Bitcoin Core
Donate
Using Bitcoin Core in Kicksecure. Fully verifying a Bitcoin wallet. Based on the original reference code by Satoshi Nakamoto.
Introduction[edit]
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Software Origin[edit]
Bitcoin Core is the client software directly descended from the original Bitcoin software client first released by Satoshi Nakamoto. Bitcoin Core consists of both "full-node" software which can fully validate the blockchain, as well as a Bitcoin wallet. [1] The official open source project that maintains and releases the software can be found here
(.onion
). The project also maintains related software such as cryptographic libraries on GitHub.
Bitcoin Wallet Recommendation[edit]
It is impossible to provide a blanket recommendation regarding which Bitcoin wallet to use. This is an individual decision that depends upon:
- technical skill
- personal risk assignment
- financial value in Bitcoin
- available time
- various other factors
Other bitcoin wallets like Electrum may have better usability, but they also come with their own issues; see Electrum Warnings for example. Despite Bitcoin Core limitations it should be seriously considered for security reasons because it is the official Bitcoin client, particularly if transacting with Bitcoin accounts of significant financial value. Relative strengths include:
- developed by the Bitcoin Core development team
- most peer reviewed
- most conservative, security-focused development
- reproducible builds [2]
- full validating node
- transactions are validated against the complete blockchain - this lowers the probability of servers 'lying' to the client (the client has a higher probability of seeing its true Bitcoin balance)
- higher privacy
- all blocks are downloaded - the locally running node will not tell servers which wallet addresses belong to the node
Unfortunately, it takes a very long time to download and verify the blockchain. A large amount of disk space is also required, which may or may not be more manageable by using Bitcoin pruning mode.
Bitcoin Core Usability[edit]
Compared to Electrum, some things are more difficult in Bitcoin Core such as:
- Simple backups - unfortunately Bitcoin Core does not support mnemonic phrase backup.
- Wallet configuration - it is not easy to set up a split offline wallet (cold storage) and online watch only wallet.
These activities are likely possible, but are undocumented here; refer to the footnotes for possible information sources. [3]
Bitcoin Core Setup[edit]
Installation[edit]
Perform these steps inside Kicksecure (or Kicksecure for Qubes: App Qube).
1. Retrieve, verify and add the signing key.
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Securely download the signing key.
scurl-download https://bitcoin.org/laanwj-releases.asc
Display the key's fingerprint.
gpg --keyid-format long --import --import-options show-only --with-fingerprint laanwj-releases.asc
Verify the fingerprint. It should show.
Note: Key fingerprints provided on the Kicksecure website are for convenience only. The Kicksecure project does not have the authorization or the resources to function as a certificate authority, and therefore cannot verify the identity or authenticity of key fingerprints. The ultimate responsibility for verifying the authenticity of the key fingerprint and correctness of the verification instructions rests with the user.
Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
The most important check is confirming the key fingerprint exactly matches the output above. [4]
Warning:
Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.
Add the signing key.
gpg --import laanwj-releases.asc
2. Download the signed hash sum verification file.
scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc
3. Download Bitcoin.
scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1-x86_64-linux-gnu.tar.gz
4. Verify the hash sum digital signature.
gpg --verify SHA256SUMS.asc
If the virtual machine image is correct, the output will include a statement the signature is good:
Good signature
This output might be followed by a warning as follows.
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Kicksecure signing key and the web of trust. To remove this warning, the Kicksecure signing key must be personally signed with your own key.
5. De-armor the hash sum file. [5]
gpg --decrypt SHA256SUMS.asc > SHA256SUMS
6. Perform a hash sum check.
sha256sum --check --ignore-missing SHA256SUMS
Expected output.
bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK
7. Extract the tar file.
tar xzf bitcoin-0.21.1-x86_64-linux-gnu.tar.gz
8. Done.
Download, digital signature verification and extraction of Bitcoin Core is complete.
Add a bitcoin-qt Start Menu Entry[edit]
Perform the following steps to create a bitcoin-qt start menu entry; this procedure is optional.
1. Create folder ~/.local/share/applications.
mkdir -p ~/.local/share/applications
2. Open file ~/.local/share/applications/bitcoin.desktop in an editor as a regular, non-root user.
mousepad ~/.local/share/applications/bitcoin.desktop
3. Paste the following contents.
[Desktop Entry] Name=bitcoin-qt Comment=bitcoin-qt Exec=bash -c '~/bitcoin-*/bin/bitcoin-qt' Terminal=false Type=Application Icon=money-manager-ex StartupWMClass=bitcoin MimeType=x-scheme-handler/bitcoin; Categories=Finance;
4. Save.
5. Kicksecure-Qubes: perform platform-specific steps.
In dom0, refresh Qubes' appmenu: VM settings → Applications → Refresh Applications → Add desktop shortcut.
6. Done.
The bitcoin-qt start menu entry should now be available.
Autostart bitcoin-qt[edit]
Perform these steps to automatically start bitcoin-qt; this step is optional.
1. Apply the Add a bitcoin-qt Start Menu Entry instructions first.
2. Create folder ~/.config/autostart.
mkdir -p ~/.config/autostart
3. Create a symlink from ~/.local/share/applications/bitcoin.desktop to ~/.config/autostart/bitcoin.desktop.
ln -s ~/.local/share/applications/bitcoin.desktop ~/.config/autostart/bitcoin.desktop
4. Done.
bitcoin-qt will now automatically start the next time the VM is booted.
Start from Command Line[edit]
To start bitcoin-qt (part of Bitcoin Core) from the command line, run.
~/bitcoin-*/bin/bitcoin-qt
Creating a Watch-Only Wallet[edit]
- Start
bitcoin-qt. Window→Console- Import address.
Note: replace address with the actual address to be watched.
importaddress address
Backup[edit]
TODO: research dumpwallet
(see hdseed=1 and sethdseed
See Also[edit]
Donations[edit]
After installing a Bitcoin client, please consider making a donation to Kicksecure to help keep it running for many years to come.
Donate Bitcoin (BTC) to Kicksecure.
3DaJWfHyLv4RVnvMD7K2Mz2AX2r3fwiQwV
Footnotes[edit]
- ↑
https://bitcoincore.org/en/about/
- ↑
https://bitcoinbinary.org/- a repository of Reproducible Build Proofs for Bitcoin Projects. - ↑ Non-Endorsement: these links have not been audited by Kicksecure, but are worthy of further investigation:
- ↑ Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
- ↑
To avoid the following confusing output.
sha256sum --check --ignore-missing SHA256SUMS.asc bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK sha256sum: WARNING: 20 lines are improperly formatted
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!