When you unlock the wallet, the password is used to decrypt the key actually used to encrypt the private keys. That decryption key is stored in the wallet as vMasterKey. It will remain there in memory (and thus the wallet is unlocked) until CWallet::Lock is called to remove it from memory and thus lock the wallet.
When you use the walletpassphrase RPC, a timer thread will be scheduled to run after the given timeout. That thread will just call CWallet::Lock and lock the wallet.
The GUI doesn't need a timer like the RPC does because it can ask for the passphrase when needed, and lock the wallet when it is done with what it is doing. So it does not have a timeout in the same way the RPC does. Rather each action that needs the wallet to be unlocked for it to succeed will create a WalletModel::UnlockContext object, which in doing so, will spawn the AskPassphraseDialog to get your passphrase. That sets CWallet::vMasterKey thereby unlocking your wallet. The UnlockContext object has a destructor which calls CWallet::Lock so when it is destroyed, the wallet is locked. The object is destroyed when it goes out of scope, i.e. when the action being performed that needed the wallet to be unlocked is completed.
|