Hi Redditors.
I am going to post in this thread my experiences in getting my Desktop (Debian) machine running Armory in watch-only mode, and coupling that with an offline Raspberry Pi (which holds my private keys) for signing the transactions previously made in watch-only mode.
I actually compiled Armory from source directly on my Pi. This guide is probably more for the bitcoin 'power user', as to run Armory online, and broadcast the signed transactions, you need to have a bitcoin full node running (bitcoind).
Basic requirements:

• Online machine - running a full node (bitcoind)
  
• Raspberry Pi - I used an old Pi 1 Model B with just 512Mb memory, and 2 USB slots.
  
• 2x USB thumb-drives. One for wallet backups, the other for transferring unsigned tx's to the rPi, and signed tx's back to the Desktop.
  

Aimed-for Setup:

• Armory 0.96.4 for the Raspberry Pi 1, Model B (512Mb RAM, 2xUSB) (compiled from github sourcecode on the Pi itself!)
  
• Using the Pi as an offline complement to a Debian Desktop "watch-only" Armory install.
  
• Desktop Debian Armory watch-only talks to my full node, bitcoind, which is also on the Debian desktop.
  

I'll post the guide in digestible sections...

Section 1

I should begin by saying I installed source code from git, and got Armory to build the DB on my desktop initially, WITHOUT creating a wallet.. (This allowed me to debug what was going on a little!)

• I am using Armory 0.96.4
  
• Desktop: Debian 9, Dual-Core, 2Gb Memory, 2Gb Swap.
  
• Pi : Pi 1, Model B (512Mb RAM, 2x USB, Ethernet)
  

Go to Bitcoin.org, select Armory..
It leads to a Download from Git:
https://github.com/goatpig/BitcoinArmory/releases
Followed the procedure for Linux Debian verify code, compile, install, all straight-forward..
Began by running bitcoind, and telling Armory where to find it. This is the command I used, obviously it was all on one line and didn't include the arrows/explanations!:

python ArmoryQt.py \ --satoshi-datadir=/BlockChain/chain20180414/blocks \ # <-----(where my bitcoind blocks live) --datadir=/ArmoryDataDi \ # <-----(this is instead of ~/.armory) --dbdir=/ArmoryDataDidatabases # <-------(again, non std. place used for Armory's databases.. my choice.) 

So, on the Desktop, after the initial "build databases"
(NB the initial "Build Databases" took about 1.5h and my two CPUs were maxed the whole time, Temps up to 62C. Not ideal; Im not in a rush!)
I then wanted to import a watch-only wallet.
Before I did this, I took a full backup of the Armory data dir:
/ArmoryDataDi
(or ~/.armory in a default installation).
I'd hate to have to make Armory do another full sync with the bitcoind node!

Section 2

Next step: offline wallet (with Private Keys) is on a Raspberry Pi.
I downloaded the source and managed to compile it on the pi itself! :)
Though there were some gymnastics needed to setup the Pi.
My Pi is running Raspbian based on Wheezy.. quite old!
I did the following on the Pi:

apt-get update apt-get upgrade (<---took about an hour!) apt-get install autotools-dev apt-get install autoconf 

Then I followed the instructions exactly as I had done for my Debian Desktop machine, EXCEPT:
I had to increase the Pi's swap space. I upped it from 100Mb to 400Mb.
The compilation took 7 hours, and my poor SD card got a thrashing.
But after compilation, I put the Swap back to 100Mb and Armory runs ok with about 150Mb of memory (no swap needed).
Swap increase on the Pi:
use your favourite editor, and open the file /etc/dphys-swapfile
add/change the following line:

CONF_SWAPSIZE=400 

Then, REBOOT the Pi:

sudo shutdown -h -P now 

Once the compilation was done on the Pi, put the swap back, rebooted and created an Armory wallet.
I added manual entropy and upped the encryption 'time' from 250ms to 2500ms - since the Pi is slow, but I'll be happy to wait for more iterations in the Key Derivation Function.
Once the wallet was created, it obviously prompts you for backup.
I want to add a private key of my own (i.e. import), so don't do the backup until this is over.
I import my Private Key, and Armory checks that this corresponds to a Public Key, which I check is correct.
This is the point now where the Pi storage medium (e.g an SD card) has to be properly destroyed if you ever get rid of it.
I had thought that now would be a good time to decide if your new wallet will generate Segwit receiving addresses, and also addresses used to receive 'change' after a transaction..
But it seems Armory WON'T let you switch to P2SH-P2WPKH unless your Armory is connected to a node offering "WITNESS" service.
Obviously, my Pi is offline and will never connect to a node, so the following will not work on the Pi:

• x Use File Settings Fee and address types.
  
