Bitcoin Core

From Whonix
Jump to navigation Jump to search

120px-Bitcoin.png

Bitcoin Core Logo
Bitcoin Logo

Introduction[edit]

Ambox warning pn.svg.png Documentation for this entry is incomplete. Contributions are happily considered!

Software Origin[edit]

Bitcoin Core is the client software directly descended from the original Bitcoin software client first released by Satoshi Nakamoto. Bitcoin Core consists of both "full-node" software which can fully validate the blockchain, as well as a Bitcoin wallet. [1] The official open source project that maintains and releases the software can be found here (.onion). The project also maintains related software such as cryptographic libraries on GitHub.

Bitcoin Wallet Recommendation[edit]

It is impossible to provide a blanket recommendation regarding which Bitcoin wallet to use. This is an individual decision that depends upon:

  • technical skill
  • personal risk assignment
  • financial value in Bitcoin
  • available time
  • various other factors

Other bitcoin wallets like Electrum may have better usability, but they also come with their own issues; see Electrum Warnings for example. Despite Bitcoin Core limitations it should be seriously considered for security reasons because it is the official Bitcoin client, particularly if transacting with Bitcoin accounts of significant financial value. Relative strengths include:

  • developed by the Bitcoin Core development team
  • most peer reviewed
  • most conservative, security-focused development
  • reproducible builds [2]
  • full validating node
    • transactions are validated against the complete blockchain - this lowers the probability of servers 'lying' to the client (the client has a higher probability of seeing its true Bitcoin balance)
  • higher privacy
    • all blocks are downloaded - the locally running node will not tell servers which wallet addresses belong to the node

Unfortunately, it takes a very long time to download and verify the blockchain. A large amount of disk space is also required, which may or may not be more manageable by using Bitcoin pruning mode.

Bitcoin Core Usability[edit]

Compared to Electrum, some things are more difficult in Bitcoin Core such as:

  • Simple backups - unfortunately Bitcoin Core does not support mnemonic phrase backup.
  • Wallet configuration - it is not easy to set up a split offline wallet (cold storage) and online watch only wallet. However since Bitcoin Core v23.0 descriptor wallets are the default wallet type and makes it much easier to create an offline/air gap setup:

[OFFLINE PC]: Create a wallet and export descriptors

  1. WindowConsole

listdescriptors

[ONLINE PC]: Create a watch-only wallet and import descriptors:

  1. WindowConsole

importdescriptors

After importing descriptors, the watch-only wallet will be functional, allowing you to create receiving addresses and create unsigned transactions. Unsigned transactions are copied by default to the clipboard but can also be saved in a .PSBT file (Partially signed bitcoin transaction) which can be transferred to the offline PC in order to sign. After signing just transfer the signed .PSBT file to the online PC to broadcast the transaction.


Another way to do this activities are likely possible, but are undocumented here; refer to the footnotes for possible information sources.[3]

Bitcoin Core Setup[edit]

Installation[edit]

Perform these steps inside Whonix-Workstation ™ (Qubes-Whonix ™: anon-whonix App Qube).

1. Retrieve, verify and add the signing key.

notice Digital software signatures can increase security but this requires knowledge. Learn more about digital software signature verification.

Securely download the signing key.

scurl-download https://bitcoin.org/laanwj-releases.asc

Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint laanwj-releases.asc

Verify the fingerprint. It should show.

Key fingerprint = 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964

The most important check is confirming the key fingerprint exactly matches the output below. [4]

warning Warning:

Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Add the signing key.

gpg --import laanwj-releases.asc

2. Download the signed hash sum verification file.

scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc

3. Download Bitcoin.

scurl-download https://bitcoin.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1-x86_64-linux-gnu.tar.gz

4. Verify the hash sum digital signature.

gpg --verify SHA256SUMS.asc

If the virtual machine image is correct, the output will include a statement the signature is good:

Good signature

This output might be followed by a warning as follows.

This output might be followed by a warning as follows.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

The above gpg: WARNING can be ignored since it does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the developers signing key and the web of trust. To remove this warning, the developers signing key must be personally signed with your own key.

5. De-armor the hash sum file. [5]

gpg --decrypt SHA256SUMS.asc > SHA256SUMS

6. Perform a hash sum check.

sha256sum --check --ignore-missing SHA256SUMS

Expected output.

bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK

7. Extract the tar file.

tar xzf bitcoin-0.21.1-x86_64-linux-gnu.tar.gz

8. Done.

Download, digital signature verification and extraction of Bitcoin Core is complete.

