (<---took about an hour!) apt-get install autotools-dev apt-get install autoconf
Then I followed the instructions exactly as I had done for my Debian Desktop machine, EXCEPT: I had to increase the Pi's swap space. I upped it from 100Mb to 400Mb. The compilation took 7 hours, and my poor SD card got a thrashing. But after compilation, I put the Swap back to 100Mb and Armory runs ok with about 150Mb of memory (no swap needed). Swap increase on the Pi: use your favourite editor, and open the file /etc/dphys-swapfile add/change the following line:
Then, REBOOT the Pi:
sudo shutdown -h -P now
Once the compilation was done on the Pi, put the swap back, rebooted and created an Armory wallet. I added manual entropy and upped the encryption 'time' from 250ms to 2500ms - since the Pi is slow, but I'll be happy to wait for more iterations in the Key Derivation Function. Once the wallet was created, it obviously prompts you for backup. I want to add a private key of my own (i.e. import), so don't do the backup until this is over. I import my Private Key, and Armory checks that this corresponds to a Public Key, which I check is correct. This is the point now where the Pi storage medium (e.g an SD card) has to be properly destroyed if you ever get rid of it. I had thought that now would be a good time to decide if your new wallet will generate Segwit receiving addresses, and also addresses used to receive 'change' after a transaction.. But it seems Armory WON'T let you switch to P2SH-P2WPKH unless your Armory is connected to a node offering "WITNESS" service. Obviously, my Pi is offline and will never connect to a node, so the following will not work on the Pi:
x Use File Settings Fee and address types.
x Set the "Preferred Receive Address Type" to P2SH-P2WPKH
x Also Set the "Change Address" to P2SH-P2WPKH for left-over loose change!
NB: I thought about setting this on the Debian "watch-only" wallet, but that would surely mean doom, as the Pi would not know about those addresses and backups might not keep them.. who knows... So, end result:- no segwit for me just yet in my offline funds.
--If anyone can offer a solution to this, I'd be very grateful--
Ok, now this is a good point to back up your wallet on the Pi. It has your imported keys. I choose a Digital Backup - and put it on a USB key, which will never touch the internet and will be stored off-site. I also chose to encrypt it, because I'm good with passwords.. NB: The Armory paper backup will NOT back up your imported private keys, so keep those somewhere if you're not sweeping them. It would be prudent to have an Armory paper backup anyway, but remember it will likely NOT help you with that imported key. Now for the watch-only copy of the wallet. I want to get the "watch-only" version onto my Desktop Debian machine. On the Pi, I created (exported to a USB key) a "watching-only" copy of my wallet. I would use the RECOMMENDED approach, export the "Entire Wallet File". As you will see below, I initially exported only the ROOT data, which will NOT capture the watching-only part of the Private Key I entered manually above (i.e. the public Key!). Now, back on the Debian Desktop machine... I stopped all my crontab jobs; just give Armory uninterrupted CPU/memory/disk... I also stopped bitcoind and made a backup prior to any watch-only wallet being imported. I already made a backup of Armory on my Desktop, before any wallet import. (this was needed, as I made a mistake.. see below) So on the Debian Desktop machine, I begin by firing up bitcoind. my command for this is:
I know from bitter experience that doing a scan over the blockchain for a new wallet takes a looong time and a lot of CPU, and I'd like it to play nicely; not gobble all the memory and swap and run my 2xCPUs both at 100% for four hours... So... I aim to run with --ram-usage=X and --thread-count=X (For me in the end, X=1 but I began with X=4) I began with --ram-usage=4 (<--- = 4x128Mb) The result is below...
TypeError: cannot concatenate 'str' and 'int' objects
It didn't recognise the ram-usage and carried on, crippling my Debian desktop PC. This is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up, and it can take over 30 minutes just to exit nicely from bitcoind and ArmoryDB. So, I ssh to the machine from another computer, and keep an eye on it with the command
I'd also be able to do a "sudo reboot now" if needed from here.
So, trying to get my --ram-usage command recognised, I tried this line (added quotes):
Loading Armory Engine: Armory Version: 0.96.4 Armory Build: None PyBtcWallet Version: 1.35 Detected Operating system: Linux OS Variant : ('debian', '9.4', '') User home-directory : /home/ Satoshi BTC directory : /BlockChain/chain20180414 Armory home dir : /ArmoryDataDi ArmoryDB directory : /ArmoryDataDidatabases Armory settings file : /ArmoryDataDiArmorySettings.txt Armory log file : /ArmoryDataDiarmorylog.txt Do wallet checking : True (ERROR) ArmoryUtils.py:3723 - Unsupported language specified. Defaulting to English (en) (ERROR) ArmoryQt.py:1833 - Failed to start Armory database: cannot concatenate 'str' and 'int' objects Traceback (most recent call last): File "ArmoryQt.py", line 1808, in startArmoryDBIfNecessary TheSDM.spawnDB(str(ARMORY_HOME_DIR), TheBDM.armoryDBDir) File "/BitcoinArmory/SDM.py", line 387, in spawnDB pargs.append('--ram-usage=' + ARMORY_RAM_USAGE) TypeError: cannot concatenate 'str' and 'int' objects
So, I edit the Armory python file SDM.py:
if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=4') #COMMENTED THIS, SO I CAN HARDCODE =4 # ' + ARMORY_RAM_USAGE)
Running it, I now have acknowledgement of the --ram-usage=4:
(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDi" --dbdir="/ArmoryDataDidatabases" --ram-usage=4
Also, even with ram-usage=4, it used too much memory, so I told it to quit. It took over 30 minutes to stop semi-nicely. The last thing it reported was:
ERROR - 00:25:21: (StringSockets.cpp:351) FcgiSocket::writeAndRead FcgiError: unexpected fcgi header version
But that didn't seem to matter or corrupt the Armory Database, so I think it's ok. So, I get brave and change SDM.py as below, and I make sure my script has a command line for --ram-usage="ABCDE" and --thread-count="FGHIJ"; the logic being that these strings "ABCDE" will pass the IF criteria below, and my hardcoded values will be used...
if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=1') #COMMENTED THIS, SO I CAN HARDCODE =1 # ' + ARMORY_RAM_USAGE) if ARMORY_THREAD_COUNT != -1 pargs.append('--thread-count=1') #COMMENTED THIS, SO I CAN HARDCODE =1 #' + ARMORY_THREAD_COUNT)
So, as usual, I use my script and start this with: ./StartArm.sh (which uses command line:)
(this forces it to use my hard-coded values in SDM.py...) So, this is the command which it reports that it starts with:
(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDi" --dbdir="/ArmoryDataDidatabases" --ram-usage=1 --thread-count=1
Again, this is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up. So I ssh to the machine and keep an eye on it with:
So, on the Debian Desktop PC, I inserted the USB stick with the watch-only wallet I exported from the Pi. Start Armory... Import "Entire Wallet File" watch-only copy. Wait 4 hours.. YAY!!! After running Armory for about 30m, the memory usage dropped by 400m... wierd... It took ~2 hours to get 40% completion. After 3.5 hours it's almost there... The memory went up to about 1.7Gb in use and 900Mb of Swap, but the machine remained fairly responsive throughout, apart from a few (10?) periods at the start, where it appeared to freeze for 10-30s at a time. (That's where my ssh session came in handy - I could check the machine was still ok with a "free -h" command) Now, I can: Create an unsigned transaction on my Desktop, Save the tx to USB stick, Move to the Pi, Sign the tx, Move back to the Desktop, Broadcast the signed tx.
