A Guide to Keeping Keys Offline Using Armory +rPi

Ticker

1 BTC = $6452.01 USD  (via Coinbase)
1 ETH = $295.00 USD  (via Coinbase)
1 LTC = $57.16 USD  (via Coinbase)
Quotes delayed up to 2 minutes.

Kryptous

Crypto Coins News - Ratings - Reviews

1 News - 247 News - 247 Bitcoin - 1 Search

BTC - BCH - ETH - LITE - XRP

Buy Sell Trade Crypto Here

 

Hi Redditors.

I am going to post in this thread my experiences in getting my Desktop (Debian) machine running Armory in watch-only mode, and coupling that with an offline Raspberry Pi (which holds my private keys) for signing the transactions previously made in watch-only mode.

I actually compiled Armory from source directly on my Pi. This guide is probably more for the bitcoin 'power user', as to run Armory online, and broadcast the signed transactions, you need to have a bitcoin full node running (bitcoind).

Basic requirements:

  • Online machine – running a full node (bitcoind)

  • Raspberry Pi – I used an old Pi 1 Model B with just 512Mb memory, and 2 USB slots.

  • 2x USB thumb-drives. One for wallet backups, the other for transferring unsigned tx's to the rPi, and signed tx's back to the Desktop.

Aimed-for Setup:

  • Armory 0.96.4 for the Raspberry Pi 1, Model B (512Mb RAM, 2xUSB) (compiled from github sourcecode on the Pi itself!)

  • Using the Pi as an offline complement to a Debian Desktop "watch-only" Armory install.

  • Desktop Debian Armory watch-only talks to my full node, bitcoind, which is also on the Debian desktop.

I'll post the guide in digestible sections…

Section 1

I should begin by saying I installed source code from git, and got Armory to build the DB on my desktop initially, WITHOUT creating a wallet.. (This allowed me to debug what was going on a little!)

I am using Armory 0.96.4

Desktop: Debian 9, Dual-Core, 2Gb Memory, 2Gb Swap.

Pi : Pi 1, Model B (512Mb RAM, 2x USB, Ethernet)

Go to Bitcoin.org, select Armory..

It leads to a Download from Git:

https://github.com/goatpig/BitcoinArmory/releases

Followed the procedure for Linux Debian verify code, compile, install, all straight-forward..

Began by running bitcoind, and telling Armory where to find it. This is the command I used, obviously it was all on one line and didn't include the arrows/explanations!:

python ArmoryQt.py \ --satoshi-datadir=/BlockChain/chain20180414/blocks \ # <-----(where my bitcoind blocks live) --datadir=/ArmoryDataDir/ \ # <-----(this is instead of ~/.armory) --dbdir=/ArmoryDataDir/databases # <-------(again, non std. place used for Armory's databases.. my choice.) 

So, on the Desktop, after the initial "build databases"

(NB the initial "Build Databases" took about 1.5h and my two CPUs were maxed the whole time, Temps up to 62C. Not ideal; Im not in a rush!)

I then wanted to import a watch-only wallet.

Before I did this, I took a full backup of the Armory data dir:

/ArmoryDataDir/

(or ~/.armory in a default installation).

I'd hate to have to make Armory do another full sync with the bitcoind node!

Section 2

Next step: offline wallet (with Private Keys) is on a Raspberry Pi.

I downloaded the source and managed to compile it on the pi itself! 🙂

Though there were some gymnastics needed to setup the Pi.

My Pi is running Raspbian based on Wheezy.. quite old!

I did the following on the Pi:

apt-get update apt-get upgrade (<---took about an hour!) apt-get install autotools-dev apt-get install autoconf 

Then I followed the instructions exactly as I had done for my Debian Desktop machine, EXCEPT:

I had to increase the Pi's swap space. I upped it from 100Mb to 400Mb.

The compilation took 7 hours, and my poor SD card got a thrashing.

But after compilation, I put the Swap back to 100Mb and Armory runs ok with about 150Mb of memory (no swap needed).

Swap increase on the Pi:

use your favourite editor, and open the file /etc/dphys-swapfile

add/change the following line:

CONF_SWAPSIZE=400 

Then, REBOOT the Pi:

sudo shutdown -h -P now 

Once the compilation was done on the Pi, put the swap back, rebooted and created an Armory wallet.

I added manual entropy and upped the encryption 'time' from 250ms to 2500ms – since the Pi is slow, but I'll be happy to wait for more iterations in the Key Derivation Function.

Once the wallet was created, it obviously prompts you for backup.

I want to add a private key of my own (i.e. import), so don't do the backup until this is over.

