Today I’m going to show you how to set up an encrypted volume and install a virtual machine into it to create a more secure environment to manage your cryptocurrency portfolio. While a hardware wallet such as a Trezor or Ledger is more secure, they are limited by the relatively small number of coins they can manage. Using a virtual machine on the other hand greatly expands the number of currencies you can manage while simultaneously improving your security over using your regular OS. The main difference in security compared to using a hardware wallet is that unlike a hardware wallet, when using a virtual machine, your private keys will be exposed to the internet when actively managing your portfolio. When you’re not actively managing your portfolio though, your virtual machine will be locked safely away in an encrypted volume that is essentially impossible to get into. However, it’s important to understand that your VM setup is only going to be as secure as your host OS. I’m not going to go into detail on securing your host OS as that’s beyond the scope of this article, but for a quick overview, make sure you’re using full disk encryption, a strong password, a good antivirus, and a quality VPN service such as Private Internet Access.
Before proceeding, you need to make sure your computer has virtualization technology enabled in the BIOS. If you don’t have virtualization technology enabled, you won’t be able to install 64 bit versions of linux and many wallets require a 64-bit version for their linux applications. Also, if your computer is older or fairly low-end, virtualization may not be an option and you may need to look at getting a virtualization capable computer.
- Reboot your computer and go into the BIOS. There are many variations on how to do this so you may need to look this up on the web to figure out the specifics for your computer
- Find the virtualization options and enable them
- Save and reboot
To set up encrypted VM, you are going to need the following software: Veracrypt, VirtualBox and Lubuntu x64. All three programs are free and open source. I chose Lubuntu as my guest OS because it provides all the compatibility of Ubuntu but uses a less resource-intensive, and frankly, less annoying desktop interface than Ubuntu’s Unity interface. This guide is being written for Windows users but the same basic principles should work for any OS.
Once you’ve enabled virtualization technology, the first step is to install Veracrypt and create an encrypted volume.
- Launch the installer you downloaded and install using all the default options
- After installation is complete, launch Veracrypt and select “Create Volume”
- Select “Create an encrypted file container”
- Select “Standard VeraCrypt volume”
- Click on “Select File…”
- Navigate to where you want to save your encrypted volume, give it a name, and then hit “Save”
- After clicking “Next”, you should now be at the Encryption Options screen. Leave these options at their default settings (AES and SHA-512) and hit “Next”
- Now you need to set the size of the container you want to create. I’m going to use 20gb's to give myself lots of room to grow, but you can adjust this to your needs. Keep in mind that if you install several full node wallets (such as Bitcoin Core, Dash Core, Zcash, etc), they will eat up your space fairly quickly with their full blockchain downloads so you may need to create a larger volume than 20gb’s.
- Set your password. Make sure it’s over 20 characters and includes upper case, lower case, numbers, and symbols. I use LastPass to generate and manage my passwords.
- Once you’ve set and recorded your password, hit “Next” and choose “Yes” for Large Files
- You should now be at the “Volume Format” window. This screen generates the encryption key for securing your container. Move your mouse around within the window until the meter reaches the end. Once it’s there, click on “Format”. Wait a few minutes for the volume to be formatted
- After formatting is complete, hit “Exit”. You have now finished creating your encrypted volume
After creating the encrypted volume, you now need to mount it as a drive
- In the VeraCrypt main window, click on “Select File” and open the file you created in the previous step
- Click on an empty drive letter and then click on “Mount”. Remember what drive letter you selected as you’ll need to use the same one every time you re-mount your encrypted volume for the virtual machine to work
- Put in your password and click OK
- The file you created will now show up as drive on your computer. Anything you put into this volume will be fully encrypted, and when dismounted, will not be reachable by hackers, government, etc
Now you need to install VirtualBox and create your virtual machine
- Launch the VirtualBox installer you downloaded previously
- Use the default installation options. Note that your network connection may be restarted during this process
- After installation is complete, create your virtual machine by clicking on “New”
- Give it a name. You can choose anything you want; I’m calling mine LubuntuVM
- Select “Linux” for Type
- Select “Ubuntu (64-bit)” for Version and hit “Next”
- Select the memory size. It defaults to 1024mb’s but for some wallets, such as Zcash, you may need more. Since I have 16gb’s of memory on my host computer, I’m going to raise mine up to 4096mb’s
- On the Hard Disk window, select “Create a virtual hard disk now” and click “Create”
- Select “VDI (VirtualBox Disk Image) and hit “Next”
- On the Storage allocation screen, choose “Dynamically allocated”
- Now you need to select where you want to save your VM and how big you want to make it
- Give your VM a name and click on the folder icon to choose where to save your virtual machine. Select the drive you previously mounted and hit “Save”
- Set the size of your virtual machine. I’m setting mine to 18gb’s. Since I created a 20gb encrypted volume, this leaves me 2 extra gb’s to store other files that I need to keep private and secure but which I don’t need from within my virtual machine
- Click “Create”
The next step is to install your guest OS into the virtual machine you just created
- In VirtualBox Manager, select your newly created virtual machine if it’s not already selected and click on “Start”
- When prompted, navigate to the drive letter you mounted your encrypted volume to and select the virtual machine you created. It will end with a .vdi extension
- Click OK and then install the operating system as normal
- When prompted, you don’t need to select encryption because your OS is already installed in an encrypted container.
After the OS installation is complete, you need to install the Guest Additions addon in order to get all of the features and usability of your virtual machine,
- First you need to make sure you have dkms installed. Open your command terminal and enter “sudo apt-get install dkms” at the prompt. Put in your password when asked, type “Y” when prompted, and let it run.
- Once that’s complete, on the window header of your virtual machine, click on Devices and then select “Insert Guest Additions CD image…”
- Close the window that pops up asking you if you want to view the files
- Now you need to do the actual installation. Either navigate to the CD image in the terminal, or on the desktop, right click on the VBOXADDITIONS icon and select “Open In Terminal”
- Enter “sudo ./VboxLinuxAdditions.run”. Enter your password when prompted
- Once installation is done, shutdown your virtual machine
- Finally, you need to enable a couple of features. Click on Settings in the VirtualBox manager
- Select General and then the Advanced tab
- Enable Shared Clipboard Drag’n’Drop. Select the bidirectional option.
- Now all you have to do is power your VM back up and you’re in business! All that’s left to do is install the wallets of your choice.
You now have now created an improved secure environment in which to manage your crypto portfolio. Make sure you power down your VM and unmount your encrypted volume though when not in use, otherwise, this entire process was for nothing! Also, as I stated at the beginning, while this setup is better than installing your wallets into your host OS, it still is not as secure as using a dedicated hardware wallet. It’s also important to understand that your security is only as good as the wallets you install. If you install a wallet with compromised code or security flaws, this system you just set up won’t necessarily protect you against those flaws. As with everything, it’s up to you to do your own research and maintain diligence.
I hope you found this guide helpful and I look forward to hearing your feedback!
Author: Chris Webb