My initial Mistake: This caused me to have to roll-back my Armory database, using the backup. so you should try to avoid doing this.. On the Pi, I exported only the ROOT data, which will NOT capture the watching-only part of the Private Key It is RECOMMENDED to use the Digital Export of Entire Wallet File from the Pi when making a watch-only copy. If you just export just the "ROOT data", not the "Entire Wallet File", you'll have problems if you used an imported Private Key in the offline wallet, like I did. Using the ROOT data text import, after it finished... my balance was zero. So,. I tried a Help->Rescan Balance (Restart Armory, takes 1minute to get back up and running) No Luck. Still zero balance. So, I try Rescan Databases.. This will take longer. Nah.. no luck. So, I tried again, thinking it might be to do with the fact that I imported the text "root data" stuff, instead of following the (Recommended) export of watching-wallet file. So, I used my Armory backup, and wound back the ArmoryDataDi to the point before the install of the (zero balance) wallet. (you should not need to do this, as you will hopefully use the RECOMMENDED approach of exporting the "Entire Wallet File"!)
This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
Bad random number generators
Malicious or flawed software
If you want a method that is less secure but easier, skip to the bottom of this post. The Secure Method
Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
Brain Wallet tab creates a private key and address.
Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator. Trusting your copy of bitaddress.org Bitaddress publishes the sha1 hash of the bitaddress.org website at this location: https://www.bitaddress.org/pgpsignedmsg.txt The message is signed by the creator, pointbiz. I found his PGP fingerprint here: https://github.com/pointbiz/bitaddress.org/issues/18 "527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A" With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file. I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-) There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash. "But we aren't supposed to use brainwallets" You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times. How to avoid spending your life rolling dice When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family. Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed. One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1". If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is. Why not input the dice as a Base 6 private key on the Wallet Details tab? Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key. I'm a big nerd with exotic dice. How many times to roll? Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice The "Change address" problem: You should understand change addresses because some people have accidentally lost money by not understanding it. Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change. With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves. Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address. There are three ways I know of that the change problem can bite you:
You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here The hot paper wallet problem Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it. Destroying your paper wallet address Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away. Encrypting your private key BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet. Splitting your private key Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website. Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress. Durable Media Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies. In addition to keeping copies of my paper wallet addresses I did the following:
Order a set of numeric metal stamps. ($10)
Buy a square galvanized steel outlet cover from the hardware store ($1)
Buy a sledgehammer from the hardware store
Write the die rolls on the steel plate using a sharpie
Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
Use nail polish remover to erase the sharpie
Electrum If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses. Message to the downvoters I would appreciate it if you would comment, so that I can learn from your opinion. Thanks! The Easy Method This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
Download the bitaddress.org website to your hard drive.
Close your browser
Disconnect from the internet
Open the bitaddress.org website from your hard drive.
Colored coin client preview #1 (based on Bitcoin Armory)
I think it's already good enough for people to play with it. (Although certainly it's not ready for anything serious.) For people who are not familiar with concept, colored coins is a technology which allows people to represent arbitrary tokens (e.g. issue private currencies, stocks, bonds, etc.) using small quantities of bitcoins. It is interesting because it would allow us to create decentralized and secure markets. (As decentralized and secure as Bitcoin itself, at least in theory.) See here. Notes about current release:
There is a GUI for issuing new coins. So all you need is like a small sum of Bitcoins, this software, and you can issue your coins and start selling them. (It is another question why people would want to buy them... Perhaps you will offer to buy them back later at higher price, thus creating bonds.)
p2p trade and auto-trade are not implemented yet, so it is only possible to trade OTC.
It is very lightly tested so please don't use it for anything serious.
It is a patched version of Armory, so it isn't lightweight at all: It requires running bitcoind or Bitcoin-Qt version 0.7.*, then it takes about 10 minutes to launch it, and in its final form it eats 1 GB of RAM. But it is totally worth it. (Yes, we are working on lightweight clients.)
(Note: if you're already using Armory, it is a good idea to hide you ~/.armory so it won't be seen by this experimental Armory mod. Or, perhaps, just don't run this experimental mod.) Before you run it, make sure that bitcoind or Bitcoin-Qt is running and fully sync'ed. Armory takes up to 10 minutes to start (this version is slower because it additionally scans for colored transactions) and requires ~ 1 GB of RAM. At start it will offer to create a wallet, do not enable encryption, otherwise issuing colored coins won't work. Send some bitcoins to this new wallet, 0.02 BTC is probably enough to issue some colored coins and to pay for tx fees. There is a drop down to choose color. Balance is displayed for a currently chosen color (i.e. if you chose TESTcc it will show how many TESTcc units this wallet owns), and when you send coins you send coins of that color. Initially 'uncolored' is selected, it means normal BTC. This drop down also has TESTcc ("test colored coins") and "All colors" (this mode is just for debugging, you cannot send coins in this mode). Here's what you can do now:
Ask somebody to send you TESTcc. (We want to make it automatic, Satoshi Dice style, but unfortunately that code isn't quite ready.)
Find and install other color definitions.
Issue your own colored coins and send them to somebody who wants them. (LOL.)
Let's start from option #3. There is 'Hallucinate' menu. (It is called 'hallucinate' because colors do not exist on blockchain level, it is a client-side convention.) Choose 'Issue colored coins'. Likely all you need to change is name, but you can tweak satoshi-per-unit and number of units if you want. When you click Issue it will create a new transaction (using your uncolored BTC) and will create a color definition. Optionally it will also upload your color definition to color definition registry. (This registry runs on my server, it might be down.) You should note ColorID, this is how other people can refer to these coins (name is ambiguous). You can now choose this new color in drop down and it will show your balance. (E.g. 1000 units.) Now you'll perhaps want to send these coins to somebody. That person would need to install your color definition first. If you send colored coins without warning they might be lost, i.e. mixed with uncolored ones. For same reason it makes no sense to send them to wallet which isn't color aware. For example, you can post on some forum:
I've issued LOLwut coins (ColorID: 36738fe78a443656535503efb585fee140a37d54), each unit represents a bond with face value of 0.1 BTC payable by me, Trololo, via buy back. I promise to buy back all bonds in a month.
Now people who are interested in this LOLwut coin issue will copy ColorID, paste it into Hallucinate > Download color definition dialog, and if this color definition is published it will be downloaded and installed. Armory restart is required to complete installation. After installation that person will be able to see these LOLwut coins. Note that if you do not trust my registration server, you can publish color definition yourself: go to ~/.armory/colordefs, find 36738fe78a443656535503efb585fee140a37d54.colordef and upload it to your web server. Then you can give people URL like http://example.com/36738fe78a443656535503efb585fee140a37d54.colordef and they can download it by URL. Or they can just obtain this file by any means and copy it to ~/.armory/colordefs directory. It is decentralized, nobody can prevent you from issuing colored coins. I think that's all. There is also Hallucinate > Manage color definitions dialog, but I hope it's easy to figure out how it works. We are working on improved version, particularly on p2p exchange feature. I've set up an IRC channel for people to talk about trying out colored coins: #colored-coins-otc on Freenode.
I created a minimalistic application for managing scrypt hashed offline brainwallets
I was bored of seeing people getting either their bitcoin stolen or lost because of computer bug or hacking... So I created this minimalistic application It needs expert users to test it review it and confirm it works as expected http://github.com/xorq/EasyBTC so people can manage their offline brainwallets easily. I added a scrypt key stretching function for the brainwallet so bruteforcing becomes extremely difficult. My goal is to help people to protect themselves against loss and theft. I compiled the program for windows, mac and linux... I would recommend to open it with Tails (tails.boum.org). *No more problem with the change: it goes back to the sending address. Also the app always creates the transaction so only the smallest amount of transactions are redeemed. *No more wallet file lost (just remember your seed, please use a unique and unbruteforcable one, if you not sure how to create a seed, please remember it should be long and impossible for anyone to guess and as random as possible) *No more bruteforce attack: when you use scrypt, it should protect your seed against bruteforce attacks. Use it as an additional security. *No more hacking: This is a cold storage... if you follow the steps, your seed / private key will never be stored anywhere in the first place, and most importantly will never appear on an online system. The application is minimalistic : you do not need to download the whole blockchain and spend days waiting that your computer update everything like for Armory. It's open source, if you review the code, please let people know. I hope this will help people to avoid losing their coins, or feeling like they do not have the knowledge to create their offline address by themselves, and thus understand that there is no need to give trust to anyone to store them. Dan (xorq)
