Offline Bitcoin Armory on LiveUSB

Offline Bitcoin Armory on LiveUSB

 

WARNING: Allffll software component of this solution: TrueCrypt, is now obsolete and deemed NOT SECURE

Overview

Creates a self-contained offline Bitcoin Armory, on a bootable USB drive, from signed verifiable sources (ubuntu.com, bitcoinarmory.com, truecrypt.org).  Your wallet remains saved in encrypted storage.

This is intended for those seeking the benefits of an offline wallet, but without dedicating a PC to this purpose.

The setup process, while verbose, will require less overall time to setupf compared to installing a fresh OS from scratch.

It’s laid out in step-by-step format with select sections labeled Recommended, which can be skipped to shorten the setup time, and performed at a later time to improve your experience with the Offline Bitcoin Armory on LiveUSB.

Create a LiveUSB

Get a fast USB 2.0 drive

A 4 GB or greater USB stick with fast reads and good outer construction will do.

Recommended: Super Talent Pico-C USB 2.0 drive, LaCie iamakey v1 USB 2.0 drive without encryption.   Fast, compact, waterproof, metal housing.

Not recommended: USB 3.0 drives, drives with hidden partitions that auto-run proprietary software, drives with wear-leveling firmware.

Create an Ubuntu 12.04 Persistent LiveUSB

    1. Download and validate the .iso image for Ubuntu 12.04 LTS Desktop to your online PC, in either 32bit (recommended) or 64bit.  Note 64bit will only run on PC’s with multi-core processors and will not work on many netbooks powered by single-core CPU’s.

    2. Do a low-level (not “quick”) format of what will become your LiveUSB drive.  Warning: all data in the target drive will be destroyed…this is not the step to be careless.

    3. With your freshly formatted USB drive, create a persistent LiveUSB:

  1. In Windows, use these instructions.

  2. Within Ubuntu, use the “Startup Disk Creator” application pre-installed in Ubuntu.

  3. For either method, you will specify the .iso image you ddownloadedownloaded

  4. For the persistent space, select the maximum allowed.

Download Armory and TrueCrypt

Use a separate, extra USB drive to transfer information to/from your LiveUSB session:

  1. Download and verify the Bitcoin Armory package for Linux, which includes all dependencies for offline installation to Ubuntu.  Match the Ubuntu version and bitcount.

  2. Download and verify the latest stable version of TrueCrypt for Linux.  Select the Standard version for the corresponding Ubuntu version and bitcount of your LiveUSB.

  3. Save both files to the extra USB drive.

Boot to your Ubuntu LiveUSB

    1. Isolate the laptop/netbook you will use as offline Armory:

  1. Remove hardwire LAN cable

  2. If your laptop is provided with a WiFi switch, turn off WiFi.

  3. Ensure the BIOS allows the PC to boot from USB.

  4. (Recommended) Alter the BIOS boot order such that the PC will boot your LiveUSB drive whenever present.

  1. With your LiveUSB plugged in, power on your PC.  If you didn’t or couldn’t change the boot order, be prepared to hit the right key to enter the BIOS boot screen and select the option to boot from the LiveUSB drive.

  2. You’ll get a dialog screen from Ubuntu.  Select the option to “Try Ubuntu”.

  3. Ubuntu OS will boot up.

Configure your LiveUSB installation

    1. Disable network connectivity:

  1. Click on the top-right gear-shaped icon.

  2. Select “Startup Applications…”

  3. Click on [Add]

  4. On the Name field, enter “Disable Networking”

  5. On Command, enter nmcli nm enable false

  6. On Comment, enter “disables all networking”

  7. Click on [Add], then [Close]

    1. (Recommended) Remove unneeded icons from the Launchbar:

  1. Since this is meant to be a special-purpose installation, you can delete unneeded icons from the launchbar, which will make way for icons of other apps you’ll install later.

  2. Successively right-click icons for choices of LibreOffice apps and Firefox, and select “Unlock from Launcher”.  This deletes the icons, but doesn’t delete the apps.