I import my Private Key, and Armory checks that this corresponds to a Public Key, which I check is correct.

This is the point now where the Pi storage medium (e.g an SD card) has to be properly destroyed if you ever get rid of it.

I had thought that now would be a good time to decide if your new wallet will generate Segwit receiving addresses, and also addresses used to receive 'change' after a transaction..

But it seems Armory WON'T let you switch to P2SH-P2WPKH unless your Armory is connected to a node offering "WITNESS" service.

Obviously, my Pi is offline and will never connect to a node, so the following will not work on the Pi:

x Use File –> Settings –> Fee and address types.

x Set the "Preferred Receive Address Type" to P2SH-P2WPKH

x Also Set the "Change Address" to P2SH-P2WPKH for left-over loose change!

NB: I thought about setting this on the Debian "watch-only" wallet, but that would surely mean doom, as the Pi would not know about those addresses and backups might not keep them.. who knows…

So, end result:- no segwit for me just yet in my offline funds.

–If anyone can offer a solution to this, I'd be very grateful–

Section 3

Ok, now this is a good point to back up your wallet on the Pi. It has your imported keys. I choose a Digital Backup – and put it on a USB key, which will never touch the internet and will be stored off-site. I also chose to encrypt it, because I'm good with passwords..

NB: The Armory paper backup will NOT back up your imported private keys, so keep those somewhere if you're not sweeping them. It would be prudent to have an Armory paper backup anyway, but remember it will likely NOT help you with that imported key.

Now for the watch-only copy of the wallet. I want to get the "watch-only" version onto my Desktop Debian machine.

On the Pi, I created (exported to a USB key) a "watching-only" copy of my wallet.

I would use the RECOMMENDED approach, export the "Entire Wallet File".

As you will see below, I initially exported only the ROOT data, which will NOT capture the watching-only part of the Private Key I entered manually above (i.e. the public Key!).

Now, back on the Debian Desktop machine…

I stopped all my crontab jobs; just give Armory uninterrupted CPU/memory/disk…

I also stopped bitcoind and made a backup prior to any watch-only wallet being imported.

I already made a backup of Armory on my Desktop, before any wallet import.

(this was needed, as I made a mistake.. see below)

So on the Debian Desktop machine, I begin by firing up bitcoind.

my command for this is:

./bitcoind -daemon -datadir=/BlockChain/chain20180414 -dbcache=400 -maxmempool=400 

Section 4

I try running Armory like this:

(I'm actually starting Armory from a script – StartArm.sh)

Inside the script StartArm.sh, it has the line:

python ArmoryQt.py --ram-usage=4 --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDir/ --dbdir=/ArmoryDataDir/databases 

I know from bitter experience that doing a scan over the blockchain for a new wallet takes a looong time and a lot of CPU, and I'd like it to play nicely; not gobble all the memory and swap and run my 2xCPUs both at 100% for four hours…

So… I aim to run with –ram-usage=X and –thread-count=X

(For me in the end, X=1 but I began with X=4)

I began with –ram-usage=4 (<— = 4x128Mb)

The result is below…

TypeError: cannot concatenate 'str' and 'int' objects 

It didn't recognise the ram-usage and carried on, crippling my Debian desktop PC.

This is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up, and it can take over 30 minutes just to exit nicely from bitcoind and ArmoryDB.

So, I ssh to the machine from another computer, and keep an eye on it with the command

"free -h" 

I'd also be able to do a "sudo reboot now" if needed from here.

Section 5

So, trying to get my –ram-usage command recognised, I tried this line (added quotes):

python ArmoryQt.py --ram-usage="4" --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDir/ --dbdir=/ArmoryDataDir/databases 

But no, same error…

Loading Armory Engine: Armory Version: 0.96.4 Armory Build: None PyBtcWallet Version: 1.35 Detected Operating system: Linux OS Variant : ('debian', '9.4', '') User home-directory : /home/ Satoshi BTC directory : /BlockChain/chain20180414 Armory home dir : /ArmoryDataDir/ ArmoryDB directory : /ArmoryDataDir/databases Armory settings file : /ArmoryDataDir/ArmorySettings.txt Armory log file : /ArmoryDataDir/armorylog.txt Do wallet checking : True (ERROR) ArmoryUtils.py:3723 - Unsupported language specified. Defaulting to English (en) (ERROR) ArmoryQt.py:1833 - Failed to start Armory database: cannot concatenate 'str' and 'int' objects Traceback (most recent call last): File "ArmoryQt.py", line 1808, in startArmoryDBIfNecessary TheSDM.spawnDB(str(ARMORY_HOME_DIR), TheBDM.armoryDBDir) File "/BitcoinArmory/SDM.py", line 387, in spawnDB pargs.append('--ram-usage=' + ARMORY_RAM_USAGE) TypeError: cannot concatenate 'str' and 'int' objects 