Enable Stream Isolation[edit]

1. Optional: Disable networking for the virtual machine.

This step is optional but recommended to ensure stream isolation is always used from the first connection. This step can be omitted if:

  • A) The Whonix ™ transparent proxy feature has been disabled; [6] and/or
  • B) Proxy settings are configured using the Bitcoin Core configuration file ~/.bitcoin/bitcoin.conf before the first start. [7]

2. Start Bitcoin-Qt as documented further below.

3. Enable Stream Isolation in the client.

  • A) navigate to the client settings
  • B) locate the Network tab
  • C) enable the SOCKS proxy as follows:
    • Host: 10.152.152.10
    • Port: 9111
    • Proxy: SOCKS5

4. Re-enable networking for the virtual machine.

Add a bitcoin-qt Start Menu Entry[edit]

Perform the following steps to create a bitcoin-qt start menu entry; this procedure is optional.

Inside Whonix-Workstation ™ (Qubes-Whonix ™: anon-whonix App Qube).

1. Create folder ~/.local/share/applications.

mkdir -p ~/.local/share/applications

2. Open file ~/.local/share/applications/bitcoin.desktop in an editor as a regular, non-root user.

mousepad ~/.local/share/applications/bitcoin.desktop

3. Paste the following contents.

[Desktop Entry] Name=bitcoin-qt Comment=bitcoin-qt Exec=bash -c '~/bitcoin-*/bin/bitcoin-qt' Terminal=false Type=Application Icon=money-manager-ex StartupWMClass=bitcoin MimeType=x-scheme-handler/bitcoin; Categories=Finance;

4. Save.

5. Qubes-Whonix ™: perform platform-specific steps.

In dom0, refresh Qubes' appmenu: VM settingsApplicationsRefresh ApplicationsAdd desktop shortcut.

6. Done.

The bitcoin-qt start menu entry should now be available.

Autostart bitcoin-qt[edit]

Perform these steps to automatically start bitcoin-qt; this step is optional.

Inside Whonix-Workstation ™ (Qubes-Whonix ™: anon-whonix App Qube).

1. Apply the Add a bitcoin-qt Start Menu Entry instructions first.

2. Create folder ~/.config/autostart.

mkdir -p ~/.config/autostart

3. Create a symlink from ~/.local/share/applications/bitcoin.desktop to ~/.config/autostart/bitcoin.desktop.

ln -s ~/.local/share/applications/bitcoin.desktop ~/.config/autostart/bitcoin.desktop

4. Done.

bitcoin-qt will now automatically start the next time the VM is booted.

Start from Command Line[edit]

To start bitcoin-qt (part of Bitcoin Core) from the command line, run.

~/bitcoin-*/bin/bitcoin-qt

Creating a Watch-Only Wallet[edit]

  1. Start bitcoin-qt.
  2. WindowConsole
  3. Import address.

Note: replace address with the actual address to be watched.

importaddress address

See Also[edit]

Donations[edit]

After installing a Bitcoin client, please consider making a donation to Whonix ™ to help keep it running for many years to come.

Bitcoin accepted here Donate Bitcoin (BTC) to Whonix ™.

3LspZMk4p7ECc4Ugd6DKwSTgqyxn41KG3B

Whonix donate bitcoin.png

Footnotes[edit]

  1. https://bitcoincore.org/en/about
  2. Special warning about https://bitcoinbinary.org/ as a trusted reference: While good to have a compilation of reproducible binaries, if nobody is auditing the build procedure, then it becomes a blind spot. Bitcoin core is reproducible and extensive work was made with guix sigs. One example that is not reproducible building from source is Sparrow wallet, which is listed on the site of the first post - deterministic build, differences in modules · Issue #192 · sparrowwallet/sparrow · GitHub. Observing the video of the reproducible build, made by the same person in Github Issue #192 it is noticeable that the entire folder is not compared, only a single file. If comparing the whole folder, which has more binaries, there would be a diff from the released binaries and the built ones In short: Bitcoin Core is reproducible but linking to bitcoinbinary(dot)org, is unfortunate, as the process of submitting new software to that page is not investigated, it is just accepted. Paraphrased from forum user nyxnor's post https://forums.whonix.org/t/repository-of-reproducible-build-proofs-for-bitcoin-projects/12506/4
  3. Non-Endorsement: these links have not been audited by Whonix ™, but are worthy of further investigation:
  4. Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
  5. To avoid the following confusing output.
    sha256sum --check --ignore-missing SHA256SUMS.asc 
    bitcoin-0.21.1-x86_64-linux-gnu.tar.gz: OK
    sha256sum: WARNING: 20 lines are improperly formatted
    
  6. Because then Bitcoin Core cannot connect using transparent proxying anyhow.
  7. Perhaps as part of the ElectrumX instructions.