Encrypt Wallet

[MountainTop]

What do encrypt wallet actually do in the Bitcoin code?

More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?).

[shorena]

I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently.

The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC.

This will indeed make the file unreadable while encrypted.

[btchris]

It's complicated 

The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically:

A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?).

The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)).

Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified).

This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat.

Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged.

[diabanhxeo]

What do encrypt wallet actually do in the Bitcoin code?

More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?).

We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

[rarkenin]

We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen.

[btchris]

We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen.

Malware (viruses) has become very clever (it's big business these days). If malware does manage to find its way onto your computer, it can easily steal your wallet if you don't encrypt it. Even if you do encrypt it, more sophisticated malware can still steal your wallet (read up on "keyloggers" for more details).

If this concerns you, and it should if you have a lot of Bitcoin stored in your wallet that you can't afford to lose, read up on how to use cold storage.

[MountainTop]

It's complicated 

The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically:

A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?).

The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)).

Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified).

This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat.

Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged.

This is exactly what I want to know. It is very helpful and thanks a lot!

But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ?

[MountainTop]

I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently.

The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC.

This will indeed make the file unreadable while encrypted.

Thanks a lot! But what is IIRC?

[rarkenin]

Thanks a lot! But what is IIRC?

"If I remember correctly". It's not actually a crypto term that applies to the algo.

[btchris]

This is exactly what I want to know. It is very helpful and thanks a lot!

But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ?

Bitcoin Core does not make any automated backups. You need to either backup the wallet.dat file yourself (but only when Bitcoin isn't running), or use the Backup Wallet option in the menu. Backups should be created at least once for every 100 new receiving addresses created.

Some clients do perform automated backups (of course, backups to the same hard drive aren't all that useful...):

• Armory maintains one backup file.
• MultiBit Classic creates new backup files after each new receiving address is created.
• Blockchain.info by default keeps a local backup in addition to encrypted wallet stored on their servers, and they have options for other types of off-site backups as well.
• Armory and Electrum, being deterministic, both have backup-to-paper options which only need be done once at wallet creation.