Monero CLI Crash Course

crashcourse.md

Tails & Monero CLI Cold Wallet Guide

DJ Stomp Edition

This guide walks through the full setup of a Tails-based Monero cold wallet, using a custom LUKS management script, Monero CLI, and proper offline signing workflow.

Initialize the LUKS USB

Boot into Tails, offline.
Open a terminal and identify the correct USB device:

lsblk

Find your wallet USB partition (example: /dev/sdb1).
Double-check by size — do not guess.

Run the one-time destructive initialization:

sudo ./xmr_luks.sh init /dev/sdb1

This will:

• Ask for YES
• Write a fresh LUKS header
• Open it as /dev/mapper/xmrwallet
• Format ext4
• Mount at /mnt/xmrwallet

This creates your encrypted storage permanently.

---

Opening the LUKS Volume (Every Tails Boot)

Every time you boot Tails:

lsblk
sudo ./xmr_luks.sh open /dev/sdb1

Mountpoint:

/mnt/xmrwallet

When done:

sudo ./xmr_luks.sh close

---

Prepare Monero CLI in Tails

Download Monero CLI on a normal machine, verify signatures, then bring the tarball into Tails on a separate USB.

Inside Tails:

mkdir -p ~/monero-cli
cp /media/amnesia/<tools-usb>/monero-linux-x64-*.tar.bz2 ~/monero-cli/
cd ~/monero-cli
tar xf monero-linux-x64-*.tar.bz2
cd monero-*

Now the CLI tools (monero-wallet-cli, monerod, etc.) are ready.

---

Create the Offline Cold Wallet

Make sure:

• Tails is offline
• LUKS is opened
• Monero CLI is extracted

Run:

./monero-wallet-cli   --generate-new-wallet /mnt/xmrwallet/xmr_cold_wallet   --offline

It will prompt for:

• Wallet password
• Display your 25-word mnemonic seed
• Show address
• (Optional) View/spend keys via in-wallet commands later

Write seeds on paper — no digital copies.

Wallet files now live ONLY in:

/mnt/xmrwallet/xmr_cold_wallet
/mnt/xmrwallet/xmr_cold_wallet.keys

---

Create a Watch-Only Wallet

(Online Machine)

5.1 Extract data from cold wallet (offline)

Open it:

./monero-wallet-cli --wallet-file /mnt/xmrwallet/xmr_cold_wallet --offline

Inside:

address
viewkey

Write these down or move via QR airgap.

5.2 Build watch-only wallet on an online machine

./monero-wallet-cli --generate-from-view-key xmr_watch

Input:

1. Standard address
2. Private view key
3. Restore height (0 or approximate)

This wallet cannot spend, but can:

• Generate new receive addresses
• Sync with the network
• Track balance

---

Receiving Monero

You can receive XMR using:

• Addresses from the watch-only wallet
• Addresses from the cold wallet (offline)

Funds always belong to the cold wallet keys.

---

Spending XMR

(Unsigned → Signed → Submitted)

This is the secure, offline signing workflow.

Step 1 — Create unsigned tx (online, watch-only wallet)

./monero-wallet-cli --wallet-file xmr_watch

Prevent relaying:

set do-not-relay 1

Create a transaction:

transfer 2 44...destaddress... 1.234

An unsigned_monero_tx file is written.
Copy it to a sneakernet USB.

Exit.

---

Step 2 — Sign the transaction (offline, cold wallet)

Boot Tails offline. Open LUKS:

sudo ./xmr_luks.sh open /dev/sdb1

Open the cold wallet:

./monero-wallet-cli   --wallet-file /mnt/xmrwallet/xmr_cold_wallet   --offline

Sign:

sign_transfer /path/to/unsigned_monero_tx

This creates:

signed_monero_tx

Copy to sneakernet USB.
Close wallet + close LUKS:

exit
sudo ./xmr_luks.sh close

---

Step 3 — Broadcast the signed tx (online)

Back on your online machine:

./monero-wallet-cli --wallet-file xmr_watch

Submit:

submit_transfer /path/to/signed_monero_tx

Boom.
The spend key never touched a networked system — maximum OPSEC.

---

Cleanup & Best Practices

After any cold wallet session:

1. exit wallet
2. sudo ./xmr_luks.sh close
3. Unplug encrypted USB
4. Shut down Tails
5. Use a fresh Tails session only for wallet work

Optional but pro-tier:

• Use QR codes for the unsigned/signed tx (reduces USB attack surface)
• Don’t reuse the same Tails stick for browsing & cold wallet work