Friday, October 14, 2016

Using Electrum on an air-gapped machine


Securely storing bitcoin is hard. Most people trust a third party, like Coinbase, to keep their bitcoin safe. But these third parties are big targets for hackers and indeed many have been hacked and lost their clients' funds. People who are truly security conscious keep their own wallet on an air-gapped machine that never connects to a network.

I like using Electrum for my wallet software but I've had trouble figuring out how to use it on an air-gapped machine for two reasons. First, the Ubuntu installation instructions for Electrum use apt-get and python setup tools, both of which require a network connection to download dependencies. This is a no-go if you want to have an air-gapped machine which has never touched the network.

Secondly, Electrum translates data into a custom base 43 format before encoding it in QR codes. QR codes are a secure way of transferring data such as signed transactions off of an air-gapped machine. But I ran into a problem that other software doesn't recognize bitcoin data in base 43 strings and there weren't online tools for translating from base 43 to a more common format.

Let's tackle the second problem first. I wrote a little web tool that will convert Electrum QR data into a format that bitcoin understands. It's at http://electrum43.org/.

So let's say you transfer a transaction off of an air-gapped machine using an Electrum QR code and you get data that looks like this:

71OUKK$VH33.J1Y/K8Q8T3-F8X59N/YIO*LXY.7320F/5.KN$EG47LC*I1VP$S7FS2+.KAJR5:8$-MDQTMHA54/QT3R$JVX/WRDLONP/*TJLGIHRB.KNSGZWVUW9TOSOE6G1::..-NLQNJD-R1GNJ.HA7A1M.6CS:-60X9LR9XHHB6B1KLTX4T/EZN3$ZWW+J10-Z9QU-N9HHU$EV865ED$3JD$ZUJ6IA2Z:.WXKXTCK2:BMZFW3F+QI.GS54BN3*Q1T*3C1ESF0QA:ZOX1RLG/I/I1GPL:FPLRKAKH:KO4*U0YAK16-CGI-Z7A3EQAJ8Q484VA05FE7JO$-U.HBFWNFSFD8EGPJR*QV3YJD5SHA3BLWM+FR0*FS7M89S115/PU7:6-XW:EPL4/+7N2RFM/**Z6J*/--97OD2QWSLUE7G5F42ATP0SAV52U1GV+WZAJX$T0R:49QIDYJUKOXWX.$UUTR5596EOVK88E$ALJ-/MEML4883J5572D1-LRSXTRYL:X39U8QQ0XII09I5M3:13$U+B7V3S1+YUQM3:G+A/IH9+$.CHEOGE-3NX:OZ+H1D*N3IFC9+/ZT*S/O45QLRC
If you paste that into http://electrum43.org/, it will translate the data into a hex string that bitcoin understands. You can then decode that data into a human-readable json object here or broadcast it to the bitcoin network here

So that's one problem taken care of. What about installing electrum onto an offline Ubuntu machine? Electrum installation requires two Debian packages (python-qt4 and python-pip) and a host of python dependencies that are usually handled by network-enabled package managers. After much digging, I've found a way to do that and I wrote a guide here

I hope this helps you keep your bitcoin secure with Electrum. Stay safe and have fun with bitcoin!

3 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Hi. Great guide.

    I have a 32 bits laptop, yeah very old. how do i download the python debs for 32 bits?. I use my normal pc with a VM ubuntu (64bits) for the download.

    Thanks for the help. Salute

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete