Difference between revisions of "Wallet Encryption"

From Veriblock Wiki
Jump to: navigation, search
Line 11: Line 11:
 
By default, new wallets are created unencrypted. It is the same if loading from an existing wallet.dat file.
 
By default, new wallets are created unencrypted. It is the same if loading from an existing wallet.dat file.
  
== Encrypting the Wallet ==
+
== Overview ==
 +
 
 +
Encrypt/Decrypt modifies the physical wallet.dat file.
 +
 
 +
Lock/Unlock relates to the in-memory keys, it will not modify the actual wallet.dat file. If someone encrypts the file and then unlocks the wallet (in order to send coins), it will only store the decrypted keys in-memory, without changing the physical file.
 +
 
 +
== Usage ==
  
 
Normal usage (wallets are created unencrypted):
 
Normal usage (wallets are created unencrypted):
  
# encryptwallet --> Physically encrypt the wallet.dat file. Run once for setup.
+
* encryptwallet --> Physically encrypt the wallet.dat file. Run once for setup.
# unlockwallet --> When a command requires it, unlock the wallet. This takes a passphrase and temporarily decrypts the wallet to read the private keys into memory.
+
* unlockwallet --> When a command requires it, unlock the wallet. This takes a passphrase and temporarily decrypts the wallet to read the private keys into memory.
# lockwallet --> Once done with that command, lock the wallet back up. The lockwallet command clear those private keys from memory
+
* lockwallet --> Once done with that command, lock the wallet back up. The lockwallet command clear those private keys from memory
# decryptwallet --> Physically decrypt the wallet.dat file (only run if need to revert wallet to plain text)
+
* decryptwallet --> Physically decrypt the wallet.dat file (only run if need to revert wallet to plain text)
 +
 
 +
=== Case 1: Do not encrypt wallet ===
 +
 
 +
This is the default state, no action required
 +
 
 +
=== Case 2: Encrypt wallet and send coins ===
 +
 
 +
User encrypts the wallet (which modifies the wallet.dat file itself). Do NOT lose your password!
 +
 
 +
Use must then unlock the wallet prior to sending coins.
 +
 
 +
If a user attempted to send coins without unlocking, they would receive an error prompting them to unlock the file.
 +
 
 +
Once done sending coins, ideally the user would re-lock their wallet.
 +
 
 +
Unlock does not change the wallet.dat file, it remains encrypted on disk the whole time.
 +
 
 +
=== Case 3: Decrypt the wallet ===
 +
 
 +
User runs decrypt, which decrypts the wallet.dat file (this is the default state).
 +
 
  
Detail:
+
== Detailed Commands ==
  
 
To facilitate encryption of the wallet, 4 new CLI commands are introduced.
 
To facilitate encryption of the wallet, 4 new CLI commands are introduced.

Revision as of 16:29, 21 February 2019

See: Technical Articles

Introduction

Transactions in NodeCore are built on the foundations of asymmetric cryptography. Each address in NodeCore is associated with a private and public key. The wallet.dat file produced by NodeCore is the store for holding your keys. VeriBlock is rolling out an update to the format of the wallet.dat file that enables a user to institute an additional layer of protection on their private keys via encryption.

Format Changes

It should be noted that the format of the wallet.dat file changes in version 0.3.11. That version of NodeCore is backwards-compatible in that it will still read in an existing wallet.dat file. It will, however, upgrade the format of the file. Once upgraded, that wallet.dat will no longer work with NodeCore v0.3.10 or lower. NOTE: It is highly recommended to make a backup of your wallet.dat file prior to updating NodeCore!

By default, new wallets are created unencrypted. It is the same if loading from an existing wallet.dat file.

Overview

Encrypt/Decrypt modifies the physical wallet.dat file.

Lock/Unlock relates to the in-memory keys, it will not modify the actual wallet.dat file. If someone encrypts the file and then unlocks the wallet (in order to send coins), it will only store the decrypted keys in-memory, without changing the physical file.

Usage

Normal usage (wallets are created unencrypted):

  • encryptwallet --> Physically encrypt the wallet.dat file. Run once for setup.
  • unlockwallet --> When a command requires it, unlock the wallet. This takes a passphrase and temporarily decrypts the wallet to read the private keys into memory.
  • lockwallet --> Once done with that command, lock the wallet back up. The lockwallet command clear those private keys from memory
  • decryptwallet --> Physically decrypt the wallet.dat file (only run if need to revert wallet to plain text)

Case 1: Do not encrypt wallet

This is the default state, no action required

Case 2: Encrypt wallet and send coins

User encrypts the wallet (which modifies the wallet.dat file itself). Do NOT lose your password!

Use must then unlock the wallet prior to sending coins.

If a user attempted to send coins without unlocking, they would receive an error prompting them to unlock the file.

Once done sending coins, ideally the user would re-lock their wallet.

Unlock does not change the wallet.dat file, it remains encrypted on disk the whole time.

Case 3: Decrypt the wallet

User runs decrypt, which decrypts the wallet.dat file (this is the default state).


Detailed Commands

To facilitate encryption of the wallet, 4 new CLI commands are introduced.

encryptwallet

The encryptwallet command takes no arguments, but will prompt for a passphrase (which will be hidden from view). Running this command will alter the wallet.dat file so that private keys are encrypted. Additionally, the loaded wallet in NodeCore enters a "locked" state. While in the "locked" state, any commands that require a private key (transaction creation, generating new addresses, signing messages) will fail.

unlockwallet

The unlockwallet command takes no arguments, but will prompt for a passphrase (which will be hidden from view). This command "unlocks" the loaded wallet in NodeCore, allowing NodeCore access to the private keys, thereby enabling commands dependent on private keys. The passphrase supplied should be the same as what was used to encrypt the wallet. This command has no effect on the wallet.dat file on disk. The loaded wallet remains unlocked until the wallet is explicitly locked again.

lockwallet

The lockwallet command takes no arguments. This command returns the loaded wallet in NodeCore to a "locked" state. This command has no effect on the wallet.dat file on disk.

decryptwallet

The decryptwallet command takes no arguments, but will prompt for a passphrase (which will be hidden from view). The command decrypts the wallet.dat file and returns the private key to a plain-text representation in the file on disk. The passphrase supplied should be the same as what was used to encrypt the wallet.

A user looking to change the password used to encrypt their wallet file would first run decryptwallet with their old passphrase, then run encryptwallet with their new passphrase.

Changes to NodeCore CLI

The following commands require that a wallet has been "unlocked" or they will fail immediately:

getnewaddress
signmessage
signhexmessage
importwallet
send
dumpprivatekey
importprivatekey

An additional <passphrase> parameter has been added to the importwallet command. That parameter is needed if the wallet you are importing is also encrypted. It is the passphrase associated with the wallet to be imported (not the loaded wallet in NodeCore). The wallet in NodeCore also needs to have been unlocked via the unlockwallet command.

Changes to PoP Miner

Because Proof-of-Proof mining involves the creation of a transaction, the NodeCore wallet must be "unlocked" in order to do proof-of-proof mining. The unlockwallet and lockwallet commands have been replicated in the proof-of-proof miner. A mining operation will fail immediately getting PoP instructions if the wallet is "locked".