Sure Bitcoin is safe Grandma. This is all you have to do to really secure your money
THIS IS FUCKED. BITCOIN HAS NO FUTURE IF WE CAN'T FIND A BETTER WAY TO MAKE IT SECURE. MAIN STREET WILL RUN A MILE FROM IT. Xpost from: http://www.reddit.com/Bitcoin/comments/1d26gw/cold_storage_how_i_did_it/ With the recent events surrounding blockchain.info wallet attacks, I decided to bite the bullet and send all my coins to my cold wallet. It's a bit nerve wrecking but I managed. Here's what I did: Download offline version of Armory here (section Linux – Offline Bundle for Ubuntu 10.04) Download Brainwallet source from github for signing transactions, rather than the suggested way from armory website, since I don't want to run a full Bitcoin-qt client + armory to create an unsigned tx. More on this later Prepare a USB pendrive for linux here using the suggested Ubuntu 10.04 by Armory. Boot into Linux using that pendrive. Install the Armory software and generate a new wallet. Make sure you make appropriate backup (paper copy or just write down the seed). You can always regenerate your entire wallet via brainwallet.org copy (tab Chains). If you want, make a watch only copy of your wallet, and you can get all the public address in that wallet from your online computer via Armory offline version. Save the watch only wallet on your windows partition. Reboot into windows/mac/your main OS. Install armory and import the watch only wallet to see all of your addresses. Try to move a small fund into one of the cold-storage addresses. Wait for it to have 6 confirmations. Then we can try to spend that fund by doing the following: Get unspent output from your cold-storage address: https://blockchain.info/unspent?address= Copy the output into a text file, leave it on your windows machine. Linux copy will be able to read this file. Boot back into linux on your pendrive. Use saved brainwallet.org website to sign that transaction (use tab Transaction) by pasting the private key of the address (get from Armory, without space) and the unspent output. Sign the message. Then save the output to the same txt file. Boot back into your main OS. Paste that signed output to http://blockchain.info/pushtx and push it. You're good to go. You spent your fund in your cold storage. Now, move everything you have from your online storage there.
Bitcoin Wallets generate and store the private keys that control a user's funds. These keys are simply random numbers, chosen by the wallet from a range of numbers so vast that it is essentially impossible for there to be a collision with another wallet doing the same thing. Deterministic wallets, also known as HD wallets help to simplify backing up and restoring wallets by using a random seed number to deterministically generate all of a wallet's private keys.
Private Key Backups
Whenever a Bitcoin user receives funds, they need a new private key. This means that the set of numbers that are important to store and back up is increasing indefinitely. In the original Bitcoin wallet, this required refreshing a back-up with a new one every time a user received funds. Over time, Bitcoin grew more valuable and this burden of security grew more tiresome and costly. To address the issue Satoshi Nakamoto in October of 2010 released Bitcoin version 0.3.14 which contained a key pool feature. This feature automatically pre-generated a set of keys, to remain in abeyance for the user's next receipt of funds. This made backing up a much less frequent necessity, only being necessary after key pool exhaustion. Over the following years, many other methods of improving key backups were tried. A popular concept of a paper wallet arose: printing a private key onto paper to store in a secure location. However this concept fell out of favor as being too complicated, vulnerable to printer information leaks, and encouraging address re-use.
Type 1 Deterministic Wallets
In August of 2011 Mike Caldwell sought to simplify and streamline the process of managing a collection of private keys. He created a Windows application called Bitcoin Address Utility that used a single random pass-phrase to deterministically create private keys from a single seed: essentially choosing one random number and then feeding it into a formula that would always produce more random numbers from the starting one. This created a much easier way to backup private keys: simply secure the original random seed and restoring becomes a simple exercise of running the seed through the algorithm again.
