Skip to content

Live offline OS for cryptocurrencies based on NixOS

Notifications You must be signed in to change notification settings

jluttine/CryptOS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CryptOS: Live offline OS for cryptocurrencies

  • Run directly from a DVD or USB stick securely without internet connection.

  • Includes relevant tools for cryptocurrencies.

  • Inspired by BitKey.

  • Based on the amazing NixOS. CryptOS is just NixOS with a specific configuration.

  • Runs XFCE by default.

Instructions

The following sketched steps explain one way to use CryptOS:

  1. Use public keys on an online computer to create the transactions. Store them on a USB stick with encrypted private keys.

  2. Open an offline computer running CryptOS from another USB stick.

  3. Read and sign the transactions on CryptOS.

  4. Copy the signed transaction to some online device by using the USB stick or by scanning the QR code.

  5. Check the transaction data (so you don't need to trust CryptOS) and broadcast it.

NOTE: The private keys can be stored encrypted on the online computer and multiple places for backup, but never decrypt them on an online computer. Only decrypt on the offline computer.

Description

Available cryptocurrency applications:

Building

It is recommended to build the ISO image yourself. You can easily even modify iso.nix to suit your needs. But if you want, you can download a pre-built ISO image from Releases section.

Requirement: nix installed.

Clone this repo:

git clone https://github.com/jluttine/CryptOS.git
cd CryptOS

Build the ISO image:

nix-build

By default, a pinned version of nixpkgs is used. If you don't want to use the pinned version of NixOS and nixpkgs, modify nixpkgs in default.nix. For instance, if you want to use the nixpkgs of your own system, set:

nixpkgs ? <nixpkgs>

Also, it is possible to to just provide path to your locally checked out nixpkgs:

nixpkgs ? "/path/to/nixpkgs"

To build 32-bit ISO image, modify system to i686-linux.

The ISO image can be found in result/iso/. You can test the built ISO file in a virtual machine. For instance:

nix-shell -p qemu_kvm
qemu-img create -f qcow2 foo.img 20G
qemu-kvm -m 1024 -drive file=foo.img -drive file=result/iso/<ISO-FILE-NAME>,format=raw,media=cdrom

Unmount the device you want to flash the image into. Flash the image to a USB stick:

sudo dd bs=4M if=result/iso/<ISO-FILE-NAME> of=/dev/<USB-DEVICE-ID>

TODO

  • Add relevant packages. If something is missing from nixpkgs, contribute to upstream.

  • How to force building all packages from sources? Would it improve security in some way?

Disclaimer

No guarantees about the security of the software is given. Use it at your own risk.

Contributing

Contributions are most welcome! Just open issues or make pull requests.

Usage

NOTE: On old computers, one may need to use 32-bit version and also enter forcepae kernel option during boot time. If you need to add forcepae option, press Tab when distro options are listed after boot and then append forcepae to the string.

In general, keep view keys in an online computer and spend keys (encrypted) in some USB stick so the offline live CryptOS can read the spend keys and sign transactions.

Bitcoin (Electrum)

Create a wallet (offline live CryptOS)

TODO

Set up a view-only wallet (online computer)

TODO

Create a transaction (online computer)

  1. Start Electrum.

  2. Create the transaction in "Send" tab and press "Pay". Note that Electrum uses mBTC (milli-bitcoin) units.

  3. Fee dialog opens, choose the transaction fee and click "Send".

  4. A window showing the transaction pops up. Choose "Export" -> "Export to file". Choose ".txn" file type, not ".psbt", and save the file to the USB stick (or save elsewhere and then copy to a USB stick). Safely remove the USB stick.

Sign the transaction (offline live CryptOS)

  1. Start Electrum ("Applications" -> "Internet" -> "Electrum Bitcoin Wallet"). For the start-up wizard choose auto-connecting to a server and browse your spend wallet file from a USB stick (this might be a different USB stick than the one with the transaction file).

  2. Load the transaction by selecting "Tools" -> "Load transaction" -> "From file" from menu and choosing the unsigned transaction file from the USB stick (or copy the file from the USB stick elsewhere and load that file).

  3. Check that the transaction is correct and then sign it by pressing "Sign" and entering the wallet password.

  4. Save the signed transaction to the USB stick by choosing "Save" and remove the USB stick.

Broadcast the transaction (online computer)

  1. Load the signed transaction by choosing "Tools" -> "Load transaction" -> "From file" from Electrum menu and choosing the signed transaction file from the USB stick (or, again, first copy the file from the USB elsewhere and then load that file).

  2. Check that the signed transaction file is still correct.

  3. Broadcast the transaction by choosing "Broadcast".

Monero

Create a spend wallet (offline live CryptOS)

TODO

Set up a view-only wallet (online computer)

TODO

Create a transaction (online computer)

  1. Start monero-wallet-cli --daemon-address opennode.xmr-tw.org:18089 --trusted-daemon from the command line.

  2. Enter file path to the view wallet, for instance, path/to/view-wallet.

  3. Export all outputs to a file: export_outputs all monero_outputs

  4. Create a transaction, for instance, transfer ADDRESS_HERE AMOUNT_HERE PAYMENT_ID. To move all funds, use sweep_all ADDRESS_HERE PAYMENT_ID. Note that the payment ID might not be required.

  5. Copy the outputs file monero_outputs and the unsigned transaction file unsigned_monero_tx to a USB stick. The files are located under the directory you are running the Monero wallet.

Sign the transaction (offline live CryptOS)

  1. Plug-in the USB stick(s) that contain the wallet file and the files created on the online computer.

  2. Start monero-wallet-cli from the command line in the same directory where you have the files from the online computer. Monero asks for the path to the wallet file, so enter the path to the spend wallet, for instance, path/to/spend-wallet.

  3. Import the outputs file: import_outputs monero_outputs

  4. Sign the transaction file: sign_transfer

  5. Export the key images to a file: export_key_images all monero_key_images

  6. Copy the signed transaction file signed_monero_tx and the key images file monero_key_images to the USB stick.

  7. Exit Monero wallet with q and shut down CryptOS. (Or shut down CryptOS only after successfull broadcasting in case you need to make some fixes on CryptOS.)

Broadcast the transaction (online computer)

  1. Copy the signed transaction file from the USB stick to the same directory you are running the Monero wallet.

  2. Import the key images file: import_key_images monero_key_images

  3. Broadcast the transaction: submit_transfer

  4. Exit Monero wallet with q. Optionally, delete the signed and unsigned transaction files from your computer and the USB stick.

About

Live offline OS for cryptocurrencies based on NixOS

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages