One of the few wallet offering advanced security features has made its official appearance into the official “unstable” repository of the popular Linux distribution Debian.First, let’s quote the great introduction wrote by Ethereum’s Vitalik Buterin when he reviewed the wallet two years ago: “Armory is the most advanced and secure Bitcoin client available and has been developed by Alan Reiner who is one of the world’s premier experts in Bitcoin security.If your use case requires safely storing large value in bitcoins, then Armory is the only practical choice.Armory offers a range of features even larger than either Blockchain.info or the Satoshi Bitcoin client.” Armory, whose security has been constantly increasing ever since,  is a top-ranker among the favorite storage methods for the largest Bitcoin holders – the so-called whales – because of its extensive offline wallet management capabilities.As the Bitcoin newbies are often told, nothing is safer than offline storage for your hard earned bitcoins!

Indeed, you can sign your transactions while being totally disconnected from the Internet using Armory on an offline computer, and then broadcast it to the network by connecting an USB key that contains the signed transaction’s details to an online computer running Armory.bitcoin tx pushEven a cheap netbook such as an Eeepc would be powerful enough to store your offline wallet and sign your transactions.bitcoin cleveland ohioArmory recently implemented another Bitcoin security milestone: the multi-signature system.litecoin anonymityEven though it’s simple and intuitive, the feature is definitely effective.bitcoin halal keThe idea is that for a specific purse, several authorizations from authorized spenders, previously defined by the wallet’s owner, are required in order to be accepted.bitcoin unlimited reddit

According to Armory official description: “Users can now create, fund and spend from any M-of-N combination of devices or parties without any centralized servers or third parties, where M is the number of signatures required for the Bitcoin network to allow movement of any lockbox funds and N is the number of parties or devices that will have signing authority of the Lockbox.bitcoin calc difficultyFor instance, a board of five directors of a company, may store the company funds in a 3-of-5 lockbox, thus requiring a majority of the directors to agree for any money to be moved (and money still accessible even if two keys are lost).ethereum time per blockThe M- and N-values can be chosen for each application to match your desired security and redundancy.” A Bitcointalk user submitted the idea , on January 24, 2014, to offer this valuable security directly in the Debian repositories,  which permit easy downloading and updating with apt-get install and upgrade.bitcoin kaufen günstig

The packages  in the official repositories also benefit from greater visibility and thus better support made ​​possible by additional contributions.bitcoin payout calculatorThe idea, associated with a bounty – a Bitcoin reward tied to a specific goal – was then accepted by Joseph Bisch, a Debian maintainer responsible for the quality monitoring and relevant packages submission regarding an open source operating system.Joseph Bisch said in a Bitcointalks forum post: “Armory is now in Debian Sid.If nothing goes wrong, Armory will be in testing (Jessie) around November 4, which is in time for the November 5 freeze.That means that Armory will be in Jessie when it becomes the new stable release.” Therefore, the next Debian version may include the long-awaited Armory client in its stable source list.The most impatient of our readers running Debian can use unstable source with the procedure described here.

Non Debian users, or Debian users who just want to install the deb package, can download the Armory wallet for Windows (.exe) , Mac (.dmg)  and Linux (.deb) on the official website.What do you think?Images from Armory and Shutterstock.As bitcoin continues to climb in value, its security flaws become increasingly apparent and important.The nightmare is waking up one morning to discover you were hacked and your five-, six-, or seven-figure savings are gone forever.Here’s how to install cold storage to eliminate the risk of such a hack.You’ll find no shortage of people on the Bitcoin forums saying that your private keys shouldn’t be on any computer connected to the Internet.This reveals one of the major usability flaws with bitcoin today – the impossibility of trusting your wealth to stay, well, your wealth, and how that is a major roadblock to mainstream adoption.But while the community works on that problem, the early adopters among us have the ability to make sure the keys to our bitcoin wealth can’t be hacked.

