Create a VM without networking to host an Electrum Bitcoin wallet. The offline electrum VM will communicate an Electrum server (electrum-personal-server, electrs, or electrumx) VM using Qubes' qrexec.
Electrum is a popular lightweight Bitcoin wallet based on a client-server protocol. See the Bitcoin wiki for a more detailed explanation of Electrum.
This increases the privacy and security of your Electrum wallet while still maintaining full functionality. Enhanced privacy is achieved by preventing data leakage to server operators, and security is improved by removing the need for a network connection on the wallet VM.
- Read the README.
- To complete this guide you must have first completed:
0_bitcoind.md- You will also need either one of these server VMs:
- Create an AppVM for Electrum with no networking, using the
whonix-ws-15TemplateVM.
Notes:
- You must choose a label color, but it does not have to match this example.
- It is safe to lower the
maxmemandvcpuson this VM.
[user@dom0 ~]$ qvm-create --label black --prop maxmem='800' --prop netvm='' --prop vcpus='1' --template whonix-ws-15 electrum
Note: Replace <electrum-server> in this example with the name of the prerequisite server you installed (electrs, electrum-personal-server, or electrumx).
[user@dom0 ~]$ echo 'electrum <electrum-server> allow' | sudo tee -a /etc/qubes-rpc/policy/qubes.ConnectTCP
Note: At the time of writing the most recent version of Electrum is 4.0.2, modify the following steps accordingly if the version has changed.
user@host:~$ scurl-download https://download.electrum.org/4.0.2/electrum-4.0.2-x86_64.AppImage https://download.electrum.org/4.0.2/electrum-4.0.2-x86_64.AppImage.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 49.4M 100 49.4M 0 0 539k 0 0:01:33 0:01:33 --:--:-- 398k
100 833 0 833 0 0 1696 0 --:--:-- --:--:-- --:--:-- 1696
- Receive signing key.
user@host:~$ scurl-download https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4739 100 4739 0 0 2492 0 0:00:01 0:00:01 --:--:-- 2491
- Verify the key fingerprint.
Note: You can verify Thomas Voegtlin's key fingerprint on the Electrum about page.
user@host:~$ gpg --with-fingerprint ThomasV.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096/0x2BD5824B7F9470E6 2011-06-15 [SC]
Key fingerprint = 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
uid ThomasV <[email protected]>
uid Thomas Voegtlin <[email protected]>
uid Thomas Voegtlin (https://electrum.org) <[email protected]>
sub rsa4096/0x1A25C4602021CD84 2011-06-15 [E]
- Import the key.
user@host:~$ gpg --import ThomasV.asc
gpg: key 0x2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Verify the appimage.
Note: Your output may not match the example. Just check that it says Good signature.
user@host:~$ gpg --verify electrum-4.0.2-x86_64.AppImage.asc
gpg: assuming signed data in 'electrum-4.0.2-x86_64.AppImage'
gpg: Signature made Wed 08 Jul 2020 07:48:04 AM UTC
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unknown]
gpg: aka "ThomasV <[email protected]>" [unknown]
gpg: aka "Thomas Voegtlin <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
- Make the appimage executable.
user@host:~$ chmod +x electrum-4.0.2-x86_64.AppImage
Note: Select electrum from the dom0 pop-up.
user@host:~$ qvm-move electrum-4.0.2-x86_64.AppImage
Note: Replace <electrum-server> in this example with the name of the prerequisite server you installed (electrs, electrum-personal-server, or electrumx).
user@host:~$ sudo sh -c 'echo "qvm-connect-tcp 50002:<electrum-server>:50002" >> /rw/config/rc.local'
- Execute the file.
user@host:~$ sudo /rw/config/rc.local
- Make data directory.
user@host:~$ mkdir -m 0700 ~/.electrum
- Create configuration file.
user@host:~$ mousepad ~/.electrum/config
- Paste the following.
{
"auto_connect": false,
"check_updates": false,
"oneserver": true,
"server": "127.0.0.1:50002:s"
}
- Save the file:
Ctrl-S. - Switch back to the terminal:
Ctrl-Q. - Fix permissions.
user@host:~$ chmod 0600 ~/.electrum/config
- Make
bin/directory.
user@host:~$ mkdir -m 0700 ~/bin
- Move executable to
bin/directory.
user@host:~$ mv ~/QubesIncoming/bitcoin/electrum-4.0.2-x86_64.AppImage ~/bin/electrum
- Source profile to fix
$PATH.
user@host:~$ source ~/.profile
- Once your server VM has synchronized you will be able to use your Electrum wallet.
- To launch the wallet:
user@host:~$ electrum
- To get help on usage:
user@host:~$ electrum --help
- For more information on using the Electrum wallet see the official documentation.