Actions

How-to: Use Electrum Bitcoin Wallet in Whonix ™

From Whonix

< Electrum



Introduction[edit]

Electrum [archive] is a popular Bitcoin wallet. According to the Electrum FAQ [archive]:

How does Electrum work?

Electrum’s focus is speed, with low resource usage and simplifying Bitcoin. Startup times are instant because it operates in conjunction with high-performance servers that handle the most complicated parts of the Bitcoin system.

Does Electrum trust servers?

Not really; the Electrum client never sends private keys to the servers. In addition, it verifies the information reported by servers, using a technique called Simple Payment Verification [archive].

The non-official thin client Electrum appears to be well-designed. It does not need to download/verify the blockchain and users store their private keys locally, which eliminates the need to trust third-party severs. This is an advantage over some other Bitcoin wallets which are affected by this: if the third-party server were ever compromised, all of the users' bitcoins could be stolen. There is also the possibility that the third-party could lose a user's private keys or walk away with them.

Install Electrum[edit]

Functional Version[edit]

Notices[edit]

Info Note: To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers. [1] [2] This step was necessary to prevent user exposure to phishing messages. [3] If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.

Ambox warning pn.svg.png Note: At the time of writing (July 20, 2019) the Electrum website (https://electrum.org [archive]) was the target of a large DDoS attack [archive]. To follow developments, refer to this Whonix forum thread [archive].

This prevents users from downloading the Electrum AppImage using file downloaders like scurl [archive] and wget [archive]. If you are affected by this issue, the downloaded AppImage and signature will show the corresponding file to be composed of an HTML document and ASCII text. This means there are limited options for securely downloading a functional Electrum version right now.


For greater convenience and security, the Electrum AppImage will soon be installed in Whonix ™ by default [archive] as part of the binaries-freedom package. [4]

Installation Source[edit]

While it is usually strongly recommended [5] [6] to install software from the Debian repositories, the latest available package [archive] is too old and will not connect to public servers. This means Debian's official package manager (APT) cannot be used to install a working Electrum version.

The best option at present is to install Electrum from the official website, although it is currently being attacked (see the notices section). The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation, particularly if the server infrastructure is under assault.

Installation Steps[edit]

Note: The following instructions should be applied in Whonix-Workstation ™ (Qubes-Whonix ™: anon-whonix).

1. Open a terminal.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation ™ AppVM (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with XFCE, run.

Start MenuXfce Terminal

2. Import the gpg public key of Electrum developer Thomas Voegtlin. [7]

Securely download the key.

scurl-download https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc

Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint ThomasV.asc

Verify the fingerprint. Should show.

In early-2019, the output is identical to the following image.

Figure: Fingerprint Verification

Electrum verify gpg fingerprint.png

pub rsa4096/2BD5824B7F9470E6 2011-06-15 [SC]
Key fingerprint = 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
uid Thomas Voegtlin (https://electrum.org [archive]) <thomasv@electrum.org>
uid ThomasV <thomasv1@gmx.de>
uid Thomas Voegtlin <thomasv1@gmx.de>
sub rsa4096/1A25C4602021CD84 2011-06-15 [E]

Ambox warning pn.svg.png Warning:

Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Add the signing key.

gpg --import ThomasV.asc

3. Download the Electrum AppImage.

Note: At the time of writing, electrum-3.3.8 was the latest stable release. Before starting the Electrum download, browse to electrum.org/#download [archive] to verify the correct file path. Then download the file with scurl. [8]

scurl-download https://download.electrum.org/3.3.8/electrum-3.3.8-x86_64.AppImage

5. Check the Electrum AppImage is not corrupted after download. [9]

To check the Electrum AppImage, run.

file electrum-3.*x86_64.AppImage

The following output indicates a corrupted and/or non-existent AppImage file.

electrum-3.3.8-x86_64.AppImage: HTML document, ASCII text, with very long lines

In that case, delete the file and try downloading the AppImage again.

6. Download the corresponding gpg signature.

It is necessary to verify the integrity of the AppImage with the correct signature.