That’s a far from trivial exercise, so here’s a walkthrough on how to do that.The object of this exercise is to make a laptop that has never connected, nor will ever connect to the Internet – and have that laptop be the so-called cold storage of the keys that are used to send coins from our large wallets.We will still be able to see the wallet from our online workstation, but in order to send any money from it, we will need to do so on the offline laptop, the cold storage.To minimize risk of infection, we’ll be installing Ubuntu Linux on the laptop (nothing from Microsoft, nothing from Apple).This is easily a workday’s exercise, but this walkthrough is going to save you from a lot of the trial-and-error and googling that took most of my time.Your first step is to take an old laptop and kill its wi-fi.We want to make sure that this particular computer can never, ever, again connect to the Internet – even accidentally, particularly not accidentally.It has to be permanently offline.

We are going to move files back and forth to it using a USB stick.The laptop doesn’t need to have particularly strong specs – 512M of RAM is plenty.Mine is almost a decade old.We assume here that you trust the laptop’s hardware for reliability and for not having been infected hardware-wise.Obviously, you shouldn’t pick a laptop that has had any chance of being tampered with by an adversary.Get a USB stick.To minimize risk of infection, use a completely fresh one: break its packaging.Download Ubuntu 12.04.4 LTS to your workstation from here.Make care to use the alternate installer, which the link points to, as we’re going to use full-disk encryption on the offline laptop, so that an adversary can’t obtain your wealth even if they obtain the laptop.Open the package of a new USB stick and run Startup Disk Creator, installing the ISO to the USB stick and making it bootable.(If you’re not running Ubuntu Linux on your workstation, use whatever utility available to you to create a bootable USB stick from an ISO.)

Did you kill wi-fi on the laptop yet?Seriously, the one single purpose of this laptop is to never ever have been connected to the Internet, so take the time for peace of mind and kill that wi-fi.On laptops this age, there’s usually a physical switch.You could even glue it shut in the “wifi off” position if you don’t want to open the laptop and resolder the switch to permanently off.With that done, install Ubuntu 12.04.4 LTS from the alternate installer.It may seem unfamiliar as it’s slightly more technical than the standard installer, but the steps are very straightforward.The one key step you must make sure to do here is to choose full-disk encryption.You do that in the partitioning part of the install sequence: make sure to pick the installation option named Guided – Use entire disk and set up encrypted LVM.That option is the one reason we’re using the alternate installer in the first place.Choose a strong password, obviously.“Battery horse staple correct”.Use five or six words if you want to be super-paranoid.

Technical note: This section assumes that you’re running a version of Debian Linux, such as Ubuntu, on your online workstation.If you’re not, the utility ‘apt-offline’ is available for your workstation even if you’re running something else, like Microsoft Windows.You’ll have to find and install it yourself, though, and find the appropriate syntax, adapting what’s specified below to your operating system.Ok, so you have a freshly-installed offline laptop with 32-bit Ubuntu 12.04.4 LTS on it.The laptop can’t update its software.That’s part of the point, actually, but in this case, it causes a few problems as we need to install the software packages required for Armory.The solution is named apt-offline, which is a utility that enables an offline computer to use a secondary, online computer to fetch its packages from the Internet.From your online workstation, get this debian package and put it on the USB stick (don’t erase the boot packages also on there just yet).Move the USB stick to the laptop, open a Terminal, and run This will enable us to install packages using the USB stick as a relay to the Internet, going through the online workstation.

First, an update/upgrade sequence.On the offline laptop, with the USB stick still inserted, Move the USB stick to the online workstation, then run (Yes, we need apt-offline on the online workstation as well!They can be different distributions and architectures, that’s ok.If you’re not running a Debian Linux or an Ubuntu Linux, find the way of installing and running apt-offline that is appropriate for whatever your online workstation runs on.)We’ll be storing the downloaded files in that folder.This fetches the needed files and puts them on the stick.Expect a few fails in bright red.Return the stick to the offline laptop, and run Yup, we’re doing an upgrade sequence too while we’re at it.Move the stick to the online workstation: Armory is an advanced bitcoin wallet that allows for offline storage, so-called cold storage.It’s what we’ll be using here.But Armory won’t install on a freshly-installed offline Ubuntu 12.04 LTS. That’s a usability problem that is one of the primary reasons for the existence of this walkthrough.

