Hey people, I really want to understand this, but you're ahead of me. I need this to be explained like I'm a 5 year old.
I am familiar with the wallet.dat file. It's an object, a FILE, that I protect. But I do not understand where, when, or how I extract a "private key". Nor do I understand how the private key relates to blockchain.info.
Can someone explain this stuff or give me a link?
I've been waxing on to my friends about bitcoin, but when we get to wallet security enthusiasm wanes.
Thanks.
Private key is a random number (may be expressed as a string of random characters, of course). It is private because, presumably, only the person who created it knows it. Note, "random" can be anything (with some technical limitations), including, for example, a hash of a sentence. This is convenient if you wish to store private keys in your brain.
Public key is calculated from the priv key using the ECDSA. Note, this is a one-way function: calculating the publoc key from the private key is easy, finding out the priv key when a public key is known is practically impossible.
Bitcoin address is calculated as a one-way function of the public key. Specifically, it is a double hash of pub key, ripemd160(sha256(pubkey)).
To spend (send) coins currently associated with a given address, your client (wallet program) signs a message about the spend from the corresponding public key, and message is signed with the corresponding private key. Note, the way digital signature works is that anyone who knows the public key can check that the signature was made using the valid private key, without knowing the private key. All nodes in the network can then verify that the message is valid, and broadcast it further. Eventually, a mining node will create a new block (every 10 minutes on average), and include this message ("spend") into this block, thus making it official. Note, you can only spend the complete amount of coins associated with an address. If what you are sending is less than that, the rest goes to a new address of yours. Your total balance is still correct, of course.
What your wallet software (bitcoin-qt client, multibit, or any online wallet service) does is it creates key pairs for you, manages them, and checks balances associated with the keys/addresses you own (typically only showing you the total).
===================
Most clients will let you export ("dump") private keys. Refer to the documentation about the particular client you're using. You can then preserve private key(s) using any method discussed here. Most people print them out ("paper wallets").
You can keep the physical embodiments of your private keys hidden and secure, or you can encrypt the keys beforehand, or both. Note, bitcoin-qt client offers encryption of private keys in your wallet.dat.