Type 2 Deterministic Wallets
Mike Caldwell's Type 1 deterministic wallet design was based on a simple scheme that had a significant limitation: to receive funds with a Type 1 wallet required also having access to the private keys that could spend them. In situations such as merchant scripts or exchange wallets, this represented a security issue. Before Mike Caldwell published his Type 1 wallet, in June of 2011 Greg Maxwell had already outlined a theoretical improvement to the Type 1 scheme, in which the public and private key generation might be separated to improve the security of stored funds. In Greg's outlined Type 2 scheme, a script could use what is called a master public key to generate new addresses, without ever being able to spend those funds. In February of 2012, Pieter Wuille came up with a formalization and standardized version of this concept, in BIP 32. A surge of wallet development activity followed the deterministic wallet concept. Since the master seed behind the wallet may be represented as a simple series of twelve words, it was widely considered to be the superior method for Bitcoin wallet private key generation. Alan Reiner was the first to implement a Type 2 seed in Armory Wallet, and helped give feedback to the BIP 32 formalization. Since then, every major wallet has moved to support the feature.
BIP 44 Deterministic Wallets
After BIP 32, development of Type 2 deterministic wallets progressed to a state where additional features and standardization was sought to be defined. In April of 2014 Marek Palatinus, also known as Slush, and Pavol Rusnak, Slush's employee at his company SatoshiLabs, sought to advance the state of deterministic wallets by adapting advancements in their own Type 2 hardware wallet Trezor into a standard they authored in BIP 44. Features promoted by the BIP 44 standard included a mechanism for internal pass-phrase protected accounts inside of a wallet seed, a standard for using the wallet seed across multiple chains, such as for Bitcoin Testnet, and an increased standardization of gap limits and change address separation.
Deterministic Wallet Caveats
Despite the huge improvement in the state of Bitcoin technology that HD wallets represent, there are some outstanding issues and drawbacks or gotchas that may present difficulties. Deterministic wallets generally present users with a dictionary derived random pass-phrase that actually represents a master seed number in a form that is easier for humans to deal with. But this ease-of-use has sometimes tempted developers into allowing users to set their own pass-phrase, a very bad idea. Users are extremely bad at choosing a properly random pass-phrase, and this behavior can lead to loss of funds. For this reason, all well-maintained wallets have ceased the practice of encouraging users to invent their own pass-phrases. Another issue that sometimes confronts users in unexpected ways is that the seeds created by deterministic wallets should not be shared between wallets from different software projects. The reason for this is that the standard for deterministic wallets is generally not actually adopted by all wallets, or there are still areas left unspecified. Due to these small differences, seeds may superficially appear to be share-able between wallets, but in actuality leave some coins difficult to access from the non-originating wallet. To switch between deterministic wallets, the best practice recommendation is to initiate fund transfers on the Blockchain. From a security and privacy perspective, under normal circumstances a deterministic wallet is just as good as a wallet in which random keys are individually generated. However use of the public master key can prove the exception to that rule. Although it is called a public master key, for privacy reasons it should not be shared publicly, as it can link all wallet addresses together. Another important reason it should not be shared is that if a single private key derived from the private seed is leaked and the public master key is also known, all the other private keys may be derived as well. This type of theft is quite uncommon, but for these reasons it is strongly recommended that the master public key still be treated as guarded information. One practice that must differ between using an individually generated wallet and a deterministic wallet is the practice of creating addresses that are never used. HD wallets have a key implementation detail in the way that they calculate wallet balances: they go through their deterministic algorithm sequentially to determine if each private key has been used, stopping when no further activity is detected. This is a critical optimization, an HD wallet cannot scan endlessly or know automatically all of its balance information without individual queries. To provide a safety margin, HD wallets use something called a gap limit, which represents the number of keys checked that have no activity before the balance query will cease its sequential checking. This gap limit can means that creating many addresses that are never used is a bad practice and can lead to users mistakenly believing their funds have been lost, if more unused addresses are created beyond the gap limit safety margin. A powerful feature of BIP 44 HD wallets is the internal pass phrase account system. This feature addresses a common security concern amongst people who worry about keeping their seed backups secure from theft: it adds an internal password to the stored seed. The feature also powers another use-case, a scenario in which the owner is confronted with the seed and forced to give access to it. As a precautionary measure, the owner may create a red-herring pass phrase and a real pass-phrase, pretending that the red-herring phrase contains the entirety of the funds when forced to open the wallet under duress. But with this power also comes risk deriving from any situation where users choose pass phrases to remember. Human generated pass phrases should generally be considered weak: a brute-force attack can most often bypass them. And memorized pass phrases can be easily forgotten, leading to an annoying situation where funds are temporarily inaccessible, or if a truly strong pass-phrase has been chosen, permanently lost.