Armory depends on three packages that aren’t present in the base install: python-qt4, python-twisted, and python-psutil.We’ll use apt-offline to install these, then install Armory.Still on the offline laptop: The two dashes in the command are important, they indicate the end of the package list initiated by –install-packages.Also, reflow the command above to one single line, one single command – it’s been split into two lines here simply because it’s too long to display on one.Move the stick to the online workstation, and run Also, while we’re at it, we’ll download Armory in a flavor appropriate for the offline laptop and store the .deb file on the USB stick.Move the stick back to the offline laptop.We’re going to install the dependencies and then Armory.And then, let’s finally install Armory on the offline machine.If everything went well, you will see !!!Armory successfully installed !!!in the terminal window.After this, we don’t need the terminal more.Start Armory on the offline machine.

As you hit the Start button (Windows button on most keyboards) and type “Armory”, you see three versions of Armory, and we’ll be using the offline one.Create your first wallet.Select a password for it (while the computer’s files are already protected by strong full-disk encryption, defense in depth is always good).Armory will prompt you to back up the wallet.Don’t back up your wallet at this time.The options for backing up the wallet when you create it are severely limited – we’ll be using a much better option.Close all distracting Armory dialogs and messages so that you come back to the main screen, and select your newly-created wallet.In this dialog, we’ll be doing two things: first, we’ll create a watching-only copy of the wallet, which we will move to the online workstation.Create a watching-only copy and save the file to the USB stick.Second, we’ll create a secure paper backup of a type we didn’t have access to when we had just created the wallet.Click “Backup this wallet”.

You’ll be presented with the choice of paper or digital.Choose neither; choose “Other backup options” at the bottom of the dialog.In the dialog that follows, we have the option of more advanced backup types.We’re going to create a Printable Paper Fragmented Backup.We won’t install a printer to the laptop – it’s not supposed to be connecting to anything, and we’re going to be fundamentalist about that.Instead, we’ll be printing to a PDF file we bring to the online workstation and print from there.A fragmented backup means that you print five pieces of paper, and need three of them to restore the backup, any three.Or two out of three.Or nine out of eleven.The numbers are up to you.I’d recommend requiring at least three pieces out of any number you choose and placing them in different locations – think disaster recovery; if the offline laptop is in a house fire, you’ll want to have stored enough backup pieces in different locations to recover your wallet.Without this option, the PDF contains your entire wallet unencrypted, and since the PDF file will be touching the online workstation and printer while printing it, your unencrypted wallet will be on an online computer without this option – exposing it to hacks.

We don’t want that.Check “Secure Print”, then “Print all fragments” in the leftmost box in the middle frame.(You may have to scroll down to see the button again after checking “Secure Print”.)Generate a PDF that’s to your liking.The offline Armory will present you with a Secure Print code on-screen, to be copied by hand to the individual fragment printouts.Without this code, the backups don’t work, and this is why we can safely print the PDF from the online workstation.Copy the SecurePrint code by hand to a separate piece of paper for now.Test the backup as instructed if you like, but we’re going to do that in a much more thorough fashion shortly anyway.Copy the generated PDF to the USB stick, move the USB stick to the online workstation, and print the PDF.Keep the note with the Secure Print code beside the printouts for now.Download the flavor of Armory that’s correct for your online workstation, and install it.When you first run it, you’ll get the choice of importing/restoring or creating a wallet.

We’ll start by importing our watching-only copy of the wallet that was created on the offline laptop.That’s as easy as choosing “Import” and selecting the corresponding file on the USB stick.It will install as a “Watching-only” wallet.Go into wallet properties, edit the owner, and click “This is my wallet”.That will change its security status to an “Offline” wallet.The only practical difference is whether its funds are listed as yours in the financial summary.After that, Armory – the online version – will want to install the reference bitcoin client as its back-end and synchronize with the bitcoin network.That will take quite a while, as it loads the entire blockchain.In the meantime, we are going to verify in the harshest possible way that our paper backup works: we’re going to wipe the entire laptop and reinstall from scratch, simulating that the laptop was destroyed in a house fire and that we’re restoring the backup to a new offline laptop, and then verifying that the restored wallet works to send coins.