  3. Do not delete preinstalled apps using the Ubuntu Software Center.

    1. (Recommended) Bypass the “Try Ubuntu” screen:

  1. On the Ubuntu Launchbar, select the top “Dash home” icon.

  2. Type “terminal” in the search box.

  3. Click on the “Terminal” icon.

  4. On the terminal screen, type: sudo gedit /cdrom/syslinux/syslinux.cfg

  5. A text editor window will open to edit this file.  Replace all text there with one of the following: for 32-bit install use this; for 64-bit install use this.

  6. Save the file and close the text editor.fara

  7. Close the terminal window.

    1. Copy Armory and Truecrypt to your LiveUSB:

  1. Insert the extra USB drive holding the Armory and TrueCrypt installers.

  2. The File Explorer should open automatically showing the content of the extra USB

  3. Copy the TrueCrypt and Armory installation files from the extra USB drive to the “Downloads” folder within the Ubuntu LiveUSB file system.

  4. Eject and remove the extra USB drive.

jInstall TrueCrypt and Bitcoin Armory

  1. While in the Ubuntu File Explorer, go to the “Downloads” folder and locate the TrueCrypt installation file.

  2. Right-click on the TrueCrypt installation file and select “Extract Here”

  3. Locate the Armory installation file, right-click on its file name, and select “Extract Here”

  4. Double-click on the created TrueCrypt decompressed file

  5. Select [Run From Terminal].

  6. Select [Install TrueCrypt], accept the terms, and hit [OK].

  7. Once the TrueCrypt installation is done, you’ll be prompted to press [ENTER] to exit.

  8. Double-click on the newly-created folder named armory…

  9. Double-click on the file named Install_DblClick_RunInTerminal.sh

  10. Select [Run In Terminal]

  11. When the installation is successfully finished, the window will close..

 

Create and configure an encrypted storage space for your wallet

    1. Create a TrueCrypt volume (steps are for TrueCrypt version 7.1a):

  1. On the Ubuntu Launchbar, select the top “Dash home” icon.

  2. On the search box, type “truecrypt” and click on the TrueCrypt application icon that will appear listed.

  3. Once TrueCrypt launches, right-click on its icon now on the Launchbar and click “Lock to Launcher” for future use.

  4. In TrueCrypt window, click on [Create Volume]

  5. Make sure “Create an encrypted file container” is selected and click [Next].

  6. Volume type “Standard TrueCrypt Volume” click [Next]

  7. Click [Select File…], select the “Documents” folder

  8. In the “Name” field, type safety.cab (or any other name you wish), click on [Save], click on [Next>]

  9. Take the default (or your choice of) encryption options and click [Next>]

  10. Select a volume size.  Recommend using 200MB less than the max available.

  11. Enter your TrueCrypt volume password twice.  Make it strong, and keep a safe copy of it.  Click [Next>]

  12. On format options, select “Linux ext3”.  Click [Next>]

  13. Select “I will mount the volume only on Linux” and click [Next>]

  14. Move your mouse around as instructed for as long as you have patience for, then click [Format].

  15. Wait until the volume is reported as being successfully created.  Click [OK], then [Exit]

    1. Mount your TrueCrypt volume

  1. Click on Slot 1 in TrueCrypt

  2. Click on “Select File…”, select the safety.cab file, click [Open], then select [Mount].

  3. Enter your TrueCrypt volume password.  Your encrypted volume should now show on the list with “mount directory” as /media/truecrypt1

    1. (Recommended) Configure TrueCrypt to auto-mount on boot:

  1. Right-click on the listing for Slot1 showing your volume.  Select [Add to Favorites…]

  2. Click [OK]

  3. Close TrueCrypt

  4. Click on the gear-shaped icon in top-right, select “Startup Applications…”

  5. Click [Add]

  6. On field Name, enter “Mount TrueCrypt”

  7. On Command enter: truecrypt –auto-mount=favorites –background-task

  8. On Comment, enter “mount TC favorite volume(s)”

  9. Click “Close”

Configure Bitcoin Armory

    1. Create a launch icon for Armory linked to your encrypted volume:

  1. Click the top-most icon in the Launchbar named “Dash home”

  2. Make sure the Dash search window is not running maximized, and you still have a viewable portion of the Ubuntu desktop area.

