Hi,
I just created a wallet at blockchain.info. What a nice service. And it lets me backup and download an encrypted wallet. Even saves it to Dropbox automatically. Very handy.
Now, before moving my life savings to blockchain's wallet, I decided to prepare for the doomsday scenario: assume that blockchain.info suddenly disappears from Internet and I have an urgent need for my bitcoins. I have my wallet backups, and I know my password. Now how would I recover my private keys?
Attempt 1: I tried blockchain.info's own decrypt tool (
https://blockchain.info/DecryptWallet.html) before, and it worked, but in the doomsday scenario it's gone as well. Unless it used a HTML5 cache manifest and is cached on my machine. Which is not likely. FAILURE #1.
Attempt 2: I recall that an alternative Bitcoin client could import blockchain.info wallet backups. So I google up "alternative bitcoin clients" and try the first one that I find, MultiBit. It does have the option to import my backup, nice. I choose the file, enter my password, click "Unlock"... Nothing happens. I click "Unlock" again. Nothing happens again. Either the software is buggy as hell, or the encryption format has been changed, or possibly it's just a trojan that just posted my password all over the internet. Anyway, FAILURE #2.
Attempt 3: I recall that the wallet was AES encrypted, and the filename being ".aes.json" supports that theory. Now I happen to be lucky enough to know that there's a tool called openssl that I can use to decrypt files, and I happen to have it installed as well.
I google "decrypt aes openssl", and the first hit gives me an example of decrypting an AES-encrypted file. I'm also lucky to know what a base64-encoded file looks like, and the backup definitely seems like one. So this should do:
# decrypt base64-encoded version
openssl enc -d -aes-256-cbc -a -in file.enc
I change the filename to "wallet.aes.json" and try that.
% openssl enc -d -aes-256-cbc -a -in wallet.aes.json
enter aes-256-cbc decryption password:
error reading input file
Uh, ok? Now could it be some other AES than this aes-256-cbc? Let's try all of them, conveniently listed on the same page: aes-128-cbc, aes-128-ecb, aes-192-cbc, aes-192-ecb, aes-256-cbc, aes-256-ecb.
Nope, none of them work. Could be that some other cipher would work. Or it might not. FAILURE #3.
I conclude that while blockchain.info is a nice service, it's not ready for prime time until there is an easy way to actually access your backups while the site is down (which, apart from the obvious risk of a warhead or an asteroid hitting the server, happens occasionally because of a regular DDOS). Perhaps the backups should come with instructions on how to decrypt them?
