Using Bitcoin Core in Kicksecure. Fully verifying a Bitcoin wallet. Based on the original reference code by Satoshi Nakamoto.

Introduction[edit]

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Software Origin[edit]

Bitcoin Core is the client software directly descended from the original Bitcoin software client first released by Satoshi Nakamoto. Bitcoin Core consists of both "full-node" software which can fully validate the blockchain, as well as a Bitcoin wallet. ^[1] The official open source project that maintains and releases the software can be found here (.onion). The project also maintains related software such as cryptographic libraries on GitHub.

Bitcoin Wallet Recommendation[edit]

It is impossible to provide a blanket recommendation regarding which Bitcoin wallet to use. This is an individual decision that depends upon:

technical skill
personal risk assignment
financial value in Bitcoin
available time
various other factors

Other bitcoin wallets like Electrum may have better usability, but they also come with their own issues; see Electrum Warnings for example. Despite Bitcoin Core limitations it should be seriously considered for security reasons because it is the official Bitcoin client, particularly if transacting with Bitcoin accounts of significant financial value. Relative strengths include:

developed by the Bitcoin Core development team
most peer reviewed
most conservative, security-focused development
reproducible builds ^[2]
full validating node
- transactions are validated against the complete blockchain - this lowers the probability of servers 'lying' to the client (the client has a higher probability of seeing its true Bitcoin balance)
higher privacy
- all blocks are downloaded - the locally running node will not tell servers which wallet addresses belong to the node

Unfortunately, it takes a very long time to download and verify the blockchain. A large amount of disk space is also required, which may or may not be more manageable by using Bitcoin pruning mode.

Bitcoin Core Usability[edit]

Compared to Electrum, some things are more difficult in Bitcoin Core such as:

Simple backups - unfortunately Bitcoin Core does not support mnemonic phrase backup.
Wallet configuration - it is not easy to set up a split offline wallet (cold storage) and online watch only wallet.

These activities are likely possible, but are undocumented here; refer to the footnotes for possible information sources. ^[3]

Bitcoin Core Setup[edit]

Installation[edit]

Perform these steps inside Kicksecure (or Kicksecure for Qubes: App Qube).

1. Retrieve, verify and add the signing key.

Digital signatures: A tool enhancing download security. Commonly used across the internet.
Learn more: Curious? Learn more about digital software signatures.
Optional: Digital signatures are optional. If you've never used them before, there might be no need to start now.
No worries: New to digital software signatures? It's okay, no need to worry.
Not a requirement: Not mandatory for using Kicksecure, but an extra security measure for advanced users.

Securely download the signing key.

scurl-download https://bitcoin.org/laanwj-releases.asc

Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint laanwj-releases.asc

Verify the fingerprint. It should show.

Note: Key fingerprints provided on the Kicksecure website are for convenience only. The Kicksecure project does not have the authorization or the resources to function as a certificate authority, and therefore cannot verify the identity or authenticity of key fingerprints. The ultimate responsibility for verifying the authenticity of the key fingerprint and correctness of the verification instructions rests with the user.

Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964

The most important check is confirming the key fingerprint exactly matches the output above. ^[4]

Warning:

Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Add the signing key.

gpg --import laanwj-releases.asc

2. Download the signed hash sum verification file.

scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc

3. Download Bitcoin.

scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1-x86_64-linux-gnu.tar.gz

4. Verify the hash sum digital signature.

gpg --verify SHA256SUMS.asc

If the virtual machine image is correct, the output will include a statement the signature is good:

Good signature

This output might be followed by a warning as follows.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Kicksecure signing key and the web of trust. To remove this warning, the Kicksecure signing key must be personally signed with your own key.

