v4.30.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.8.0
• Bundle BitBox02 Multi firmware version 9.8.0
• Improve information about using the passphrase feature
• Fix an Android app crash when opening the app after first rejecting the USB permissions
• Change label to show 'Fee rate' or 'Gas price' for custom fees
• Change label 'Send all' label to 'Send selected coins' if there is a coin selection
• Temporary disable Chromium sandbox on linux due to #1447

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.30.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.30.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.30.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.30.0 - Release Candidate 2

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

Release v4.30.0 - Release Candidate 1

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

v4.29.1

Release notes

• Disable GPU acceleration introduced in v4.29.0 due to rendering artefacts on Windows
• Changed default currency to USD
• Verify the EIP-55 checksum in mixed-case Ethereum recipient addresses
• Support copying address from transaction details
• Upgrade to BitBox02 Bitcoin-only firmware version 9.7.0
• Upgrade to BitBox02 Multi firmware version 9.7.0

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.29.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.29.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.29.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Note: For Android, this commit was used to build the release.

Note: For Windows, this commit was used to build the release.

v4.29.0

Release notes

• Add support for the Address Ownership Proof Protocol (AOPP), i.e.: handle 'aopp:?...' URIs. See https://aopp.group/.
• Add fee options for Ethereum based on priority, and the ability to set a custom gas price
• Updated to Qt 5.15 from Qt 5.12 for Linux, macOS and Windows
• Add a guide entry: How to import my transactions into CoinTracking?
• Revamped account-info view to show account keypath, scriptType etc.
• Allow disabling accounts in 'Manage accounts'
• Prevent screen from turning off while the app is in foreground on Android
• Allow entering the BitBox02 startup settings in 'Manage device' to toggle showing the firmware hash at any time
• More user-friendly messages for first BitBox02 firmware install
• Use hardware accelerated rendering in Qt if available

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.29.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.29.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.29.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Note: For Android, this commit was used to build the release.

Note: For Windows, this commit was used to build the release.

Release v4.28.2

Release notes

• Fix a conversion rates updater bug

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.2-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.2-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.2-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.28.1

Release notes

• Restore lost transaction notes when ugprading to v4.28.0.
• Improve error message when EtherScan responds with a rate limit error.

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.28.0

Release notes

• New feature: manage multiple accounts
• Upgrade to BitBox02 Bitcoin-only firmware version 9.6.0
• Upgrade to BitBox02 Multi firmware version 9.6.0
• Remove the setting 'Separate accounts by address type (legacy behavior)'. BitBox02 accounts are now always unified.
• Display the BitBox02 secure chip version (from v9.6.0)
• Validate socks proxy url

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.27.0

Release notes

• Buy ERC20 tokens using Moonpay
• Upgrade to BitBox02 Bitcoin-only firmware version 9.5.0
• Upgrade to BitBox02 Multi firmware version 9.5.0
• Run BitBoxApp installer as admin by default on Windows
• Close a running BitBoxApp instance on Windows when installing an update to ensure success
• Connect default full nodes on port 443 to avoid firewall issues
• Show blockchain connection errors in detail
• Remove CryptoCompare; use Coingecko for latest conversion rates. Fixes rate limiting issues, especially for VPN/Tor users.
• Remove confusing disabled copy button in the receive screen

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.27.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.27.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.27.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.26.0

Release notes

• Italian translation
• Allow camera access for Moonpay due to their KYC requirements starting 1st of March
• Remove BitBox02 random number button
• Show more decimals in the portfolio when main currency is BTC
• Broadcast an Ethereum transaction again if it got dropped by Etherscan
• Show Ethereum transaction nonce in the transaction details
• Fix QR code scanner regression issue on Linux
• Bugfix: restore success screen when setting up or restoring a BitBox02 wallet

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.26.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.26.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.26.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)