Bitcoin Core private keys

[darosior]

HI,

sorry to up the thread but I had the same problem and the response solved it, and I'm wondering : are all keypairs generated that way ? If yes, can the node's owner dump the privkey of all addresses generated by a RPC request to it ?

Thanks,
Darosior

[1713904115]

1713904115

[1713904115]

1713904115

[Xynerise]

HI,

sorry to up the thread but I had the same problem and the response solved it, and I'm wondering : are all keypairs generated that way ? If yes, can the node's owner dump the privkey of all addresses generated by a RPC request to it ?

Thanks,
Darosior

If you want to dump ALL the private keys at once then you can run

Code:

bitcoin-cli dumpwallet

to dump them all to a text file.

[HCP]

sorry to up the thread but I had the same problem and the response solved it, and I'm wondering : are all keypairs generated that way ? If yes, can the node's owner dump the privkey of all addresses generated by a RPC request to it ?

No... the current version of Bitcoin Core actually pre-generates a keypool of 1000 keypairs. When you use "getnewaddress" it simply takes the first "unused" address from the keypool and returns that.

Just to correct Xynerise's post slightly:

Code:

bitcoin-cli dumpwallet <OUTPUTFILEPATH>

If your wallet is encrypted, you'll also need to use:

Code:

bitcoin-cli walletpassphrase <YOURPASSPHRASE> 600

to unlock the wallet first before being able to use the dumpwallet command. Note that the number at the end is the number of seconds before the wallet will be automatically locked again, so in this example it's 600 seconds = 10 minutes

[BTCW]

A word of caution for everyone running Bitcoin Core:

Since the "dumpwallet" command is allowed over RPC and will print out all your private keys (which equals complete access to your coins regardless of the wallet password), think twice before enabling RPC and making it accessible over the internet.

People who for some reason need RPC over internet should use extraordinary strong RPC passwords (which is NOT the same as the wallet passphrase!).

Weak RPC username and passwords will be hacked by script kiddies who are playing with Shodan, if your machine is accessible over the internet.

(Look for example here about a guy who found a simple hack for BTC and ETH-mining rigs via Shodan: https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157)

Stay safe! 

[bob123]

Since the "dumpwallet" command is allowed over RPC and will print out all your private keys (which equals complete access to your coins regardless of the wallet password), ...

Using RPC's does NOT allow to directly dump all of the private keys if the wallet is encrypted.
Authenticating RPC's does not equal the decryption of the wallet.

If you want to dump the wallet via RPC, you need to unlock the wallet with the walletpassphrase first.
HCP has mentioned this directly above your post.

[darosior]

Hi,

First thanks all for your responses.
I knew about RPC commands but I wanted to confirm thay any key pair generated thanks to getnewaddress is owned by the node's owner?
Is it a bad way (/bad practice) of generating adresses ?

Thanks,
Darosior

[HCP]

I knew about RPC commands but I wanted to confirm thay any key pair generated thanks to getnewaddress is owned by the node's owner?
Is it a bad way (/bad practice) of generating adresses ?

As explained... a Bitcoin Core wallet pre-generates 1000 keypairs when it is created... getnewaddress simply returns the first unused keypair... so, yes, you could say that the keypair "generated" by getnewaddress is "owned by the node's owner".

No, it is not a bad way of "generating" addresses...

[darosior]

OK,

Thanks all for your responses !

Darosior

[achow101]

Since the "dumpwallet" command is allowed over RPC and will print out all your private keys (which equals complete access to your coins regardless of the wallet password), ...

Using RPC's does NOT allow to directly dump all of the private keys if the wallet is encrypted.
Authenticating RPC's does not equal the decryption of the wallet.

If you want to dump the wallet via RPC, you need to unlock the wallet with the walletpassphrase first.
HCP has mentioned this directly above your post.

Not only that, but dumpwallet does not return the private keys over RPC. It writes them to a file which is local to the machine so attackers cannot use dumpwallet and extract all of your private keys. They could use dumpprivkey but that can only get them private keys for addresses that they know belong to that wallet.

[Thirdspace]

Not only that, but dumpwallet does not return the private keys over RPC. It writes them to a file which is local to the machine so attackers cannot use dumpwallet and extract all of your private keys. They could use dumpprivkey but that can only get them private keys for addresses that they know belong to that wallet.

assuming both RPC pass and wallet passphrase was compromised (or not set at all)
wouldn't listreceivedbyaddress reveal all funded addresses in the wallet?
would the set of commands below work? of course a bit scripting/programming needed achow101 answered as I write this line

Code:

bitcoin-cli walletpassphrase "passphrase" 600
bitcoin-cli listreceivedbyaddress 6 false false 
bitcoin-cli dumpprivkey <address1>
bitcoin-cli dumpprivkey <address2>
...

[achow101]

assuming both RPC pass and wallet passphrase was compromised (or not set at all)
wouldn't listreceivedbyaddress reveal all funded addresses in the wallet?

Yes, it would.

But it would also just be easier to just send yourself all of the coins in the wallet instead of getting their private keys.

If an attacker were able to get the dumpwallet output, they would then have the keys for all of the keypool keys and the master private key and HD seed which means they can then know all of your future addresses too. That is much more dangerous.