Bulwark script — Staking on a server; made secure and simple.

A lot of people have been asking for this for a long time now, so we are pleased that we can officially announce our staking script as released and fit for purpose. (Warning: Contains small parts, not suitable for children!)

So what does this script do?

We’re glad you asked! For those knowledgeable in Bash scripting, you can find the exact details on what our script does on our official GitHub repo.

But for those of us without that knowledge, here’s the simplest version of what our script does..

  • It secures your VPS itself with strong credentials.
  • Secures your wallet.dat with a password.
  • Simplifies the process for unlocking your wallet.
  • Covers your tracks as you go, leaving no footprint for how a hacker would access your coins, even with VPS access.
  • Provides you with an encrypted copy of your private key, which can be imported in to your desktop wallet, you can therefore manage your staking wallet from your desktop wallet.

The slightly more advanced version is here:

  • The script creates a sudo user to install Bulwark and run all commands, with a password you set.
  • Downloads either ARMv7 or x86 binaries for Bulwarkd dependent on your platform (Secure Home Node(SHN)/VPS).
  • Creates the bulwark.conf file, including a rpc log-in.
  • Syncs up your node with the bootstrap.
  • Helps you set a secure password for your wallet.dat encryption.
  • Encrypts your address private key via BIP38.
  • Unlocks the wallet for staking online.
  • Creates a decrypt.sh file, making a simple way to unlock the wallet securely in the future.
  • Gives you an address to send coins you want to stake to, as well as the encrypted private key, which can be imported to your wallet in case of VPS/SHN failure.
  • Hardens fstab, the networking layer, and ssh against attacks.
  • Clears any traces of passwords and reboots the system.

But why do you need all these extra steps? The Masternode script is far simpler!

Masternodes allow for cold wallets, they do this via a handshake between both wallets by the masternode genkeys you create. The node uses this to confirm that the user owns the coins, and can manage the node. The node then also uses the txhash to ensure the coins are not moved and are locked.

Staking does not have this functionality, therefore all staked coins must be held on the VPS itself, this is a huge security risk for a number of reasons.

  1. The VPS provider could steal the wallet.dat if you do not hold the hardware.
  2. A malicious actor getting access to your VPS/SHN remotely via SSH could cause all sorts of trouble including the theft of your coins.
  3. If there was a hardware failure with either solution, you would lose your private key and potentially all your coins.

For these reasons, we’ve taken a lot of extra steps to keep your coins secure. We do concede that it is unfeasible to make anything perfectly secure. Anything built by human hands can be broken by them too.

Along these lines, we recommend that only advanced users, happy to take all suggested security options, stake via VPS. The security of what we create is entirely dependent on the user following them and choosing secure and sensible passwords.

So you said something about a Blip39 or something?

Yes, BIP38 is short for Bitcoin Improvement Proposal #38. We have BIP38 integrated in to our wallets.

What this means, is we are able to encrypt and decrypt private keys with passphrases of choice. We use this feature in our script, to provide you with a encrypted private key and password, which you can import in to your desktop wallet to gain an address that is being staked 24/7 on the VPS/SHN, even when your wallet is closed. You can therefore use your wallet that you are used to, to control your staking wallet, without need to use the command line, or expose yourself by connecting to the VPS/SHN via SSH.

More information is shown during the script, you can find the decrypt tool to import the keys shown in your desktop wallet, under settings, and then “BIP38 tool”.

This way, even if your VPS/SHN and all backups were caught up in a meteorite strike, your private key and coins are safe inside of wherever you store your main wallet.dat for your desktop wallet.

Some Disclaimers.

This script is configured to install staking functionality with the utmost security and safety for your funds. Please ensure that the passwords you choose are a minimum of 16 characters with upper and lower case as well as numbers and symbols to help protect against brute force attacks.

Performing any acts not expressly provided by the script will render your staking wallet incapable of the Bulwark team being able to provide tech support. Additionally, maintenance and coin safety are the sole responsibility of the user.

If you do not expressly follow the script and the associated instructions, there is a very real chance your coins will be rendered inaccessible. Bulwark takes no responsibility for any coins that are lost or stolen.

Please also be aware, this script will break your masternode, if used on a VPS or SHN that is currently running one! Please ensure it is only used on a fresh VPS or inactive SHN. We have a specific script for these situations being worked on for release in the very near future!

As mentioned, while we’ve taken every step to make this as safe as possible, it’s only as safe as how closely you follow our guidance, and on top of this, you are free to strengthen your own wallet as you would like.


Follow this link for the script!

Closing Comments.

We hope that you have the best of luck with your staking rewards, and may the odds be forever in your favor, and we hope to see you soon for our Monthly Update blog post!