• x Set the "Preferred Receive Address Type" to P2SH-P2WPKH
  
• x Also Set the "Change Address" to P2SH-P2WPKH for left-over loose change!
  

NB: I thought about setting this on the Debian "watch-only" wallet, but that would surely mean doom, as the Pi would not know about those addresses and backups might not keep them.. who knows...
So, end result:- no segwit for me just yet in my offline funds.

--If anyone can offer a solution to this, I'd be very grateful--

Section 3

Ok, now this is a good point to back up your wallet on the Pi. It has your imported keys. I choose a Digital Backup - and put it on a USB key, which will never touch the internet and will be stored off-site. I also chose to encrypt it, because I'm good with passwords..
NB: The Armory paper backup will NOT back up your imported private keys, so keep those somewhere if you're not sweeping them. It would be prudent to have an Armory paper backup anyway, but remember it will likely NOT help you with that imported key.
Now for the watch-only copy of the wallet. I want to get the "watch-only" version onto my Desktop Debian machine.
On the Pi, I created (exported to a USB key) a "watching-only" copy of my wallet.
I would use the RECOMMENDED approach, export the "Entire Wallet File".
As you will see below, I initially exported only the ROOT data, which will NOT capture the watching-only part of the Private Key I entered manually above (i.e. the public Key!).
Now, back on the Debian Desktop machine...
I stopped all my crontab jobs; just give Armory uninterrupted CPU/memory/disk...
I also stopped bitcoind and made a backup prior to any watch-only wallet being imported.
I already made a backup of Armory on my Desktop, before any wallet import.
(this was needed, as I made a mistake.. see below)
So on the Debian Desktop machine, I begin by firing up bitcoind.
my command for this is:

./bitcoind -daemon -datadir=/BlockChain/chain20180414 -dbcache=400 -maxmempool=400 

Section 4

I try running Armory like this:
(I'm actually starting Armory from a script - StartArm.sh)
Inside the script StartArm.sh, it has the line:

python ArmoryQt.py --ram-usage=4 --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDi --dbdir=/ArmoryDataDidatabases 

I know from bitter experience that doing a scan over the blockchain for a new wallet takes a looong time and a lot of CPU, and I'd like it to play nicely; not gobble all the memory and swap and run my 2xCPUs both at 100% for four hours...
So... I aim to run with --ram-usage=X and --thread-count=X
(For me in the end, X=1 but I began with X=4)
I began with --ram-usage=4 (<--- = 4x128Mb)
The result is below...

TypeError: cannot concatenate 'str' and 'int' objects 

It didn't recognise the ram-usage and carried on, crippling my Debian desktop PC.
This is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up, and it can take over 30 minutes just to exit nicely from bitcoind and ArmoryDB.
So, I ssh to the machine from another computer, and keep an eye on it with the command

"free -h" 

I'd also be able to do a "sudo reboot now" if needed from here.

Section 5

So, trying to get my --ram-usage command recognised, I tried this line (added quotes):

python ArmoryQt.py --ram-usage="4" --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDi --dbdir=/ArmoryDataDidatabases 

But no, same error...

Loading Armory Engine: Armory Version: 0.96.4 Armory Build: None PyBtcWallet Version: 1.35 Detected Operating system: Linux OS Variant : ('debian', '9.4', '') User home-directory : /home/ Satoshi BTC directory : /BlockChain/chain20180414 Armory home dir : /ArmoryDataDi ArmoryDB directory : /ArmoryDataDidatabases Armory settings file : /ArmoryDataDiArmorySettings.txt Armory log file : /ArmoryDataDiarmorylog.txt Do wallet checking : True (ERROR) ArmoryUtils.py:3723 - Unsupported language specified. Defaulting to English (en) (ERROR) ArmoryQt.py:1833 - Failed to start Armory database: cannot concatenate 'str' and 'int' objects Traceback (most recent call last): File "ArmoryQt.py", line 1808, in startArmoryDBIfNecessary TheSDM.spawnDB(str(ARMORY_HOME_DIR), TheBDM.armoryDBDir) File "/BitcoinArmory/SDM.py", line 387, in spawnDB pargs.append('--ram-usage=' + ARMORY_RAM_USAGE) TypeError: cannot concatenate 'str' and 'int' objects 

