Bitcoin Forum
November 15, 2024, 09:08:30 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Encrypt Wallet  (Read 1034 times)
MountainTop (OP)
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 26, 2014, 08:26:56 AM
 #1

What do encrypt wallet actually do in the Bitcoin code?

More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?).

shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
July 26, 2014, 09:34:21 AM
 #2

I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently.

The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC.

This will indeed make the file unreadable while encrypted.

Im not really here, its just your imagination.
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
July 26, 2014, 06:17:19 PM
 #3

It's complicated  Wink

The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically:

A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?).

The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)).

Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified).

This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat.

Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged.
diabanhxeo
Member
**
Offline Offline

Activity: 62
Merit: 10


View Profile
July 27, 2014, 12:52:11 AM
 #4

What do encrypt wallet actually do in the Bitcoin code?

More specifically, I am curious what it encrypts, what algorithm it use and the outcome of the encryption (maybe just a unreadable file?).



We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

[XDE] DoubleEagle - Only 100! Unique and Rare! - Come Get your Free Share! - ends Nov. 21
rarkenin
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
July 27, 2014, 01:00:48 AM
 #5

We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen.
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
July 27, 2014, 01:54:29 PM
 #6

We have backed up the wallet

Why should we encrypt the wallet?

Thanks !

Back up the wallet to avoid being locked out. Encrypt it to avoid having your coins stolen.

Malware (viruses) has become very clever (it's big business these days). If malware does manage to find its way onto your computer, it can easily steal your wallet if you don't encrypt it. Even if you do encrypt it, more sophisticated malware can still steal your wallet (read up on "keyloggers" for more details).

If this concerns you, and it should if you have a lot of Bitcoin stored in your wallet that you can't afford to lose, read up on how to use cold storage.
MountainTop (OP)
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 27, 2014, 03:41:38 PM
 #7

It's complicated  Wink

The wallet.dat file itself is a set of key/value pairs in Berkeley DB BTREE v9 format. Most of it is not encrypted, except for certain values including the private keys themselves and the master key. More specifically:

A 32-byte random master key or "mkey" is generated using OpenSSL's RAND_bytes(). This PRNG is seeded by /dev/urandom on Linux or by CryptGenRandom() on Windows. Additionally on Windows, Bitcoin adds additional entropy from a screen shot and from Windows perfmon counters (possibly because OpenSSL didn't use CryptGenRandom() in early versions?).

The mkey is used as an encryption key to encrypt each individual Bitcoin private key using AES-256 in CBC mode with PKCS7 padding and an initialization vector of SHA-256(SHA-256(the respective public key)).

Your password, plus an 8-byte salt which is initially generated using RAND_bytes() and stored in wallet.dat, is fed into PBKDF1-SHA-512 (normal PBKDF1 doesn't use SHA-512) with a certain number of iterations (stored in wallet.dat) to generate 512 bits of derived key data. The iteration count is initially set such that it will take about 1/10th of a second to run the iterations on whichever CPU the password is added (or modified).

This derived data is divided into three parts. The first 256 bits are used as an encryption key, the next 128 bits are used as in initialization vector, and the remaining bits are discarded. This encryption key and initialization vector are then used to encrypt the mkey (again using using AES-256 in CBC mode with PKCS7 padding), and the encrypted mkey is stored in wallet.dat.

Upon a password change, only the encrypted mkey needs to be recomputed and written back to wallet.dat, while it's unencrypted value and all of the Bitcoin private keys which it encrypts remain unchanged.

This is exactly what I want to know. It is very helpful and thanks a lot!

But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ?
MountainTop (OP)
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 27, 2014, 03:52:17 PM
 #8

I assume you are talking about the wallet.dat bitcoin core uses, other clients might work differently.

The wallet.dat contains (among other data) your private keys, thus it is essential for the security of yours coin that they are protected. The algorithm used is AES256 IIRC.

This will indeed make the file unreadable while encrypted.

Thanks a lot! But what is IIRC?
rarkenin
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500



View Profile
July 27, 2014, 03:52:56 PM
 #9


Thanks a lot! But what is IIRC?

"If I remember correctly". It's not actually a crypto term that applies to the algo.
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
July 27, 2014, 05:08:36 PM
 #10

This is exactly what I want to know. It is very helpful and thanks a lot!

But then I came up with a question (probably very silly), what if this wallet.dat file is manually being deleted, is there any backup itself ?

Bitcoin Core does not make any automated backups. You need to either backup the wallet.dat file yourself (but only when Bitcoin isn't running), or use the Backup Wallet option in the menu. Backups should be created at least once for every 100 new receiving addresses created.

Some clients do perform automated backups (of course, backups to the same hard drive aren't all that useful...):
  • Armory maintains one backup file.
  • MultiBit Classic creates new backup files after each new receiving address is created.
  • Blockchain.info by default keeps a local backup in addition to encrypted wallet stored on their servers, and they have options for other types of off-site backups as well.
  • Armory and Electrum, being deterministic, both have backup-to-paper options which only need be done once at wallet creation.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!