  3. In the search box, type “armory”

  4. Drag and drop the “Armory (offline)” icon from the Dash applications search results to any viewable area of your desktop.  An “Armory (Offline)” icon will be created on your desktop.

  5. Click on “x” to close “Dash” search.

  6. Right-click the “Armory (Offline)” desktop icon, click “Cut”

  7. Open the File Explorer, go to your Documents folder (or other folder you create for this purpose), right-click on the right pane, and select “Paste”.  The desktop icon will now be moved to the destination folder.

  8. Right-click the “Armory (Offline)” icon in the destination folder, and select “Properties”

  9. In the field titled Command, go to the very end of the existing text, hit spacebar, and add the following:  –datadir=/media/truecrypt1

  10. Click “Close”

  11. Drag and drop the “Armory (Offline)” desktop icon into the Launchbar.  This will create a new icon for Armory in the Launchbar.

  12. You may close your File Explorer.

    1. Create your Offline Armory wallet:

  1. Click on the “Armory (Offline)” icon in the launchbar.

  2. When Armory starts for first time, click to agree to license and click “Accept”

  3. Click on “Create Wallet”

  4. Decide on naming, encryption and backup printing of your Armory wallet.

  5. Safely store your wallet paper backup.  Save your encryption password too!

  6. Create one or more test receiving addresses.

  7. Do not transact yet, until you’ve successfully finished the following step.

    1. Create your Watch-Only Armory wallet:

  1. Plug in your extra USB drive.

  2. Click on “Wallet Properties”

  3. Select “Create Watching-Only Copy”

  4. IMPORTANT: If you did everything right, Armory will default to saving the “watchonly” version of your wallet to the /media/truecrypt1 directory.  If this is not the case STOP.  Cancel out of this screen, delete this (empty) wallet, ensure your TrueCrypt volume is properly mounted, and revisit the section above titled “Create a one-click launcher for Armory-offline” for spacing or syntax errors.

  5. On the save dialog screen, select the extra USB drive

  6. Click on “Save”

  7. Eject the extra USB drive

  8. You can now import your Watch-Only wallet from the extra USB drive to your Armory installation running in your online PC.

Test your finished LiveUSB

Test restarting your PC and booting to the LiveUSB:

  1. Depending on your BIOS settings, you many need to press a key upon startup to enter the boot device screen, and select USB as boot drive for the session.

  2. Upon startup, you should be asked for the password to your TrueCrypt volume, and validate it’s mounted in File Explorer.

  3. After your encrypted volume is mounted, use the Launchbar icon to start Armory.  Your wallet appears listed.

  4. If you plan on using your LiveUSB on multiple PC’s, test booting on all.

  5. Stretch goal: try deleting and restoring your wallet from your paper backup.

Begin using Armory:

    1. Read up on usage of Armory

    2. Try transferring small amounts using your offline/online Armories.

    3. Kiss your paranoia goodbye, now you can just be careful:

  1. With just your wallet paper backup, you can safely recreate your offline environment and survive your LiveUSB drive being lost or compromised.  Upon such event, and assuming you used strong encryption passwords, you can restore your environment and move your bitcoins to a new Armory wallet with very low risk that anyone can brute-force their way to your bitcoins.

  2. Run your LiveUSB offline Armory only on PC’s and environments you control and trust are private and secure.  Plugging your LiveUSB to an untrusted PC and/or typing your passwords where someone may be physically recording your every move are not secure practices.

  3. Keep paper backups of your wallet and encryption passwords secure.

  4. Don’t keep your LiveUSB connected while you boot to the OS in your hard drive.

  5. Don’t mount your hard drive while in your LiveUSB environment.

  6. Don’t connect to the internet while running your offline LiveUSB….ever.

 

Leave a Comment

Your email address will not be published. Required fields are marked *

/* add by OCEANUS */