Section 6

So, I edit the Armory python file SDM.py:

if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=4') #COMMENTED THIS, SO I CAN HARDCODE =4 # ' + ARMORY_RAM_USAGE) 

Running it, I now have acknowledgement of the --ram-usage=4:

(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDi" --dbdir="/ArmoryDataDidatabases" --ram-usage=4 

Also, even with ram-usage=4, it used too much memory, so I told it to quit.
It took over 30 minutes to stop semi-nicely. The last thing it reported was:

ERROR - 00:25:21: (StringSockets.cpp:351) FcgiSocket::writeAndRead FcgiError: unexpected fcgi header version 

But that didn't seem to matter or corrupt the Armory Database, so I think it's ok.
So, I get brave and change SDM.py as below, and I make sure my script has a command line for --ram-usage="ABCDE" and --thread-count="FGHIJ"; the logic being that these strings "ABCDE" will pass the IF criteria below, and my hardcoded values will be used...

if ARMORY_RAM_USAGE != -1: pargs.append('--ram-usage=1') #COMMENTED THIS, SO I CAN HARDCODE =1 # ' + ARMORY_RAM_USAGE) if ARMORY_THREAD_COUNT != -1 pargs.append('--thread-count=1') #COMMENTED THIS, SO I CAN HARDCODE =1 #' + ARMORY_THREAD_COUNT) 

So, as usual, I use my script and start this with: ./StartArm.sh
(which uses command line:)

python ArmoryQt.py --ram-usage="ABCDE" --thread-count="FGHIJ" --satoshi-datadir=/BlockChain/chain20180414/blocks --datadir=/ArmoryDataDi --dbdir=/ArmoryDataDidatabases 

(this forces it to use my hard-coded values in SDM.py...)
So, this is the command which it reports that it starts with:

(WARNING) SDM.py:400 - Spawning DB with command: /BitcoinArmory/ArmoryDB --db-type="DB_FULL" --cookie --satoshi-datadir="/BlockChain/chain20180414/blocks" --datadir="/ArmoryDataDi" --dbdir="/ArmoryDataDidatabases" --ram-usage=1 --thread-count=1 

Again, this is where it gets dangerous; Armory can gobble so much memory and CPU that the windowing environment can cease up. So I ssh to the machine and keep an eye on it with:

"free -h" 

Section 7

So, on the Debian Desktop PC, I inserted the USB stick with the watch-only wallet I exported from the Pi.
Start Armory...
Import "Entire Wallet File" watch-only copy.
Wait 4 hours..
YAY!!!
After running Armory for about 30m, the memory usage dropped by 400m... wierd...
It took ~2 hours to get 40% completion.
After 3.5 hours it's almost there...
The memory went up to about 1.7Gb in use and 900Mb of Swap, but the machine remained fairly responsive throughout, apart from a few (10?) periods at the start, where it appeared to freeze for 10-30s at a time.
(That's where my ssh session came in handy - I could check the machine was still ok with a "free -h" command)
Now, I can:
Create an unsigned transaction on my Desktop,
Save the tx to USB stick,
Move to the Pi,
Sign the tx,
Move back to the Desktop,
Broadcast the signed tx.

Section 8

My initial Mistake:
This caused me to have to roll-back my Armory database, using the backup. so you should try to avoid doing this..
On the Pi, I exported only the ROOT data, which will NOT capture the watching-only part of the Private Key
It is RECOMMENDED to use the Digital Export of Entire Wallet File from the Pi when making a watch-only copy. If you just export just the "ROOT data", not the "Entire Wallet File", you'll have problems if you used an imported Private Key in the offline wallet, like I did.
Using the ROOT data text import, after it finished... my balance was zero. So,. I tried a Help->Rescan Balance (Restart Armory, takes 1minute to get back up and running) No Luck. Still zero balance.
So, I try Rescan Databases.. This will take longer. Nah.. no luck.
So, I tried again, thinking it might be to do with the fact that I imported the text "root data" stuff, instead of following the (Recommended) export of watching-wallet file.
So, I used my Armory backup, and wound back the ArmoryDataDi to the point before the install of the (zero balance) wallet. (you should not need to do this, as you will hopefully use the RECOMMENDED approach of exporting the "Entire Wallet File"!)