Section 6

So, I edit the Armory python file SDM.py:

if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=4') #COMMENTED THIS, SO I CAN HARDCODE =4 # ' + ARMORY_RAM_USAGE) 

Running it, I now have acknowledgement of the –ram-usage=4:

(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDir/" --dbdir="/ArmoryDataDir/databases" --ram-usage=4 

Also, even with ram-usage=4, it used too much memory, so I told it to quit.

It took over 30 minutes to stop semi-nicely. The last thing it reported was:

ERROR - 00:25:21: (StringSockets.cpp:351) FcgiSocket::writeAndRead FcgiError: unexpected fcgi header version 

But that didn't seem to matter or corrupt the Armory Database, so I think it's ok.

So, I get brave and change SDM.py as below, and I make sure my script has a command line for –ram-usage="ABCDE" and –thread-count="FGHIJ"; the logic being that these strings "ABCDE" will pass the IF criteria below, and my hardcoded values will be used…

if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=1') #COMMENTED THIS, SO I CAN HARDCODE =1 # ' + ARMORY_RAM_USAGE) if ARMORY_THREAD_COUNT != -1 pargs.append('--thread-count=1') #COMMENTED THIS, SO I CAN HARDCODE =1 #' + ARMORY_THREAD_COUNT) 

So, as usual, I use my script and start this with: ./StartArm.sh

(which uses command line:)

python ArmoryQt.py --ram-usage="ABCDE" --thread-count="FGHIJ" --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDir/ --dbdir=/ArmoryDataDir/databases 

(this forces it to use my hard-coded values in SDM.py…)

So, this is the command which it reports that it starts with:

(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDir/" --dbdir="/ArmoryDataDir/databases" --ram-usage=1 --thread-count=1 

Again, this is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up. So I ssh to the machine and keep an eye on it with:

"free -h" 

Section 7

So, on the Debian Desktop PC, I inserted the USB stick with the watch-only wallet I exported from the Pi.

Start Armory…

Import "Entire Wallet File" watch-only copy.

Wait 4 hours..

YAY!!!

After running Armory for about 30m, the memory usage dropped by 400m… wierd…

It took ~2 hours to get 40% completion.

After 3.5 hours it's almost there…

The memory went up to about 1.7Gb in use and 900Mb of Swap, but the machine remained fairly responsive throughout, apart from a few (10?) periods at the start, where it appeared to freeze for 10-30s at a time.

(That's where my ssh session came in handy – I could check the machine was still ok with a "free -h" command)

Now, I can:

Create an unsigned transaction on my Desktop,

Save the tx to USB stick,

Move to the Pi,

Sign the tx,

Move back to the Desktop,

Broadcast the signed tx.

Section 8

My initial Mistake:

This caused me to have to roll-back my Armory database, using the backup. so you should try to avoid doing this..

On the Pi, I exported only the ROOT data, which will NOT capture the watching-only part of the Private Key

It is RECOMMENDED to use the Digital Export of Entire Wallet File from the Pi when making a watch-only copy. If you just export just the "ROOT data", not the "Entire Wallet File", you'll have problems if you used an imported Private Key in the offline wallet, like I did.

Using the ROOT data text import, after it finished… my balance was zero. So,. I tried a Help->Rescan Balance (Restart Armory, takes 1minute to get back up and running) No Luck. Still zero balance.

So, I try Rescan Databases.. This will take longer. Nah.. no luck.

So, I tried again, thinking it might be to do with the fact that I imported the text "root data" stuff, instead of following the (Recommended) export of watching-wallet file.

So, I used my Armory backup, and wound back the ArmoryDataDir/ to the point before the install of the (zero balance) wallet. (you should not need to do this, as you will hopefully use the RECOMMENDED approach of exporting the "Entire Wallet File"!)

submitted by /u/fartinator
[link] [comments]

Kryptous

Crypto Coins News - Ratings - Reviews

1 News - 247 News - 247 Bitcoin - 1 Search

BTC - BCH - ETH - LITE - XRP

Buy Sell Trade Crypto Here

 

Ticker

1 BTC = $6452.01 USD  (via Coinbase)
1 ETH = $295.00 USD  (via Coinbase)
1 LTC = $57.16 USD  (via Coinbase)
Quotes delayed up to 2 minutes.

Leave a Reply