Title: a simple script for wallet password encryption Post by: ThomasV on April 24, 2011, 10:51:21 AM Simple password encryption is a feature I would like to see built in the client, because other people than me have physical access to my machine.
Until then, here is a short script that does what I want: http://sanescreen.org/wallet I did not find a similar script on the forum or wiki, this is why I post it here. I hope it will be useful to some; please send me your feedback. Title: Re: a simple script for wallet password encryption Post by: nodemaster on April 24, 2011, 07:46:42 PM This is a KISS-Solution for a shared PC. I like it. However you could add some additional security by using /dev/shm as traget for the unencrypted wallet. With appropriate permissions and a link from your bitcoin directory you make sure that the unencrypted wallet never is written to a non-volatile memory. Your solution unintentional might leave a copy of your wallet on your physical disk or in the filesystems journal.
But nevertheless I won't use any shared PC for my main wallet. But for a small wallet for day-to-day transactions it is a straightforward solution. Title: Re: a simple script for wallet password encryption Post by: ThomasV on April 24, 2011, 10:30:20 PM Thanks for the feedback. I updated the script following your suggestions (shm + symlink).
My machine is not a shared PC, it is a simple laptop. But these things sometimes get lost, stolen, or simply borrowed. I feel more comfortable with encryption. Title: Re: a simple script for wallet password encryption Post by: Gavin Andresen on April 24, 2011, 11:45:51 PM Quote Code: openssl enc -aes256 -in /dev/shm/wallet.dat -out $dir/wallet.dat.aes256 -pass pass:$passw That really aught to be openssl .. && rm -f ... ... or maybe something more complicated to make sure the wallet encryption/writing completed OK before removing the wallet.dat. Like checking to make sure wallet.dat.aes256's filesize doesn't get smaller through the decrypt...use...re-encrypt cycle. Title: Re: a simple script for wallet password encryption Post by: ThomasV on April 25, 2011, 06:11:40 AM ... or maybe something more complicated to make sure the wallet encryption/writing completed OK before removing the wallet.dat. Like checking to make sure wallet.dat.aes256's filesize doesn't get smaller through the decrypt...use...re-encrypt cycle. thanks for having a look. I updated the script, with something a bit more complicated, but perhaps better than filesize: the wallet is decrypted one last time, and I check it is a fixed point before deleting it. |