5. De-armor the hash sum file. ^[5]

gpg --decrypt SHA256SUMS.asc > SHA256SUMS

6. Perform a hash sum check.

sha256sum --check --ignore-missing SHA256SUMS

Expected output.

bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK

7. Extract the tar file.

tar xzf bitcoin-0.21.1-x86_64-linux-gnu.tar.gz

8. Done.

Download, digital signature verification and extraction of Bitcoin Core is complete.

Add a bitcoin-qt Start Menu Entry[edit]

Perform the following steps to create a bitcoin-qt start menu entry; this procedure is optional.

1. Create folder ~/.local/share/applications.

mkdir -p ~/.local/share/applications

2. Open file ~/.local/share/applications/bitcoin.desktop in an editor as a regular, non-root user.

mousepad ~/.local/share/applications/bitcoin.desktop

3. Paste the following contents.

[Desktop Entry] Name=bitcoin-qt Comment=bitcoin-qt Exec=bash -c '~/bitcoin-*/bin/bitcoin-qt' Terminal=false Type=Application Icon=money-manager-ex StartupWMClass=bitcoin MimeType=x-scheme-handler/bitcoin; Categories=Finance;

4. Save.

5. Kicksecure-Qubes: perform platform-specific steps.

In dom0, refresh Qubes' appmenu: VM settings → Applications → Refresh Applications → Add desktop shortcut.

6. Done.

The bitcoin-qt start menu entry should now be available.

Autostart bitcoin-qt[edit]

Perform these steps to automatically start bitcoin-qt; this step is optional.

1. Apply the Add a bitcoin-qt Start Menu Entry instructions first.

2. Create folder ~/.config/autostart.

mkdir -p ~/.config/autostart

3. Create a symlink from ~/.local/share/applications/bitcoin.desktop to ~/.config/autostart/bitcoin.desktop.

ln -s ~/.local/share/applications/bitcoin.desktop ~/.config/autostart/bitcoin.desktop

4. Done.

bitcoin-qt will now automatically start the next time the VM is booted.

Start from Command Line[edit]

To start bitcoin-qt (part of Bitcoin Core) from the command line, run.

~/bitcoin-*/bin/bitcoin-qt

Creating a Watch-Only Wallet[edit]

Start bitcoin-qt.
Window → Console
Import address.

Note: replace address with the actual address to be watched.

importaddress address

Backup[edit]

TODO: research dumpwallet (see hdseed=1 and sethdseed

Donations[edit]

After installing a Bitcoin client, please consider making a donation to Kicksecure to help keep it running for many years to come.

Donate Bitcoin (BTC) to Kicksecure.

3DaJWfHyLv4RVnvMD7K2Mz2AX2r3fwiQwV

Footnotes[edit]

↑ https://bitcoincore.org/en/about/
↑ https://bitcoinbinary.org/ - a repository of Reproducible Build Proofs for Bitcoin Projects.
↑
Non-Endorsement: these links have not been audited by Kicksecure, but are worthy of further investigation:
↑ Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.

↑ To avoid the following confusing output.

sha256sum --check --ignore-missing SHA256SUMS.asc
bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK
sha256sum: WARNING: 20 lines are improperly formatted

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

FREE · PLUS · PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

[1] ttps://bitcoincore.org/en/about/

[2] https://bitcoinbinary.org/ - a repository of Reproducible Build Proofs for Bitcoin Projects.

[3] Non-Endorsement: these links have not been audited by Kicksecure, but are worthy of further investigation:
https://github.com/JWWeatherman/yeticold

https://github.com/BenWestgate/yeti.Bash

https://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions/39

[4] ttps://github.com/JWWeatherman/yeticold

[5] ttps://github.com/BenWestgate/yeti.Bash

[6] ttps://github.com/BlockchainCommons/Airgapped-Wallet-Community/discussions/39

[4] Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.

[5] To avoid the following confusing output.
sha256sum --check --ignore-missing SHA256SUMS.asc bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK sha256sum: WARNING: 20 lines are improperly formatted

[1]

[2]

[3]

[4]

[5]

Bitcoin Core

Contents