Note: If users downloaded a later Electrum version at step 4, then modify the following command to match the corresponding signature file. [10]

scurl-download https://download.electrum.org/3.3.8/electrum-3.3.8-x86_64.AppImage.asc

7. Verify the integrity of the AppImage image.

Note: This command must be run in the same directory as the downloaded AppImage and signature.

gpg --verify electrum-3.3.8-x86_64.AppImage.asc

If the image is verified successfully, the output will show a "Good signature" similar to the screenshot below.

Figure: Good Signature [11]

Electrum gpg good signature.png

The above "gpg: WARNING" can be ignored since it does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the developers signing key and the web of trust. To remove this warning, the developers signing key must be personally signed with your own key.

If the following "gpg: BAD signature" message appears, the Appimage has been corrupted or altered during the download process.

Figure: Bad Signature

Electrum bad gpg signature.png

In this event, delete both the AppImage and signature and either wait 10-15 minutes for the Tor circuits to change, or open up the Nyx Tor Controller in Whonix-Gateway ™ (Qubes-Whonix ™: sys-whonix) and type "n" to create new Tor circuits. Wait for a random period of time before repeating the steps to download the AppImage and signature.

8. Change file permissions.

Make the electrum AppImage executable.

chmod +x electrum-3.3.8-x86_64.AppImage

Start Electrum[edit]

Info Users should create a wallet with a strong password!

Please refer to the official Documentation at docs.electrum.org [archive] for comprehensive instructions, as well as more advanced topics like Cold Storage [archive] of private keys.

To start Electrum on all platforms, run.

./electrum-3.3.8-x86_64.AppImage

Qubes-Whonix ™ users are recommended to configure a Split Bitcoin Wallet [archive] to better protect their private keys. To protect against identity correlation through Tor circuit sharing, follow the instructions below (see Stream Isolation for more information).

Electrum: First Run[edit]

Info These steps enable Stream Isolation for the Electrum application.

1. Configure a manual server connection.

When Electrum is started for the first time, users are met with the prompt: "How do you want to connect to a server?".

Choose Select server manually and press Next.

Figure: Server Setting

Electrum select server manually.png

2. Change the proxy settings.

The necessary settings are:

  • Proxy: SOCKS5
  • Host: 10.152.152.10
  • Port: 9111

Press Next and the application should be fully functional.

Figure: SOCKS5 Proxy Configuration

Electrum use proxy socks5 .png

Note: If Electrum is already set up but stream isolation was not enabled, then navigate to ToolsNetwork in Electrum to bring up the server and proxy settings.

Add Application Launcher to Start Menu[edit]

Info This step is optional.

1. Create folder ~/.local/share/applications.

mkdir -p ~/.local/share/applications

2. Create a new file ~/.local/share/applications/electrum.desktop using an editor.

mousepad ~/.local/share/applications/electrum.desktop

3. Paste the following contents.

[Desktop Entry]
Type=Application
Exec=/home/user/electrum-3.3.6-x86_64.AppImage
Name=electrum
Categories=Other

4. Save the file.

The procedure is now complete.

The launcher can be found here:

Start MenuOtherelectrum

Donations[edit]

After installing Electrum, please consider making a donation to Whonix ™ to keep it running for years to come.

Donate Bitcoin (BTC) to Whonix ™.

3CQ2BiFyzfXLv3JYhaBBr8hvLrfpdwZ56f

Footnotes[edit]

  1. https://github.com/spesmilo/electrum/issues/5183 [archive]
  2. https://github.com/spesmilo/electrum/issues/5190 [archive]
  3. For further details, see: Github Electrum issues [archive].
  4. The latter package has been added to whonix-workstation-packages-recommended-gui, see: Install Electrum by default [archive].
  5. See: Install Software: Best Practices.
  6. Ambox warning pn.svg.png Installing software best practices:

  7. https://github.com/spesmilo/electrum/issues/4789 [archive]
  8. To find the correct image download: "Right-click" AppImage"Select" Copy Link LocationAppend to scurl command.
  9. Due to recent DDoS attacks.
  10. To find the correct signature file download: "Right-click" signature"Select" Copy Link Location"Append" to scurl command
  11. gpg: assuming signed data in 'electrum-3.3.8-x86_64.AppImage'
    gpg: Signature made Thu 16 May 2019 02:14:30 PM EDT
    gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
    gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
    gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
    gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
    


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Want to get involved with Whonix ™? Check out our Contribute [archive] page.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.