v4.37.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.14.0
• Bundle BitBox02 Multi firmware version 9.14.0
• Add dark mode: app will default to the mode set by the system preferences but can be overwritten in the settings
• Enable auto HiDPI scaling to correctly manage scale factor on high density screens
• Bitcoin: enable setting a custom fee if the fee rate estimations are unavailable

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://bitbox.swiss/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.37.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.37.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.37.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.36.1

Release notes

• Fix USB communication issue on Windows

Note: this is a bugfix release for Windows only. v4.36.0 is still the latest release for all other platforms.

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://shiftcrypto.ch/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.36.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.36.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.36.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.36.0

Release notes

• Integration of Pocket Bitcoin, making it easy to buy Bitcoin within the app. You can share a single address or an xpub.
• Re-style header for a better space utilisation
• Re-style sidebar navigation on mobile (portrait) to be full-screen for better space utilisation and a more modern look
• Automatically recover from a corrupt headers database (caused e.g. by the computer shutting down during a database write)
• Re-style account selector to show the account's balance and its coin logo
• Show a 'Receive' (crypto) button beside the 'Buy' button for an empty wallet
• Create a new screen for selecting an account to receive crypto

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://shiftcrypto.ch/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.36.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.36.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.36.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.35.1

Release notes

• Fix issue where the app sometimes shows a blank screen after unlock

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://shiftcrypto.ch/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.35.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.35.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.35.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.35.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.13.1
• Bundle BitBox02 Multi firmware version 9.13.1
• Add 'sat' unit for Bitcoin accounts, available in Settings view
• Add Arabic translation
• Render number of blocks scanned and percentage progress using fixed-width digits for a more stable UI
• Transaction details: show fiat value at time of transaction
• Android:
  • re-style portfolio chart for better usability and a more modern look
  • more modern look by changing the status bar color to white while the app is running
  • fix time shown on BitBox02 when restoring a backup (it was shown in UTC instead of local time)
  • Fix broken links on Android 11+
• Fix update balance after transaction sent
• Fix utxos update after new transaction is sent
• Add attestation check to the device settings
• Fix insufficient gas funds error message on erc20 transactions
• Display trailing zeroes for BTC/LTC amount formatting
• Add version number and available updates check in settings
• Add translation feedback link in the guide
• Fix a UI bug when checking a backup where the confirmation dialog is sometimes empty
• Ethereum: remove Ropsten/Rinkeby testnet networks, which have been shut down. Added the Goerli testnet network.

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://shiftcrypto.ch/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.35.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.35.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.35.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.34.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.12.0
• Bundle BitBox02 Multi firmware version 9.12.0
• The Windows installer now asks the user to close a running instance of the BitBoxApp instead of forcefully stopping it
• Ethereum: reduce Etherscan polling interval from one minute to five minutes

Verifying the release

Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.

Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:

curl https://shiftcrypto.ch/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.34.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.34.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.34.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.33.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.11.0
• Bundle BitBox02 Multi firmware version 9.11.0
• Improve visual loading of the portfolio view

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl https://shiftcrypto.ch/download/shiftcryptosec-9CD5646C0AD5161E.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.33.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.33.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.33.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.32.1

Release notes

• Fix Moonpay not loading on Android

Note: this is a patch release for Android only.

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl https://shiftcrypto.ch/download/shiftcryptosec-9CD5646C0AD5161E.gpg.asc | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.32.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.32.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.32.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.32.0

Release notes

• Bundle BitBox02 Bitcoin-only firmware version 9.10.0
• Bundle BitBox02 Multi firmware version 9.10.0
• Add support for BIP-86 taproot receive addresses
• Show coin subtotals in 'My portfolio'
• Add QR-code scanner to Ethereum
• Transaction details: make transaction ID copyable without opening the block explorer
• Improve account loading speed when there are many transactions in the account
• Desktop: add a configuration option using the environment variable BITBOXAPP_RENDER to enable
  users to turn off forced software rendering. Use BITBOXAPP_RENDER=auto to use Qt's default
  rendering backend.

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.32.0-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.32.0-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.32.0-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)

v4.31.1

Release notes

• Bundle BitBox02 Multi firmware version 9.9.1
• Add a file picker dialogue to choose where to export a CSV to
• Fix display of server name and checking the server connection in 'Connect your own full node'
• Add support for Swedish krona (SEK)

Verifying the release

Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:

curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import

Download the app for your platform and the corresponding .asc file and place them in the same folder.

We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.

To verify the signature, execute:

gpg --verify BitBox-4.31.1-macOS.zip.asc

You should see the following output:

gpg --verify BitBox-4.31.1-macOS.zip.asc
gpg: assuming signed data in 'BitBox-4.31.1-macOS.zip'
gpg: Signature made <DATE AND TIME>
gpg:                using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]

(The [ultimate] could say [unknown] or something else depending on your trust level.)