What is the difference between these two:
- armory_xxxxxxxx_.wallet
- armory_xxxxxxxx_encrypt.wallet
That one is encrypted is fairly clear but isn't the normal file "encrypted" as well? Does the first file really contain private keys in plain text?
The armory_xxxxxxxx_.wallet file is your "normal" wallet file; it's what's used by Armory. Its private keys are always encrypted by Armory.
The armory_xxxxxxxx_encrypt.wallet file is an private-key-encrypted "digital backup" file which you made at some time in the past; you probably simply forgot that you (manually) made this backup (check its last modified date, it will be whenever you created that backup). It is safe to move this file to another location if you like (or delete it... you did make a paper backup,
right? ![Wink](https://bitcointalk.org/Smileys/default/wink.gif)
)
You can also make a completely
unencrypted "digital backup" (by default it would be called armory_xxxxxxxx_decrypt.wallet); if you choose to do so, you'll get a strongly-worded warning about the dangers of making it unencrypted.
I think it's binary, or a binary map. Just as usable to someone who's motivated to take the BTC inside (i.e. just as much raw information as a plain text privkey)
The wallet format (the "1.0" format) is pretty well documented over here:
https://bitcoinarmory.com/wallet-format/The optional encryption (which is always used for normal wallet files and for encrypted digital backups) individually encrypts each 32-byte private key (and only the private keys). Each private key is encrypted with AES-256 in CBC mode with no padding, and a randomly generated IV (stored alongside each private key). The single encryption key is derived from the user's password with a custom KDF based on Colin Percival's ROMix function, except it uses SHA-512 as the mixing function instead of BlockMix
Salsa20/8 as originally specified in Percival's
scrypt paper (and it also has a few other tweaks compared to ROMix). The KDF uses 16 bytes of salt. (ROMix is the memory-hard part of scrypt.)