Release v4.25.0

Release notes

• Buy crypto inside the app through Moonpay
• Protection against the nonce covert channel attack when signing Bitcoin/Litecoin transactions (antiklepto protocol).
• Upgrade to BitBox02 Bitcoin-only firmware version 9.4.0
• Upgrade to BitBox02 Multi firmware version 9.4.0

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.25.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.25.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.25.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.24.1

Release notes

• Fix compatibility with ElectrumX 1.16.0 and Electrs v0.8.6 full node backends
• Small bugfix in the portfolio chart

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.24.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.24.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.24.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.24.0

Release notes

• Account summary page showing your portfolio (current and historical).
• Added Singapore dollar to the conversion currencies
• Added Bitcoin to the conversion currencies
• New ERC20 tokens: WBTC and PAXG (thanks to @PalinuroSec for the contribution)
• Upgrade to BitBox02 Bitcoin-only firmware version 9.3.1
• Upgrade to BitBox02 Multi firmware version 9.3.1

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.24.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.24.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.24.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.24.0 - Release Candidate 1

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

Note: the release candidate installers and binaries are unsigned. Warnings about unknown publisher or similar may pop up.

macOS users: to open an unsigned app, you need to right-click or Control-click the app and select “Open”.

Release notes

• Account summary page showing your portfolio (current and historical).
• Added Singapore dollar to the conversion currencies
• Added Bitcoin to the conversion currencies
• New ERC20 tokens: WBTC and PAXG (thanks to @PalinuroSec for the contribution)
• Upgrade to BitBox02 Bitcoin-only firmware version 9.3.0
• Upgrade to BitBox02 Multi firmware version 9.3.0

Release v4.23.0

Release notes

• Upgrade to BitBox02 Bitcoin-only firmware version 9.2.1
• Upgrade to BitBox02 Multi firmware version 9.2.1
• Added Israeli Shekel to the fiat currencies
• Added Bitwala to the list of exchanges

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.23.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.23.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.23.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Update 2020-11-05: replaced the Android APK, as the previous upload had an installation issue.

Release v4.23.0 - Release Candidate 1

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

Note: the release candidate installers and binaries are unsigned. Warnings about unknown publisher or similar may pop up.

macOS users: to open an unsigned app, you need to right-click or Control-click the app and select “Open”.

Release notes

• Upgrade to BitBox02 Bitcoin-only firmware version 9.2.0
• Upgrade to BitBox02 Multi firmware version 9.2.0
• Added Israeli Shekel to the fiat currencies
• Added Bitwala to the list of exchanges

Release v4.22.0

Release notes

• New expert feature: allow setting custom fees for Bitcoin and Litecoin in sat/vB.

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.22.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.22.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.22.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.22.0 - Release Candidate 1

⚠️ This is a release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds.

Note: the release candidate installers and binaries are unsigned. Warnings about unknown publisher or similar may pop up.

macOS users: to open an unsigned app, you need to right-click or Control-click the app and select “Open”.

Release notes

• New expert feature: allow setting custom fees for Bitcoin and Litecoin in sat/vB.

Release v4.21.1

Release notes

• Ability to add custom notes to transactions
• Bundle BitBox02 Bitcoin-only firmware version 9.1.1
• Bundle BitBox02 Multi firmware version 9.1.1

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.21.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.21.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.21.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.20.2

Release notes

• Bundle BitBox01 firmware version 7.1.0

Android release skipped, as it is only a BitBox01 bundle release, which is not supported in Android.

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.20.2-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.20.2-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.20.2-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)