I use TrueCrypt on Linux to create and mount just a small encrypted volume that holds only the wallet.dat. That wallet.dat is well under 1MB now, but 5MB seems to be a ample yet convenient upper bound as far as size goes. I'ld like to ensure that the wallet.dat has not and will not ever be stored on a non-encrypted volume.
For me to be able to ensure that a new wallet is created on an encrypted volume, I created a much larger encrypted volume (e.g, 300MB or larger, depending on volume of logging kepts) and launch the Bitcoin client there. Once I have the wallet.dat, I then move it to the smaller 5MB encrypted volume.
The protected 5MB volume is not normally mounted and is only used sporadically. When I do wish to use it, I mount the volume and then create a symlink to its wallet.dat before launching bitcoin.
It would be more convenient if, instead of having to create a symlink, I was able to specify which directory to use just for the wallet.dat. e.g.,
$ bitcoin -walletdir=/media/truecrypt1 -datadir=/usr/local/bitcoin/data
Something like a -walletdir option would allow me to create the wallet in a separate directory as well. An added benefit for that would be that I could then skip having the 300MB encrypted volume as well.
Does anyone have a better solution, or other thoughts on this suggestion?
I can't believe this feature has not yet been added or am I missing something?
This makes basic security common sense - a lack of a -walletdir option is a major bug.
If basic security goes that you maintain a hot-wallet for day to day transactions and a secure offline wallet for your bank account then surely you need the ability to secure and hide your account wallet.
The obvious way to do this is in a Truecrypt hidden volume - that way you're secure (with reasonable precautions) against trojans, hackers etc AND (and this is what no-one seems to be addressing if this experiment ever goes mainstream) against physical attacks where some guy threatens to break your legs if you don't reveal you truecrypt password to your off-shore account wallet.
Hiding a small wallet.dat file in a truecrypt hidden volume within a gb volume is impossible to detect, however having to haul the entire blockchain in there as well, kinda makes it obvious there's a hidden volume there.
I'm no coder but this must be two lines of code at most: if walletdir=NULL then walletdir="%data%\bitcoin" else walletdir=<-walletdir>
Please sort this out or show me a version of bitcoind that uses it already, but not electrum - I like bitcoind, I'm comfortable with it. I've no problem with downloading the complete blockchain, but a copy with each wallet is too much, especially if I need to encrypt public data just to secure my 1mb of private data.
This option makes so much sense, it would reduce this page : https://en.bitcoin.it/wiki/Securing_your_wallet
create hidden volume;
stick hot wallet in the outer volume;
stick account wallet in hidden volume;
make several back ups;
set bitcoind -walletdir=TrueCryptvol:\MyWallet;
mount whichever wallet you wish to use;
make sure no trojan steal your mounted wallet, which is encrpted on bitcoin-qt anyway.