Bitcoin Forum

How can you create a wallet for every separate user and encrypt every wallet with a different hash?

EDIT: Just realized you can write an app to shutdown the daemon and replace the wallet.dat file but it seems it would slow overall performance drastically...

Not sure what you are trying to do, but it sounds like the method you are choosing may not be the best way to go about it.

Since every user has his own password I want to have separate wallets all encrypted with the users password

So you basically want individual encrypted wallets for several people all located in the same place but only accessible with their own unique password?

Yes, neither the hashes or the passwords will be stored at the same machine

You're talking about separate users of a Windows computer in your household?  I think that the standard installation of Bitcoin-Qt already has separate wallets and seperate copies of the blockchain for each user, doesn't it?

It has "accounts" which is an arbitrary implementation of bitcoin-qt, you cannot however encrypt individual users and you cannot let every user download his wallet file if need be.

Are you trying to create a web hosted wallet service like https://blockchain.info/wallet or are you just trying to allow multiple people who are sharing a computer each have their own wallet on that computer?

If you are talking about different users in a household, you only need create other user accounts in your operating system. Locking down/encrypting user directories is optional depending on how much you trust local users.

Bitcoin stores it's data in a user's profile on both Windows and Linux (probably Mac too). If someone logs in with a different user name and launches Bitcoin, it will create a new %APPDATA%\Bitcoin for that account with it's own wallet, blockchain, etc. You can speed up the initial download by doing a copy %APPDATA%\Bitcoin\BLK*.DAT C:\Users\LittleJohnny\AppData\Roaming\Bitcoin to each additional user account's profile.

I am looking for something more geared towards blockchain.info although not the same at all, performance wise it should be just as efficient as a commercial product.

If your trying to create a blockchain.info like site, I highly discourage it cause the reasons blockchain.info is so good is the hybird wallet system, which I don't think you have full grasped the concept of yet from this thread.

I know exactly how a hybrid wallet system works, unless you are talking about Belgian Canaries I know exactly what you're talking about.

As to having a system like I want it seems that exporting the private keys to a wallet files would be easier and faster as well.

I see that you "want to have separate wallets all encrypted with the users password"

Wouldn't that require that they send you their password in order to decrypt and use the wallet?  That seems like a significant security flaw.  I'd think it would be better to create a database that contains a user identifier and bitcoin address as a primary key along with a column for the encrypted password.  Then any new bitcoin address can be generated and the private key can then be encrypted on the user side.  Having the bitcoin addresses would allow you to show balances, and any time the user needs/wants to send a transaction, you can supply them with the encrypted password only.  The users client program can decrypt the private key locally and sign the transaction.  That way you never have access to the user's private keys or password.

If on the other hand you plan to send the user the entire encrypted wallet, and have them decrypt it locally (and use it decrypted locally), then there isn't any need to "write an app to shutdown the daemon and replace the wallet.dat file"  Since the user will be using the wallet on their end, you don't need a daemon at all.

Obviously I wouldn't send the raw password over the network, I would send a salted bcrypt hash over RSA-2048 in a secured connection. I wouldn't store the wallet on the users side not because of a possible security flaw on the server side but because the average gullible user needs to be protected from himself, in addition to having the option to run on the deep-web in the future.

If you don't send the raw password over the network, how are you going to encrypt or decrypt the wallet? Don't you need the actual encryption password to do that?

http://en.wikipedia.org/wiki/Hash_function

http://en.wikipedia.org/wiki/Bcrypt

I looked at both links.  I still don't understand how you can encrypt or decrypt the wallet without the password.

If madmadmax is going to store the users encrypted wallets on his server, and then try and swap them in using bitcoind, how exactly are private and public keys going to keep the user's wallets secure?

That's a really good question that I'm still trying to understand. See here:


I can't make sense of what you are saying. If the user wants to create a new address, what do they transmit to your server? Do they send the un-encrypted private key?  If they send only the public key, then how will your server sign transactions for them?  How will your server protect them from losing their private keys?


The only way to keep the private keys protected is to store them encrypted, then send the encrypted key to the user so they can decrypt it with the client software on their side and sign the transactions themselves on their side.

I agree, which is what I'm trying to get madmadmax to understand.

Meaning that anyone who has access to your server now has access to the user's password, and all their bitcoins.  That doesn't sound secure, and doesn't sound like a good idea.  The way https://bclockchain.info/wallet handles it is far more secure (and faster).

I agree.  All that in addition to the serious lack of security.

You guys are hopeless, nevermind that I discarded the initial approach on the first page I have explained how the system works time and time again, the users password is hashed+salted with bcrypt and sent through an RSA-2048 secured connection to the server. Impossible to sabotage unless direct access to the main server is gained and maintained while users try to connect to their account (as the hashes aren't stored on the machine), thus every account is in cold storage until he is needed.

If somehow hackers gain a momental access to all the wallets on the server and obtain a copy, most of the users could be sent messages through sms asking them to change the password before the hackers would bruteforce a single one.

I am wondering what is the best method to encrypt individual accounts within a wallet...

I give up.  madmadmax, go about it however you like.  You won't provide enough information for anyone to assist you and the bits and pieces of information that you do reveal don't make any sense.  gweedo, you're welcome to try and assist, but I'm done here.