I have noticed their is a growing problem of fake bitcoin clients, and I expect the frequency and elaboratness of these fake clients to increase.
Verifying the signatures for these clients will detect if you are receiving anything other than what the signer the of the software signed. The exception to this is if the attacker acquires the signer's private key, which should be a lot more difficult than tricking users to visit the wrong site or hacking servers. This can also be addressed by using multiple signatures per client.
An important part of this process is acquiring the public keys for the sofware signers in a secure manner.
To help with this I have included a signed list of fingerprints and where to acquire the public keys to act as another source to verify the keys used to sign bitcoin clients.
I have also included instructions for verifying the fingerprint list and bitcoin clients.
To deal with the issue that posts and comments on Reddit can be easily modified I suggest other users (especially well known ones) post a signature of the fingerprint list in a comment in this thread, or at least a hash of the fingerprint list (not as secure but still better than nothing).
List of Fingerprints:
+++ Bitcoin-Qt: Signer: Gavin Andresen (CODE SIGNING KEY) [email protected] Fingerprint: 2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1 Key ID: 1FC730C1 Key Link: bitcoin.org/gavinandresen.asc
Electrum: Signer: ThomasV [email protected] Fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Key ID: 7F9470E6 Keyserver: pool.sks-keyservers.net Signer: Animazing [email protected] Fingerprint: 9914 864D FC33 499C 6CA2 BEEA 2245 3004 6955 06FD Key ID: 695506FD Keyserver: pool.sks-keyservers.net
Multibit: Signer: Jim Burton (multibit.org developer) [email protected] Fingerprint: 299C 423C 672F 47F4 756A 6BA4 C197 2AED 79F7 C572 Key ID: 79F7C572 Keyserver: pgp.mit.edu
Armory: Signer: Alan C. Reiner (Offline Signing Key) [email protected] Fingerprint: 821F 1229 36BD D565 366A C36A 4AB1 6AEA 9883 2223 Key ID: 98832223 Keyserver: pgp.mit.edu +++
My Key:

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.12 (GNU/Linux) mQINBFLB9nUBEAC/klZvqQkWP/NUD0pT09PzhKh0xIQ0XM7MxqUZLa1OytF3iUCX /fNwQD5OnSFQoEg1O4bGzrrRb+PiuKCvH19dp7sFVj3q7Dhwfb6EvsX39xqzxCr6 2AQFQ3esz4nNodnQWa48t2ujihaf/vpTn6n7+jCl6a124r+U4wNGiNIEWxLLUNNb ec8S1RcjtTp6Ue/yRpThgJN9e4rj19+vJMqKCiqL03NBZWVoCEkL6iIdjwlQK8/r CpP9m5yAsc8wkelRkZvuLmjJ1GgSFrO0WteGnURMshy59LetaSRyiIDeHaPdV5rk /n3mBv8hsK/39O6H7fYWDx/ZLnZE4rMghcndexIFLhsuPx6FJNATqQ2gHT4ijb8K NlwZ0LatlXyUEMKfC1aroa3/9RkQSf0y0GKS0XrvUWGVRn/X7gk1DRhuaHWuacCf k3w0XZOA2WpWw1w/rjZSeHbKG1w4B2/kWH3K4sXsfcLltlY85zH03HUYSx+leMFc yxiHz60ZfuV2aGjYFPL8dzF6DS106lHz51j608OZkAEO8Xssincii1k/PR1h1y2P AqgrEADzgl52iBbNw+tdnxSAIy/asEyxU/VwkUFjOzSyP7ZmBxg8ss966w2Kl6WE o9R5tkVuUG8WTMTnF0FeMxO9YOqx4KhN9bhP7RjBL7BFTvRXYVVJUGabIQARAQAB tBVkY2M0ZSA8ZGNjNGVAZ214LmNvbT6JAj4EEwECACgFAlLB9nUCGwMFCQlmAYAG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECO6L0dAOWOhsNIQAKUN9Z4e0hM3 DbaUjYJx93JGdJArLmz+Ko10N/lGcao4lCNVA+xM73Ga1GBnPlhPFW9iD2VQocOv tY2PYNsPrHgGlzyMKAMSpZ8364wVEyCHdJVKFORUjhyuJGYfyhDt2iZuzQwxWbmQ 1gmlbiGvxRysmaSW5+M8CDhja/fI8+EOp5NbH/EvHJClul3cO72UBUXBPxRv4Eb+ j8k0Uozob70A3bD894F8bJ9wZ3XBX/9DEkAbvDyW7CxIZwUiCeYTQylH++8S91A1 wL3z35ELdOLzGqwetYY6gSZRwY/W+rewEfPfBDSRjXKOBfhraMBYV1Sdg0IUj10W 2XVAzkqmqaej0T/xTt6aNjFtiH1u18BUpYIcCAAZ6TJ7325bnqnI+0xWFdonyggL +AIX1nzhx5niw8ZkCX0/jlJAx3TXAuxX/Tfy7cVSVi33v0fiwoDb8ZIDBzg0P2uc PUpR13B3AevFpxuAuAFPWfTDOJQmZyn9YNswVOhNb9rfq5bkmaSBlMRefTtUKIjW XjrRhSULPJ73H+R1DNL1Y0vhclnkOVCFRB+VPChkO+6RitGQDTg/Z60fBHpnYiDz sysnsoojLwBGanHO5mZMprxADc9CmeRGRmfHwvx7eJvW1HqN+5JR3Ai+JDlT+IxX RNUQxUbOry4D8TwRn9nBEtumNyNQcBmUuQINBFLB9nUBEACyRFYCrOXxC8yWm92U qPPNa3YC+W17O4rHW/thKTze1/TeZAKTNaIMPCS7iSVBBRbuijG+8NsgFd6W9acC ihMD4VUdFhVPjRGM3HmqzsxudVI4kGlQl8w86pYZu8ceGB4LQcoUFbPmWgXDIszH NV7kIFO/2oCRJ7VIBllUMP97RRdIfDND7EZMWvDveZ40BZCBLfnD9f6VSs4Lgn2C ow/ko01ijnvUxA/BGPJKI7JTLJHbdL//RQwT3AacLSc/etIurY2Ef926XbYYI1gi qboCU/dYUkGG2D+BDcGdukwpksdZZSXPyNhkZQAPPViHuFFtHI3C+FNb5L+lnC0h /dfF73U1lN3jp/VX11U1tIsHJyPjs8aael2UJO7Qy3vgVRM6KOywNNjVRv79Z/rF YHkNzBwXrGKdwV16SdRWjgkzkB4JeNQME096SqrwAEj/j5fwMqHjR8dKqWKDT6s9 V2Z83go3n9kI8JWFh33OksBh/qpKghhwtGWrUsbVcEDOVmUn2ozXvARDzqnNw3DN PcQvzUtasD8hxGHo7fW4TczdtgS3b/DfU2VJo68Fmo1C4eqYX+Ixx05khFCtP7d0 POqX6jIIQqZq8NTea8/M8Xx1YGhR5RpA4vZe7bCLgD2VUXHL43Npmq2nuZ0/7AwY H0hc/y/T+SU70xn28XyWHHLkCwARAQABiQIlBBgBAgAPBQJSwfZ1AhsMBQkJZgGA AAoJECO6L0dAOWOhIcgP/ioKYiJFAsolS4ep1PenCPvQFjvZTq4xJnsubEJ/ERU8 zdgET0Rh5jcCLqRAxQbGW3lVsewR3N+S9Rt3zHApqfZBFg5XJkZxsk0u+0qGPHWA 4oC7U3E4ZwMfVzUDcfKrzD1h0JaiSW1+1qgCh9/YVCUYakR1n/9LgzPP8ekQLTeb nWE+ZQQfeTDgoTNFWZvUlEbh4zcHLvcay78PnK3uT3UbWPyltSxon/eD47s1dt03 P/8nqaXCZhhRZ9N3EbJyudLBgA3ctySSJJSKKQHYynH5qUQqKp4Wq1KY80161xvW FqKwN/Jr4tTpRVZPu8P82cxhwrWJdf1U3/M2F2aIgXbGS4fHbzsLZ+6zZ3AuT4D8 auW55GOrnoF9XzZV6IavtluILUXMjVzF13slo5PKzS8yyJRNxE22krbeEyUum4Zu dDiERxIB6B+RDMM9qvV9svGJoEXG+4ugwkA3R7a6LWApmkvH3eXpULfDN2g5eNcr 5efFMrI/myxmpsP3nUp5EZFJyp8+ZSzIMJ1jSzXH8mHajIGTG49xDyZGpbog3wd2 7aQf5D9WOuKfYZM9MU9PBF+ZgtNrAxWuYJcCOr4WEd/2IjayMWvLxNA/RVW66oVj puaaDc3m3hXg1fwUWv9ZJyMUv7NARLgig3KEMVZiVzos7ZMn9mZNrOk2fnkKpVJB =ufyu -----END PGP PUBLIC KEY BLOCK----- 

