Upgrading electrum on tails to 3.3.4

February 26, 2019 at 7:52 am | Posted in Uncategorized | 84 Comments

I see a lot of requests on reddit asking how to install the new version of electrum on tails. So I thought I would create a blog post showing people how to do it. There’s a lot of things you have to type so you might want to copy and paste this into a text file and load it on a USB, so you can copy and paste certain commands back into the commandline.

Currently, the running version of electrum on tails is insecure because it allows nodes to broadcast messages that can potentially be phishing attacks and trick users into downloading malware. Electrum 3.3.3 and above can mitigate such attacks. Currently, the latest version of electrum is 3.3.4, so I’ll write about that.

First off, whenever you make “weird changes” to whatever you are doing, even in general, you should make a backup. This is doubly true if this involves money. My recommendation is to use the tails official backup procedure here: https://tails.boum.org/blueprint/backups/ . There are a actually a couple of ways you can backup tails. If the official article is somehow unsatisfactory, I can do another “how to” article later on this later on.

Ok, now boot to tails. We have to be able to login as “administrator” for what we do, so when we login, press the “+” sign on the bottom left hand of the screen:
tails_login_screen

Then double-click on “administration password” and set the password to any arbitrary password you like. (This, by the way, allows you to execute the “sudo” command which gives your tails account temporary root privileges. This password is forgotten on the next reboot, so it won’t introduce any security problems once we’re done).

Now that we are logged in, we can begin upgrading the electrum wallet. The next  step is to verify the binary’s validity. There are a lot of “scam wallets” going around where people somehow download the wrong binary which then steals money. A hacker can also theoretically hack into the website and change the binary as well. So any binary that is not part of the official tails distribution should be verified that is hasn’t been tampered with. One of the maintainers of electrum is “ThomasV” and his GPG key is here:
https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc
gpg signature: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

Notice the high number of stars in the github page. This means that a lot of people are saying “yep, I like this key”.

Anyway, save the key to your tails distribution. Visit this webpage https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc , and highlight the text of the key, right click and press “copy”.

Then open gedit, “paste” the key into gedit:
copy_gpg_key

Then save it as “thomasv.key” in the “Tor Browser” directory.

save_gpg_key

Next, open “tor browser directory”:

selecting_tor_browser

in nautilus and double click the key. This will import it:
double_click

Once it’s imported, you have to then “sign” the key. By signing the key, one of the things you are doing is indicating “I trust this key as valid and I made sure that it’s owned by the actual ‘ThomasV’ in question.” You can verify this by comparing the signatures with people who you know have the correct key. The particular github account we got our key from is heavily starred and the file hasn’t been altered since Sept 2013, so we have a reasonable assurance that it is the real one. I have also personally used this particular key for years with that exact signature, so I can personally attest that signature with the following key is valid:

6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

There are web-of-trust benefits to signing the key, but I won’t go into that for now. Ok, now let’s sign the key. Right click on the clipboard thing on the upper right hand corner of the screen click on the “manage keys”:
manage_keys

Then scroll down until you find the key you want to sign (in this case ThomasV), right click and press “properties”.
click_properties

From there, you’ll get this dialogue box, so click on the trust tab:
sign_key

We did a reasonable search for the key, so let’s click on “casually searched”, then click the “sign” button:
Screenshot from 2019-03-12 00-25-30

We have now successfully signed the key.  I consider verifying binaries as a very important thing to do in the bitcoin world because there are a TON of scamwallets out there designed to steal your bitcoins. By verifying the binary, we can be rest assured that the binary we are about to download is the official untampered binary.

Ok, now that is done, we can download the binary. Download the AppImage binary and the appropriate signatures from this webpage:
https://electrum.org/#download

Download the AppImage and it’s corresponding signature file:

download_electrum_arrows
electrum_save_link_as

The “AppImage” version of tails is a self-contained version of electrum with all the appropriate libraries and python version encased in one file.  Currently electrum 3.3.4 uses a version of python that the current version of tails does not support (3.12.1). So the AppImage is your only recourse.

