Using Bitcoin Core in Kicksecure. Fully verifying a Bitcoin wallet. Based on the original reference code by Satoshi Nakamoto.
Bitcoin Core is the client software directly descended from the original Bitcoin software client first released by Satoshi Nakamoto. Bitcoin Core consists of both "full-node" software which can fully validate the blockchain, as well as a Bitcoin wallet.  The official open source project that maintains and releases the software can be found here (.onion). The project also maintains related software such as cryptographic libraries on GitHub.
Bitcoin Wallet Recommendation
It is impossible to provide a blanket recommendation regarding which Bitcoin wallet to use. This is an individual decision that depends upon:
- technical skill
- personal risk assignment
- financial value in Bitcoin
- available time
- various other factors
Other bitcoin wallets like Electrum may have better usability, but they also come with their own issues; see Electrum Warnings for example. Despite Bitcoin Core limitations it should be seriously considered for security reasons because it is the official Bitcoin client, particularly if transacting with Bitcoin accounts of significant financial value. Relative strengths include:
- developed by the Bitcoin Core development team
- most peer reviewed
- most conservative, security-focused development
- reproducible builds 
- full validating node
- transactions are validated against the complete blockchain - this lowers the probability of servers 'lying' to the client (the client has a higher probability of seeing its true Bitcoin balance)
- higher privacy
- all blocks are downloaded - the locally running node will not tell servers which wallet addresses belong to the node
Unfortunately, it takes a very long time to download and verify the blockchain. A large amount of disk space is also required, which may or may not be more manageable by using Bitcoin pruning mode.
Bitcoin Core Usability
Compared to Electrum, some things are more difficult in Bitcoin Core such as:
- Simple backups - unfortunately Bitcoin Core does not support mnemonic phrase backup.
- Wallet configuration - it is not easy to set up a split offline wallet (cold storage) and online watch only wallet.
Bitcoin Core Setup
Perform these steps inside Kicksecure™ (or Kicksecure™ for Qubes: App Qube).
1. Retrieve, verify and add the signing key.
- Digital signatures: A tool enhancing download security. Commonly used across the internet.
- Learn more: Curious? Learn more about digital software signatures.
- Optional: Digital signatures are optional. If you've never used them before, there might be no need to start now.
- No worries: New to digital software signatures? It's okay, no need to worry.
- Not a requirement: Not mandatory for using Kicksecure, but an extra security measure for advanced users.
Securely download the signing key.
Display the key's fingerprint.
gpg --keyid-format long --import --import-options show-only --with-fingerprint laanwj-releases.asc
Verify the fingerprint. It should show.
Note: Key fingerprints provided on the Kicksecure website are for convenience only. The Kicksecure project does not have the authorization or the resources to function as a certificate authority, and therefore cannot verify the identity or authenticity of key fingerprints. The ultimate responsibility for verifying the authenticity of the key fingerprint and correctness of the verification instructions rests with the user.
Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
The most important check is confirming the key fingerprint exactly matches the output above. 
Add the signing key.
gpg --import laanwj-releases.asc
2. Download the signed hash sum verification file.
3. Download Bitcoin.
4. Verify the hash sum digital signature.
gpg --verify SHA256SUMS.asc
If the virtual machine image is correct, the output will include a statement the signature is good:
This output might be followed by a warning as follows.
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
This message does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the Kicksecure signing key and the web of trust. To remove this warning, the Kicksecure signing key must be personally signed with your own key.
5. De-armor the hash sum file. 
gpg --decrypt SHA256SUMS.asc > SHA256SUMS
6. Perform a hash sum check.
sha256sum --check --ignore-missing SHA256SUMS
7. Extract the tar file.
tar xzf bitcoin-0.21.1-x86_64-linux-gnu.tar.gz
Download, digital signature verification and extraction of Bitcoin Core is complete.
Add a bitcoin-qt Start Menu Entry
Perform the following steps to create a
bitcoin-qt start menu entry; this procedure is optional.
1. Create folder
mkdir -p ~/.local/share/applications
2. Open file
~/.local/share/applications/bitcoin.desktop in an editor as a regular, non-root user.
3. Paste the following contents.
[Desktop Entry] Name=bitcoin-qt Comment=bitcoin-qt Exec=bash -c '~/bitcoin-*/bin/bitcoin-qt' Terminal=false Type=Application Icon=money-manager-ex StartupWMClass=bitcoin MimeType=x-scheme-handler/bitcoin; Categories=Finance;
5. Kicksecure-Qubes: perform platform-specific steps.
dom0, refresh Qubes' appmenu:
VM settings →
Refresh Applications →
Add desktop shortcut.
bitcoin-qt start menu entry should now be available.
Perform these steps to automatically start
bitcoin-qt; this step is optional.
1. Apply the Add a bitcoin-qt Start Menu Entry instructions first.
2. Create folder
mkdir -p ~/.config/autostart
3. Create a symlink from
ln -s ~/.local/share/applications/bitcoin.desktop ~/.config/autostart/bitcoin.desktop
bitcoin-qt will now automatically start the next time the VM is booted.
Start from Command Line
bitcoin-qt (part of Bitcoin Core) from the command line, run.
Creating a Watch-Only Wallet
- Import address.
address with the actual address to be watched.
TODO: research dumpwallet
hdseed=1 and sethdseed
After installing a Bitcoin client, please consider making a donation to Kicksecure to help keep it running for many years to come.
https://bitcoinbinary.org/- a repository of Reproducible Build Proofs for Bitcoin Projects.
- Non-Endorsement: these links have not been audited by Kicksecure, but are worthy of further investigation:
- Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
To avoid the following confusing output.
sha256sum --check --ignore-missing SHA256SUMS.asc bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK sha256sum: WARNING: 20 lines are improperly formatted