Working on an interface to Bitcoin-Qt's / bitcoind's API calls.
Right now, all it does that might be a bit handy is show you which addresses have how many bitcoins. GitHub Needed: python 2.7, wxPython 2.8 It is a bit rough at the moment, appearance-wise: a screenshot I made this because the bitcoin-qt wallet does not have a way (that I've seen) to easily see all addresses, including un-labelled ones. There's the debug console, but that isn't really "easy", especially if you have a lot of addresses... I also use Armory, which will show you all addresses, but it is slow to start and a huge memory hog -- and it won't use the original client's wallet. You'll need to set up the bitcoin.conf file to accept JSON-RPC commands (see this sample conf -- set server=1 and rpcuserpcpassword to whatever; this script will read them from the file) It should work on Windows, *nix, and Mac, but I've only tested it in Windows. If there's any interest, I might work on fleshing this out into a fuller interface. There's a lot of API calls that might be of use to someone. PS: if you can think of a better name than "advbtc" please suggest it; I am terrible at naming things.
See the next section for more info. If you don't have a verified copy of Armory yet, you should follow these instructions to verify the first Armory installer you download via GPG. Armory is used by some of the most heavily-invested, and most paranoid Bitcoin enthusiasts and cloud miners for maximum privacy and security. If you are in this ... NOTE. On 3 FEB 2016, Armory project transitioned from etotheipi to goatpig as the lead maintainer.Consequently, for latest news and release please see btcarmory.com or the Bitcoin Talk discussion thread. BEST BITCOIN WALLET. Armory is the most secure and full featured solution available for users and institutions to generate and store Bitcoin private keys. Copay’s simple, clean user interface makes it a good choice for new Bitcoin users.All Armory source code can be found on GitHub. Bitcoin Armory Vs Bitcoin Core Ethereum Vs Nem such as info bitcoin en direct MultiBit will armory bitcoin core allow you create and make use of a Bitcoin Wallet without downloading Blockchain information.bitcoin wallet Bitcoin.org is a community funded project, donations are appreciated and used to improve the website. Make a donation ##Armory. Created by Alan Reiner on 13 July, 2011. Armory is a full-featured Bitcoin client, offering a dozen innovative features not found in any other client software! Manage multiple wallets (deterministic and watching-only), print paper backups that work forever, import or sweep private keys, and keep your savings in a computer that never touches the internet, while still being able to ...
How to Download and Verify the Armory Bitcoin Wallet
Install Bitcoin Armory on an Offline Computer: Part 1. Install Bitcoin Armory on an Offline Computer: Part 1 ... How to configure a Shared Network Printer in Windows 7, 8, or 10 - Duration: 45:12. BSOV pool miner tutorial: https://www.youtube.com/watch?v=qjphulLfM-0 Here are the links you'll need: written tutorial: https://github.com/lwYeo/SoliditySHA3... If you're new to Ubuntu and Linux, here's a beginner's guide to installing the newest version of the Armory wallet software along with the newest version of the underlying Bitcoin Core daemon. For ... This video is unavailable. Watch Queue Queue. Watch Queue Queue Today we are going to compile the latest Bitcoin wallet for Windows Windows 10 has an Ubuntu 16.04 Terminal app in the Microsoft Store that we use to comp...