Ok, so once you download electrum and it’s signature file, you can verify the signature file as follows. Navigate to the “Tor Browser” directory you were in earlier, and right click the .asc file and click “Open with Verify Signature”.
verify_binary

Once that goes through, it should hopefully give you a “good signature” emblem on top:
good_signature

The “good signature” line shows that the binary has not been tampered with and is safe to put on the system. It was digitally signed by a well-known hacker with a good reputation.

Ok. Next steps. We have to create some folders in some appropriate directories. We do this because tails has an ephemeral filesystem mostly, with only a few key directories that is “remembered” between each bootup. the “Persistent” folder is one of those folders.

So return to the command terminal and type these commands (or copy and paste if you prefer):

sudo mkdir -p /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications
sudo chown -R 1000:1000 /live/persistence/TailsData_unlocked/dotfiles/
mkdir -p /home/amnesia/Persistent/bin/
mkdir -p /home/amnesia/Persistent/conf/electrum/

If the sudo command asks for a password, use the “administrator account” password that you setup when you booted tails.

Ok, next go back to “Tor Browser” window and right click the AppImage files. From there click properties:
right_click_electrum_properties

Click on the permissions tab and click on “allow executing file as program”:
allow_executing_files_in_program

This makes the file “executable” meaning it turns the file into an “app” that tails can run. Then right click and rename file to “electrum.AppImage”.

rename_electrum

Then open the persistent directory:
open_persistent

and drag the “electrum.AppImage” over to “Persistent/bin”

drag_electrum_2

It’s best to be extra cautious about bitcoin wallets, so we are not going to “write over” the old bitcoin wallet, we are going to create another and put it in a separate directory. (Conservatism is an important concept in the bitcoin world). So let’s open your old electrum wallet and copy the seed. You can do this by going to Wallet -> Seed on your menubar and writing it down or saving it to a file in your persistent partition.
electrum_select_seed

seed2

Keep these words in a safe place and don’t give it to anyone! Your seed is a “second layer” of defense in case you somehow screw up the upgrade process. If upgrading your wallet does not work for some reason, you can always re-create a new wallet, type the seed words back in and be able to recover your bitcoins through your seed words. So make sure you don’t lose that seed!

Once we have the words stored in a safe place, let’s go ahead and make the bitcoin icon point to the new version of electrum that we just put on the persistent folder.

Go back to your terminal window and type the following:

gedit /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

When gedit opens, copy and paste the following:

[Desktop Entry]
Comment=Lightweight Bitcoin Client
Exec=/home/amnesia/Persistent/bin/electrum.AppImage -D /home/amnesia/Persistent/conf/electrum/
GenericName[en_US]=Bitcoin Wallet
GenericName=Bitcoin Wallet
Icon=electrum
Name[en_US]=Electrum Bitcoin Wallet
Name=Electrum Bitcoin Wallet
Categories=Finance;Network;
StartupNotify=false
Terminal=false
Type=Application
MimeType=x-scheme-handler/bitcoin;
Actions=Testnet;

Then save.

Go back to your terminal and type:

sudo chmod +x /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

Go to Places -> Computer on the upper left hand corner of the screen. Once it does, Press ctrl-l and type this in the directory:

/live/persistence/TailsData_unlocked/dotfiles/.local/share/applications

visit_electrum_desktop_file

There should be an “electrum” icon there, double click on it then click on “trust” (we verified the binary so we know we can trust it). When the new wallet comes up, go install the electrum wallet like you normally would, but select “standard wallet” and “I already have a seed”.

i_already_have_seed

When the prompt comes up, paste the words of that seed that you entered earlier and click next. When electrum comes on, it should show your old “history of transactions”. Make sure you can see them.

Next, we have to tell electrum to use the tails proxy to communicate. Go to tools -> network in the menu:
select_network

Then click on the proxy tab and tell it to use the “Tor Proxy at port 9050”:
select_tor_proxy

Teboot tails, re-login and click on electrum icon on your menu, it should bring up the new version of tails:

electrum_3_3_4

Send a test transaction to another wallet and make sure it works.

If there are  any errors with this blog post, please leave a COMMENT and I can fix it. 

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: