v4.33.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.11.0
• Bundle BitBox02 Multi firmware version 9.11.0
• Improve visual loading of the portfolio view

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl https://shiftcrypto.ch/download/shiftcryptosec-9CD5646C0AD5161E.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.33.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.33.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.33.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.32.1

Release notes

• Fix Moonpay not loading on Android

Note: this is a patch release for Android only.

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl https://shiftcrypto.ch/download/shiftcryptosec-9CD5646C0AD5161E.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.32.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.32.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.32.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.32.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.10.0
• Bundle BitBox02 Multi firmware version 9.10.0
• Add support for BIP-86 taproot receive addresses
• Show coin subtotals in 'My portfolio'
• Add QR-code scanner to Ethereum
• Transaction details: make transaction ID copyable without opening the block explorer
• Improve account loading speed when there are many transactions in the account
• Desktop: add a configuration option using the environment variable BITBOXAPP_RENDER to enable
  users to turn off forced software rendering. Use BITBOXAPP_RENDER=auto to use Qt's default
  rendering backend.

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.32.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.32.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.32.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.31.1

Release notes

• Bundle BitBox02 Multi firmware version 9.9.1
• Add a file picker dialogue to choose where to export a CSV to
• Fix display of server name and checking the server connection in 'Connect your own full node'
• Add support for Swedish krona (SEK)

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.31.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.31.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.31.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.31.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.9.0
• Bundle BitBox02 Multi firmware version 9.9.0
• Support sending to Bitcoin taproot addresses
• Fix opening 'transactions export' CSV file
• Add Dutch translation
• Add support for Norwegian krone (NOK)
• Migrated the frontend from preact to React

Known issues

The list in "Connect your own full node" settings failis to display server names. This is only a UI issue. The app establishes connections correctly on the backend. This will be resolved in the next patch release. See #1597.

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.31.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.31.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.31.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.30.1

This release is the same as v4.30.0, but changing the Android SDK target level from 29 to 30 so it can be uploaded on Google Play (see #1476).

v4.30.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.8.0
• Bundle BitBox02 Multi firmware version 9.8.0
• Improve information about using the passphrase feature
• Fix an Android app crash when opening the app after first rejecting the USB permissions
• Change label to show 'Fee rate' or 'Gas price' for custom fees
• Change label 'Send all' label to 'Send selected coins' if there is a coin selection
• Temporary disable Chromium sandbox on linux due to #1447

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.30.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.30.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.30.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Release v4.30.0 - Release Candidate 2

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

Release v4.30.0 - Release Candidate 1

⚠️ This is a pre-release candidate intended for testing. ⚠️

Testing is recommended with accounts holding only a small amount of funds. Make sure your backups work before use.

v4.29.1

Release notes

• Disable GPU acceleration introduced in v4.29.0 due to rendering artefacts on Windows
• Changed default currency to USD
• Verify the EIP-55 checksum in mixed-case Ethereum recipient addresses
• Support copying address from transaction details
• Upgrade to BitBox02 Bitcoin-only firmware version 9.7.0
• Upgrade to BitBox02 Multi firmware version 9.7.0

Verifying the release

Get benma's public key:

curl 'https://keybase.io/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor daemon proxy:
curl --socks5-hostname localhost:9050 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import
# or via Tor hidden service, using the Tor browser proxy:
curl --socks5-hostname localhost:9150 'http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/benma/pgp_keys.asc?fingerprint=2260e48288882c76afaa319d67a2b160f74db275' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.29.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.29.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.29.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 2D8876810AB092E451DCA894804538928C37EAE8
gpg: Good signature from "Marko Bencun <marko@shiftcrypto.ch>" [ultimate]
gpg:                 aka "Marko Bencun <mbencun+pgp@gmail.com>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

Note: For Android, this commit was used to build the release.

Note: For Windows, this commit was used to build the release.