Skip to content

Releases: BitBoxSwiss/bitbox-wallet-app

Release v4.30.0 - Release Candidate 1

23 Oct 09:25
v4.30.0-rc1
334dedd
Compare
Choose a tag to compare
Pre-release

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

v4.29.1

07 Sep 14:10
v4.29.1
b9632d1
Compare
Choose a tag to compare

Release notes

  • Disable GPU acceleration introduced in v4.29.0 due to rendering artefacts on Windows
  • Changed default currency to USD
  • Verify the EIP-55 checksum in mixed-case Ethereum recipient addresses
  • Support copying address from transaction details
  • Upgrade to BitBox02 Bitcoin-only firmware version 9.7.0
  • Upgrade to BitBox02 Multi firmware version 9.7.0

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.29.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.29.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.29.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Note: For Android, this commit was used to build the release.

Note: For Windows, this commit was used to build the release.

v4.29.0

03 Aug 16:49
v4.29.0
463dfae
Compare
Choose a tag to compare

Release notes

  • Add support for the Address Ownership Proof Protocol (AOPP), i.e.: handle 'aopp:?...' URIs. See https://aopp.group/.
  • Add fee options for Ethereum based on priority, and the ability to set a custom gas price
  • Updated to Qt 5.15 from Qt 5.12 for Linux, macOS and Windows
  • Add a guide entry: How to import my transactions into CoinTracking?
  • Revamped account-info view to show account keypath, scriptType etc.
  • Allow disabling accounts in 'Manage accounts'
  • Prevent screen from turning off while the app is in foreground on Android
  • Allow entering the BitBox02 startup settings in 'Manage device' to toggle showing the firmware hash at any time
  • More user-friendly messages for first BitBox02 firmware install
  • Use hardware accelerated rendering in Qt if available

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.29.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.29.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.29.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Note: For Android, this commit was used to build the release.

Note: For Windows, this commit was used to build the release.

Release v4.28.2

03 Jun 14:52
v4.28.2
982a1b7
Compare
Choose a tag to compare

Release notes

  • Fix a conversion rates updater bug

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.2-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.2-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.2-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.28.1

28 May 23:22
v4.28.1
2daf8ae
Compare
Choose a tag to compare

Release notes

  • Restore lost transaction notes when ugprading to v4.28.0.
  • Improve error message when EtherScan responds with a rate limit error.

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.28.0

27 May 12:59
v4.28.0
c91d21e
Compare
Choose a tag to compare

Release notes

  • New feature: manage multiple accounts
  • Upgrade to BitBox02 Bitcoin-only firmware version 9.6.0
  • Upgrade to BitBox02 Multi firmware version 9.6.0
  • Remove the setting 'Separate accounts by address type (legacy behavior)'. BitBox02 accounts are now always unified.
  • Display the BitBox02 secure chip version (from v9.6.0)
  • Validate socks proxy url

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.28.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.28.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.28.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.27.0

22 Mar 15:02
v4.27.0
a9015a7
Compare
Choose a tag to compare

Release notes

  • Buy ERC20 tokens using Moonpay
  • Upgrade to BitBox02 Bitcoin-only firmware version 9.5.0
  • Upgrade to BitBox02 Multi firmware version 9.5.0
  • Run BitBoxApp installer as admin by default on Windows
  • Close a running BitBoxApp instance on Windows when installing an update to ensure success
  • Connect default full nodes on port 443 to avoid firewall issues
  • Show blockchain connection errors in detail
  • Remove CryptoCompare; use Coingecko for latest conversion rates. Fixes rate limiting issues, especially for VPN/Tor users.
  • Remove confusing disabled copy button in the receive screen

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.27.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.27.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.27.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.26.0

25 Feb 18:42
v4.26.0
88506c8
Compare
Choose a tag to compare

Release notes

  • Italian translation
  • Allow camera access for Moonpay due to their KYC requirements starting 1st of March
  • Remove BitBox02 random number button
  • Show more decimals in the portfolio when main currency is BTC
  • Broadcast an Ethereum transaction again if it got dropped by Etherscan
  • Show Ethereum transaction nonce in the transaction details
  • Fix QR code scanner regression issue on Linux
  • Bugfix: restore success screen when setting up or restoring a BitBox02 wallet

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.26.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.26.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.26.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.25.0

27 Jan 12:26
v4.25.0
5804223
Compare
Choose a tag to compare

Release notes

  • Buy crypto inside the app through Moonpay
  • Protection against the nonce covert channel attack when signing Bitcoin/Litecoin transactions (antiklepto protocol).
  • Upgrade to BitBox02 Bitcoin-only firmware version 9.4.0
  • Upgrade to BitBox02 Multi firmware version 9.4.0

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.25.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.25.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.25.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.24.1

12 Dec 15:00
v4.24.1
9ac752c
Compare
Choose a tag to compare

Release notes

  • Fix compatibility with ElectrumX 1.16.0 and Electrs v0.8.6 full node backends
  • Small bugfix in the portfolio chart

Verifying the release

Get benma's public key:

curl https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import
# or via Tor hidden service
curl http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275 | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.24.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.24.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.24.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)