Signature for fingerprint list:

-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.12 (GNU/Linux) owGFk31QFGUcx48XIU/KU0YSZOhHToraHeze3u4tqd2+HZ6g4ks6ZBTLsXdud7eH ewtCV4mp4/hGKmlTQbyEkgoZxpg6kReML0RWaoohOWWN0mhK4WSZje0Zxw0zzfTP 7rPf5zfP7/N8nn22PRyliYyYfDQ9y0La6yNaotYW6hyi5BTkYlmUFJ9BKVMWdZyu mDFjhpYWFbtXlPQLlUztYtEpCXImZPGlogSUVCQLPkGCNGYBy8FiW9Z82/wsyOby poEzWMEPFVicHl50G+xeD1jDXTIBxXEMcJYkgaEpDhiSNgNCmlHgrHgGoCRLAsfh NCBWhgBjBoNos4VysLGZD5LhIEeUXJlQ+C+nwSs700d0N/A+u5ZzC3ZFLvGE97Bk hdfD+5aC8uBdiqiQZYYiQTuCEMdJDFizujuC5swqjQkHI0JzwJImlZBmTWBGMRoI q1pHZHD4MGEwCQU+QS4Ntiz2et0Gn8und4Uyn0ESlGEkShI9/Etqf5jJh4Zhd7NH opEkgoEZx1iwMkYjYCTJAM5QKADNcRSgKGZSnWWogkmTCTJwKzvMFkxCwf+xzStx K6LqNixurugBukRWvOrBe4Zmg9ahSCgV3N5iQZ4GL4oeHDFbHLxPGcI3lLhG8qNB YAw1qtQEagWMsKoGTTgFOE1hwCAkASjFsUCQVgIYE4GG1apJKBjGdxYbPCqHUFSi pWSPVy4PA1NuXgLGAIsEUf2GtAUOh1sdQXA+KFtdZhrwapFl6B/iHywQdD4S2Ywi VkBQlAQjTrPAmnBVMa4iM0b1gVE0AjiluifNZqN6AKhxGDmYhIL/Qg5etI2RydGa iEhNzKjI4N3TaEfrQjf0brJOs692U9vbzb2jMs51uP1Jl/6KXf7NoTEHolxXvvRf SjzbEylrjFvH1jXefbJxd9/tK8u8SVdLC9yv5N88N/v1Cyu7N1deXDPJMeVs8obj b9zvtW84sv9OWeJJ8tXyPX2/N+zqGn+ZnxCdGz++QXqzYGzthSRE7JJaflRu4/01 jqsFuat62ifvHujc8ZhupW1P59OBjoMtgz+crx08mdN/sDkwtUmfLecN2Hb8duuz Lxq6Aztjz3RsWV1d3TJBc4D86cbfuqjvn0iJemqvfk1/ToHQFZhtWrT555eZwh45 +vNj/jX7Fubnd/3adNxf+EhF7sWmMX+Q184dSvygFdFXBF6b2m1KjLvnoKanzEp0 2cWqgX7L2biU8/2xt5LudZ4g4pawCZVpv6T7q1JfaN9Q1xFxP2Z55fiPuo7tvXdd v6m3vrLt+Tk12bGzDn/rr8+puxl4vLsqrnPKmPg51xUZo+tiXKuf2XZ44DLd8t7N weL21tONnY2jKy+MSzi1/1o8sWrQPPPTd1tteW/tTct6fyO2NNWUJ6wT6mPWx9fz 31ml53QTe75a+2HbumVuvZCcC33V0/fFpM07wkRYUh9a0LxzK6mrOuqYChWT6u4M oGkJS2vmNkWdmdWcP5le4ulLbr+Ws+IysX37OyfSt4y70St8vLov9dE/k3Y1zNy4 SyrY/fWzvRMLP8mNrjh1eFvtznXt/wA= =5zDz -----END PGP MESSAGE----- 

Hashes for fingerprint list:
SHA-256: 7A6B9841 355B1127 E5639A9D 7040D81C F395D382 884376C2 31829C63 6FCF1B80
SHA-512: 04A49A60 A1645479 ED0B3CE9 AE32E156 E9768CC2 0D4EF393 814162BE BFA6FAF5 6C520769 C654467F 6B61EBD4 4A5A5C93 9DF81B7D AA468A50 2DD7FFF3 F637A49C
Verifying the fingerprint list:
Save fingerprint list, from the first plus to the last plus, to a text file called fingerprints.txt
Next save my key to a file called dcc4e.asc and my signature to a file called fingerprints.txt.asc
In terminal or command line run:

gpg --import dcc4e.asc gpg --verify fingerprints.txt.asc 

You should see:

Good signature from "dcc4e " 

GPG examples for verifying Bitcoin clients:
Verifying Bitcoin-Qt:
First download, import and check Gavin's key:
Download his key at bitcoin.org/gavinandresen.asc
In terminal or command line run:

gpg --import gavinandresen.asc gpg --fingerprint 

Check that the fingerprint for Gavin's key matches 01CD F462 7A3B 88AA E4A5 71C8 7588 242F BE38 D3A8.
Then download the wallet software and signature.
Verify the signature:

gpg --verify SHA256SUMS.asc 

You should see:

gpg: Good signature from "Gavin Andresen (CODE SIGNING KEY) " 

The signature for Bitcoin-Qt signs the hash values. So we must compute the hash of the specific downloaded software manually. This example is using the linux version.

gpg --print-md SHA256 bitcoin-0.8.6-linux.tar.gz 

Check that the output matches the associated hash value in SHA256SUMS.asc
Verifying Electrum:
First download, import and check ThomasV's key:
This key can be found at a keyserver.

gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6 gpg --fingerprint 

Check the fingerprint.
Download Electrum and the signature.
Verify the signature:

gpg --verify Electrum-1.9.6.zip.asc 

You should see:

gpg: Good signature from "ThomasV " 

For this example you do not need to manually compute any hash values because the signature is signing the downloaded file directly instead of signing a list of hashes.

FreeSpeechMe-SPECIFIC IMPROVEMENTS WE PLAN TO DO:
Hide nmcontrol/namecoind windows on Windows
GNU/Linux users don't see the terminal windows for backend software; Windows users shouldn't be bothered by them either.
Don't try to visit .bit websites when blockchain isn't downloaded
Right now, visiting a .bit website with an incomplete blockchain will use an older version of that name's data. Usually this results in a failure to load the page with no good explanation of what's wrong, but in certain rare cases it could also hypothetically result in security issues such as hijacking. A better version of FreeSpeechMe should refuse to use incomplete blockchains.
Facilitate non-Firefox usage
FreeSpeechMe uses a networking method, HTTP, which is specific to website traffic. Replacing it with a different method, SOCKS, would make it much more flexible, so you could use Dot-Bit for non-website Internet applications such as SSH. It should also be possible to route other web browsers such as Chromium through FreeSpeechMe. FreeSpeechMe should support being installed as a standalone application for users who don't use Firefox (although obviously Firefox will remain the main method of installation).
Improvements for anonymous browsing
Right now FreeSpeechMe supports routing its traffic through anonymization proxies such as Tor and I2P (if they are installed), but it is not compatible with TorBrowser, so while attackers generally can't see your location or IP address, they can deduce that different activities you do online may have come from the same person. FreeSpeechMe should be improved to function in TorBrowser, which would prevent linkage of different online activities.
Improvements for anonymous hosting
FreeSpeechMe supports Tor and I2P hidden services (if the user has Tor or I2P installed), but does not support Freenet, OnionCat, GarliCat, or other anonymous hosting networks. This should be improved.
Support for next-gen TLS specification
FreeSpeechMe is using a method of specifying certificates to prevent hijacking which is deprecated in the Dot-Bit specification. While this method remains very secure, the newer specification has more features, and FreeSpeechMe should implement it.
HTTPS enforcement
Websites which claim to support HTTPS in their domain record should automatically be loaded in HTTPS, even if the user accidentally forgets the "s", to prevent hijacking in such cases. (Note for geeks: this is like the HSTS specification, but works even for sites you haven't visited before.)
Intelligent Redirecting
Websites that want to support Dot-Bit should be able to do so without changing their server configuration, and instead have FreeSpeechMe make the server think the preexisting domain is being requested. The user would still see the Dot-Bit URL in Firefox, and unlike iframe-based methods, the URL displayed in Firefox would change accordingly as the user clicks links..
Fix HTTP protocol bugs
Unencrypted HTTP Dot-Bit websites occasionally have odd behavior in FreeSpeechMe (sometimes manifesting as links not working properly); this is most frequently seen in WordPress websites. While we strongly encourage the use of HTTPS (which isn't subject to these bugs), we still want to fix the bugs with HTTP websites.
Round-Robin Load Balancing
Some large websites use multiple server IP addresses for a single domain. FreeSpeechMe should be able to randomly choose one.
OTHER NAMECOIN SOFTWARE IMPROVEMENTS
Some of this is possibly out of the scope of this one Indiegogo campaign, depending on funds raised. But these are things we're very interested in helping implement:
Rebase on the latest Bitcoin code
Namecoin is based on an outdated version of Bitcoin (0.3.x). We should rebase on a current release. We inquired with a well-qualified and well-respected contractor (who developed Namecoin-Qt) about how much this rebase would cost; the estimate was around $17,000-$35,000 US. Spending that much on one project would be out of the realm of this first campaign. However, it may be possible to reduce this cost significantly by rebasing on a codebase other than Bitcoin, such as libcoin.
Improve scalability
Namecoin currently requires having the entire blockchain for good security. While the 1.6GB blockchain isn't a large concern right now, future scalability requires that clients be able to securely resolve names without possessing the blockchain. There is a proposal for this called SPV+UTXO.
Automatic renewal of names
Losing your names because you forgot to renew them is a problem.
Names should be able to be renewed automatically. Preferably without decrypting the wallet each time the name is renewed, and maybe without even needing your client to be open when it renews. Any solution must be trust-free.
Cold storage of Namecoin name keys
To update a Namecoin name, the keys must be decrypted on a computer with Internet access; this could be a security risk if malware is installed on that computer. To fix this, cold storage should be used, as is possible with Bitcoin.
This is in two parts: (1) port the Armory client to Namecoin (this allows transactions to be signed offline), and (2) allow a cold-storage name to be used as a revocation key for a hot-wallet name (this is called the "import" field).
Optimize Speed
Dot-Bit is already much faster than other top-level domains for both name lookup and name propagation. However, it can be made even faster.
We estimate that pre-cached name lookup time can be decreased by 2- to 5-fold in some cases, uncached name lookup time can be decreased significantly, name update propagation can be reduced from 40 minutes to under 1 minute, and blockchain sync time can be reduced significantly.
Android support
Namecoin software currently does not support Android; this situation should be improved.
Better blockchain anonymity
Like Bitcoin, Namecoin can keep the location and IP address of name owners anonymous (if used with Tor), but the various activities of name owners can be linked by an attacker. This should be improved, e.g. by implementing Zerocoin.
Better blockchain privacy
Some name owners may wish their records to not be publicly accessible; encryption would improve this situation.
Decentralized website single sign-on
Namecoin can be used to log into websites in a secure way without needing a password (protecting people from database leaks or cracked passwords without trusting a third party such as "all your data are belong to us" systems like Facebook); this is implemented as the NameID library by domob. Unfortunately, this library is not easy for non-programmers to integrate with existing websites. Plugins should be created for major website backends such as Drupal, phpBB, WordPress, and SMF, to allow trust-free NameID sign-on to be as easy as checking a box.
Automated builds
Namecoin software should support automated builds and testing so that our developers and testers can work more efficiently. The builds should also be deterministic (as Bitcoin and Tor are doing) to improve security.
Offline signing of static websites
Verifying signatures of static websites against the blockchain would prevent hijacking even if a web server is completely compromised.
SSH client integration
Log into your servers remotely without trusting your network or manually verifying fingerprints, using the same anti-hijacking features that FreeSpeechMe first implemented.