It’s important in this context that Armory uses so-called deterministic wallets.That’s nerdspeak for a wallet backup containing all the addresses that a wallet has generated so far, along with all the addresses the wallet will ever generate.There’s no need to re-issue a backup of a particular wallet, ever, just because you have generated more addresses.All the addresses that the wallet will ever contain are embedded in the initial backup.This restore process is a confidence and security exercise.In case of disaster, you want first-hand knowledge that the backup of your many-figures-wallet works, and you want to have used the backup once before so you know how to do it.Using the USB stick, repeat the Ubuntu Linux install.Wipe the disk completely.Install again with full disk encryption and a strong “staple horse correctly to batteries” password.Install apt-offline and get the packages, then install Armory again, repeating the above steps.When you start Armory on the second fresh install, it will ask again whether you want to “Import/Restore” or “Create” a wallet.

This time, we’ll pick “Restore”, and restore a paper fragmented backup.You’ll be presented with a very technical dialog where you have the option of entering data from fragments.Type the backup data from as many fragments as needed, enter the Secure Print code, and click Restore.You’ll be asked for a new password for the wallet as it’s restored – here, do note that the paper backup is unencrypted.While this can be a comfort in itself if you forget the password, that also means that the problem shifts somewhat from protecting your online computer, to protecting a set of pieces of paper.The wallet should restore fine.Give it a more friendly name than “HckfrPlrRT (Restored)”.With the wallet restored, we’ll try sending some funds to it – and more importantly, from it.At this point, the online workstation is probably still synchronizing with the bitcoin network.You may want to take a break here and go for lunch or so.When you do, don’t lose sight and control of your paper backup fragments.

They must stay completely under your control until properly distributed – if you leave them on a desk or café table, you’re leaving your wallet unguarded on that table.When the online Armory has finished synchronizing, send the value of a beer or so to your new wallet’s first address.It should appear in the online Armory on broadcast, or if Armory wasn’t running during the broadcast, as soon as its first confirmation arrives.Wait until six confirmations have passed, so we can send the money back somewhere.When six confirmations have passed, we’re going to send the coins back (minus the small bitcoin transaction fee).Remember now, these are coins in cold storage.We’re going to test the cold storage – and not just that, we’re going to test that it works when restored from backup.The originally created wallet was simulated to be destroyed as we wiped and reinstalled the laptop.To send the coins from cold storage, click “Send Bitcoins” on the online workstation and enter a recipient address and amount.

Choose “Create Unsigned Transaction” and confirm the summary.Choose “Save as File”, and save to the USB stick.Don’t close the dialog, but leave it waiting for us to click the “Next step” button.Move the USB stick to the offline laptop.Running Armory, select “Offline Transactions” and “Sign Transaction”.Load the file with the unsigned transaction, verify its contents as displayed on-screen, and click “Sign”.Enter the wallet passphrase.The offline Armory will remove the unsigned transaction file on the USB stick and replace it with a signed transaction file.Move the USB stick back to the online workstation, and click “Next step”.Click “Load file”, and load the signed transaction from the USB stick.Transaction details will display.Click “Broadcast” to execute the signed transaction.You can verify in the blockchain that the transaction has been executed, and you know by your actions that it was signed on the offline computer, which has no connection whatsover to the Internet, nor will ever have one.

After this, your setup is complete, and you can move funds into cold storage at a pace you’re comfortable with, probably along with further testing of your new cold storage.Just one important step remains.As stated above, your backup contains all the addresses that have been generated and will ever be generated by the wallet you’ve created in Armory, thanks to its deterministic wallets.There’s no need to ever issue a renewed backup of this wallet just because you add more addresses to it.Depending on your security strategy, you’ll need to choose a way to distribute the paper backup fragments.If they’re intended for a restore by your family in case you’re incapacitated, you’ll want to copy the Secure Print code onto them.If they’re intended only for your own use, you may want to memorize the Secure Print code instead (provided you can trust your memory to recall it in the extreme stress of a disaster recovery situation).Just remember that having observed enough fragments in combination with the Secure Print code is enough to gain access to all your wealth in cold storage without further safeguards or passwords, and devise your backup strategy from there.