Encryption on Janik von Rotz

Create a soft wallet and transfer your Ether coins from an exchange

Wed, 10 Jan 2018 14:58:27 +0000

Intrigued by the title you might ask your self: What is the reason to store ether in a software wallet? Well, If you have cryptocoins on an exchange platform there is always the risk of the account getting hacked or the platform goes offline (see MtGox). Exchange platforms for cryptocoins are not as regulated and institutionalized as banks and trading centers are. The risk is in favor of the provider. To assert full control of your coins aka your money it is recommended to store them in a wallet.

In the following tutorial I will show you how I have transferred my coins into a soft wallet.

This tutorial assumes that the os environment is MacOS. Nonetheless, the platform does not matter to go through the tutorial, it also works for other platforms such as Windows or Linux.

Install Geth

Lets get started by installing the go command line tool to interact with the Ethereum network.

Use Homebrew to install the tool, make sure it is up-to-date.

brew update
brew upgrade

Install the go etherum cli.

brew tap ethereum/ethereum
brew install ethereum

For other platforms use the according package manager.

Account Management

To receive Ether we need an account.

Create an account and set a password.

geth account new

Make sure to store the password somewhere safe. There is no way to retrieve or reset the password for the account once lost.

List all available accounts.

geth account list

Backup the keystore file of the new account.

cp ~/Library/Ethereum/keystore/UTC--yyyy-mm-ddT12-59-07.353801000Z--927b07ac62ee6c10861b5024710a997937b20e31 /path/to/encrypted/storage/Etherum/_ADDRESS_.prv

Sync

Transactions are stored on the block chain. In order to see transactions and execute them you must sync the blockchain.

Sync the Etherum blockchain in fast mode.

geth --syncmode fast --cache 2048

This mode allows us to sync the blockchain without processing and verifying each block.

The second parameter sets the cache according to the computers available memory. Make sure to adjust the number.

To see the progress of the sync an attached geth console must be started. An attached geth console is connected to the currently running geth process. Open a new terminal and run the command below.

geth attached

Now check the syncing state.

eth.syncing

As long as the current and highest block number do not match, further syncing is required.

Send Ether

Once the sync is finished, we are ready to retrieve Ether.

From your exchange platform (I am using Kraken) send the fewest amount of Ether possible to the accounts address. Do not send all of your Ether. We have to make sure everything works correctly.

To see the transaction a sync of the chain is required.

To check the accounts balance start the geth console.

geth console

Now run this JavaScript code.

function checkAllBalances() {
    var totalBal = 0;
    for (var acctNum in eth.accounts) {
        var acct = eth.accounts[acctNum];
        var acctBal = web3.fromWei(eth.getBalance(acct), "ether");
        totalBal += parseFloat(acctBal);
        console.log("  eth.accounts[" + acctNum + "]: \t" + acct + " \tbalance: " + acctBal + " ether");
    }
    console.log("  Total balance: " + totalBal + " ether");
};
checkAllBalances();

The JavaScript function return the Ether balance for each registered account.

If you see a positive Ether balance for your account then everything works fine and you are ready to send more Ether to the soft wallet.

Secure Storage

In case you want to know how I store my password and key files.

I am using the keybase file system to store the key file of the geth account and KeePass to store the password. The KeePass database is encrypted with a password and a key file. All data can be accessed from my Windows and from my Mac computer. These tools are all open source. Further the hard disk of my Windows and Mac computer are encrypted.

Geth Alternative

In case geth did not work you, try parity.

Source

Etherum Wiki - Managing your accounts
Etherscan - Blockchain Explorer

Say Goodbye to TrueCrypt

Fri, 30 May 2014 07:21:00 +0000

Apparently the developer of TrueCrypt threw in the towel this week.

The official site http://truecrypt.org redirects to http://truecrypt.sourceforge.net/ where you’ll find instructions to migrate you TrueCrypt disk to Microsofts built-in solution Bitlocker.

The reason for all this is obvious, TrueCrypt can’t compete against Microsofts Bitlocker as their software comes with every Windows 8 version (withWindows 7 you had to have an enterprise license in order to use Bitlocker).

Create GPG Keys

Wed, 09 Apr 2014 08:30:29 +0000

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/9543913.

Introuction

GPG keys are used for symmetric key encryption. GnuPG is the most common tool to create such keys.

Requirements

Instructions

Change the shell context to the user which uses the new GPG keys.

su [user]

Or use the root user.

sudo su

Give your server some work, otherwhise gpg won’t be able to generator random bytes.

sudo rngd -r /dev/urandom

Genrate the gpg key.

gpg --gen-key

Answert the prompts.

Your selection?: (1) RSA and RSA (default)
What keysize do you want?: 2048
Key is valid for?: 0 = key does not expire
Is this correct?: y
Real name: [firstname] [surname]
Email address: [mail]@[example.org]
Comment:
Change ... (O)kay/(Q)uit?: O
Enter passphrase: [gpg passphrase]
Repeat passphrase: [gpg passphrase]

Kill the rngd task.

sudo service rng-tools stop

Show the new GnuPG keys.

gpg -k

The gpg key id is displayed in the line pub 2048R/>>C58886FB<< 2014-03-14

Export the public key into a text file and back it up in a secure place.

gpg --armor --export -a [gpg key id] > [firstname][surname][server name]#public.key

Export the private key into a text file and back it up in a secure place.

gpg --armor --export-secret-keys -a [gpg key id] > [firstname][surname][server name]#private.key

Exit the user shell context if you have switched to another user.

exit

Store the gpg passphrase in a secure place f.g. KeePass Password Safe.

Source

Unattended, Encrypted, Incremental Network Backups by Kellen Ubuntu: How to create a lot of entropy for GPG key generation from command line

Convert SSL certificates

Thu, 27 Mar 2014 14:01:50 +0000

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/9413205.

Requirements

Get a free verified SSL certificate from StartSSL (optional)

Instructions

When buying a certificate from you CA (Certification Authority) e.g. a wildcard certificate for *.example.org, you have to convert this file to different formats in order to use them with your webserver installation.

To convert these files use OpenSSL.

First file you’ll need is the public certificate.

sudo openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

Now you can chose between the encrypted and decrypted key file.

If chosing the encrypted key file your webserver will prompt every time starting the web service for the certificate pass-phrase.

sudo openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

Otherwise your webserver won’t prompt for an pass-pharase, but be aware, if you’re losing this decrypted key file you certificate will be worthless.

sudo openssl pkcs12 -in [yourfile.pfx] -nodes -out [keyfile-decrypted.key]

Certificate chain

During the SSL negotiation, a server provides its certificate along with the “intermediate” certificates that exist between it and the root. This allows clients to validate the server’s certificate without going through a discovery processes that not all browsers support, and for those that do, without an additional performance penalty.

Download the CA server certificate on their website

sudo sh -c "cat [certificate.crt] > [certificate.crt.ca.bundle]"
sudo sh -c "cat [certificate.ca.crt] >> [certificate.crt.ca.bundle]"