Bitcoin wallet support for Blockstream Green and Sparrow wallet using either HOT or COLD storage.
Cold storage support implemented using VeraCrypt
Protection of sensitive information implemented using Hashicorp Vault via VaultApi script.
OR
Alternatively, Keybase kv store can be use to protect sensitive information.
Manual input of key data supported for those using different automation tool set.
This script can be executed on any device supporting PowerShell Core.
Currently only tested on Linux OS.
PS> Get-Help BTCwallet
PS> Get-Help BTCwallet -full
PS> Get-Help BTCwallet -Examples
-Examples option shows the full set commands
SYNTAX
BTCwallet [-action] 'String'
Version Date Whom Notes
======= ==== ======== =====================================================
0.9.5 03/07/2024 cadayton Added support for Sparrow wallet
0.9.4 03/03/2024 cadayton Added support for HashiCorp Vault
Added Config file Removed Wallet name parameter
0.9.3 02/29/2024 cadayton Added Wallet name parameter
0.9.2 02/04/2024 cadayton Added Green wallet for mounting cold storage datadir
0.9.1 02/02/2024 cadayton Added Green wallet with MD5 validation via KeyBase
0.9.0 02/02/2024 cadayton consolidated code into a single script
0.5.0 01/25/2023 cadayton initial release.
The input file, BTCwalletCfg.xml located in same directory as the script.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Crypto>
<Wallet>
<name>unknown</name> # Binary file executable name of a BTC wallet
<name>unknown</name> # Optional for second BTC wallet
</Wallet>
<KeyBase>
<veracrypt>unknown</veracrypt> # keybase referencing full path to hot wallet file
<password>unknown</password> # keybase referencing password to the how wallet file
<mount>unknown</mount> # keybase referencing mount point path for hot wallet
<namespace>unknown</namespace> # keybase namespace assoicate with keys
</KeyBase>
<HashiCorp>
<kvpath>kv1/Wallet</kvpath> # HashiCorp Vault base path to key references
</HashiCorp>
</Crypto>
VeraCrypt required for cold storage support
Hashicorp Vault required for Hashicorp Vault support
VaultApi.ps1 required for Hashicorp Vault support
Keybase client required for Keybase kv store support
PSKeyBase Module required for Keybase kv store support
See the following links for a guide on how to setup a Bitcoin wallet and use it with Cold Storage
Setting up your first bitcoin wallet environment
To start a wallet and use cold storage both VeraCrypt and Hashicorp Vault must be installed and
specific key/values must be created in the Vault. Additionally, BTCwalletCfg.xml must be configured
correctly as well.
In this example, BTCwalletCfg.xml is configured as follows.
<Crypto>
<Wallet>
<name>GreenWallet</name>
<name>Sparrow</name>
</Wallet>
<HashiCorp>
<kvpath>kv1/Wallet</kvpath>
</HashiCorp>
</Crypto>
The wallet names must the executable name of the wallet and their path location must be in the $PATH
environmental variable.
From a terminal session, start a PowerShell session by entering 'pwsh'
PS> BTCwallet Start
PS> Available Wallets are:
PS> GreenWallet
PS> Sparrow
PS> Enter the wallet name?: GreenWallet
Since there are multiple wallets specified in the configuration file, a prompt is generated to
ask which wallet to start.
To use cold storage, Hashicorp Vault needs to be running with a valid login.
PS> Do you want to START Hashicorp Vault? [Yes or No]: Yes
PS> Unseal the Vault [Yes or No]: Yes
When Hashicorp Vault was initialized after installation a json file should have been downloaded
and moved to your .ssh directory and renamed to VaultApi.json. The keys needed to unseal the
vault are extracted from this file.
PS> Choose a login method [token or userpass] userpass
PS> Enter username: bitcoin
PS> Starting GreenWallet application (0.9.4)
PS> Do you want to START the GreenWallet [Hot or Cold] storage: Cold
Now, VeraCrypt will mount the cold storage device associated with GreenWallet after extracting
the needed information from Hashicorp Vault.
A key path of 'kv1/Wallet/mycomputername/GreenWallet' is expected to be present with the following keys and
values.
veracrypt = /media/usbdrive/GreenWallet # full path to the encrypted volume
password = password to the encrypted volume
mount = /media/greenwallet # path to mount veracrypt volume
hash = MD5 checksum of BTCwallet.ps1
If you launch the VeraCrypt application, the cold storage volume will be mounted on slot 5.
If Sparrow wallet is launched with cold storage at the same time as GreenWallet, it's cold storage
volume will be mounted on slot 6.
GreenWallet is started as a background process.
PS> BTCwallet Start
Available Wallets are:
GreenWallet
Sparrow
Enter the wallet name?: GreenWallet
Do you want to START Hashicorp Vault? [Yes or No]: Yes
Unseal the Vault [Yes or No]: Yes
Choose a login method [token or userpass] userpass
Enter username: bitcoin
Starting GreenWallet application (0.9.5)
Do you want to START the GreenWallet [Hot or Cold] storage: Cold
[sudo] password for bitcoin:
Volume /media/usbdrive/GreenWallet has been mounted.
Id Name PSJobTypeName State HasMoreData Location Command
-- ---- ------------- ----- ----------- -------- -------
3 Job3 BackgroundJob Running True localhost nohup ${using:WalletNameβ¦
GreenWallet started
First quit the application's GUI window.
PS> BTCwallet Stop
Available Wallets are:
GreenWallet
Sparrow
Enter the wallet name?: GreenWallet
Stopping GreenWallet application (0.9.5)
/media/usbdrive/GreenWallet has been dismounted
Seal the Vault [Yes or No]: Yes
Vault has been sealed
Do you want to STOP Hashicorp Vault? [Yes or No]: Yes
Stopping Hashicorp Vault...84484
Assuming the Veracrypt volume is on removable media, you would now
disconnect that device from your computer.
I've put close to a month's worth of development time into both to these scripts and I'm not willing to give away that time.
You'll need to donate 30,000 sats ($21) or $42.00 in USD to get a copy of these scripts and this includes my support.
Download Directly using the following paywall link
I recommend using the paywall link because any future updates are free and immediately available to you.
Download indirectly using sats or USD
Donate 30,000 sats with GetAlby
After your donatation, Contact me (cadayton) using any of the following methods to coordinate getting these scripts.