Bitcoin Wiki - User contributions [en]

OpenSourceEncryptionSoftware

2013-07-03T23:55:44Z

Wolf0: /* Home page, Download, Donation, and Documentation */

==dm-crypt==
===Description===
Dm-crypt is part of the Linux Kernel. Some distributions might not include it in their kernel configurations, however. It is a lot like TrueCrypt: it allows you to mount encrypted files or partitions and decrypt/encrypt them on-the-fly.
===Manual setup===
Your distro probably comes with a tool to simplify using dm-crypt (also see Tomb below). However, here is how you would manually mount a file-hosted dm-crypt volume. The [http://www.paranoiacs.org/~sluskyb/hacks/hashalot/ hashalot] tool is used to prompt you for and process your password. This is used both to create the device and access it:
losetup /dev/loop0 ~/encrypted
HASH=`hashalot -s InsertSaltHere sha256 | hexdump -e '32/1 "%02x"'`
echo 0 `blockdev --getsize /dev/loop0` crypt aes-cbc-essiv:sha256 \
$HASH 0 /dev/loop0 0 | dmsetup create dmDevice
mount /dev/mapper/dmDevice /mnt/encrypted
* Losetup makes the container file (~/encrypted in this case) act like a device.
* The hashalot command prompts you for a password and then hashes it, adding the specified salt. The salt should be random, but it mustn't change.
* The hexdump command puts the binary hashalot output into the format required for dm-crypt
* Dm-crypt is set up on the /dev/loop0 device created by losetup. It uses the password hash created previously. The aes-cbc-essiv:sha256 encryption method is secure, though probably not as secure as Truecrypt's XTS method, which does not appear to be available in official kernel releases as far as I can tell. The dm-crypt device is created as /dev/mapper/dmDevice in this example.
* The device is mounted. Before you do this for the first time, you need to run mke2fs. If you ever enter the wrong password, the device will appear to contain random data and attempting to mount it will fail.

==eCryptfs==
===Description===
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.
===Download===
[https://launchpad.net/ecryptfs Latest source link on right side of page.]

[https://launchpad.net/ecryptfs/+download All downloads.]
===Examples===
Examples can be found in Damien Oh's article [http://www.makeuseof.com/tag/encrypt-your-files-in-linux-with-ecryptfs/ How To Encrypt Files in Linux with eCryptfs.]
===FAQ===
[http://ecryptfs.sourceforge.net/ecryptfs-faq.html FAQ]
===HomePage===
[https://launchpad.net/ecryptfs eCryptfs - Enterprise Cryptographic Filesystem]
===License===
[https://launchpad.net/ubuntu/natty/+source/ecryptfs-utils/+copyright GPL 2+]

==OpenSSL==
===Description===
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
===Donation===
[http://www.openssl.org/support/donations.html Donation page.]
===Download===
[http://www.openssl.org/source/ Source]
===Examples===
Based on Grondilu's [http://www.bitcoin.org/smf/index.php?topic=2458.msg33379#msg33379 post,] to encrypt the wallet, from a terminal in the bitcoin parent directory, type:

openssl enc -aes256 -in ./.bitcoin/wallet.dat -out wallet.aes256

From [http://www.madboa.com/people/paul/ Paul Heinlein's] [http://www.madboa.com/geek/openssl/ openssl command line how to,] to decode, add the '-d' option, set the '-in' option to the output file name, to type:

openssl enc -d -aes256 -in wallet.aes256 -out wallet.dat

There is a small shell script that automates the whole process of 1) decrypting wallet 2) launching Bitcoin 3) encrypting the wallet afterwards and cleaning up the unencrypted bits. [http://lorelei.kaverit.org/bitcoin.sh bitcoin-launch-script]

==CCrypt==
===Description===
'''CCrypt''' is a linux command-line utility by Peter Selinger[http://www.mathstat.dal.ca/~selinger/] that replaces the Unix ''crypt'' command. '''CCrypt''' is much more secure than ''crypt'' because it uses the Rijndael block cipher, the same encryption algorithm as AES and SSL, the algoirthms of choice for the US government and the commercial banking industry. The command line syntax for '''ccrypt''' is a bit simpler than ''openssl'' because it doesn't require the user to select an encryption algorithm or name the output file, but merely specify the direction (encrypt or decrypt).

===Download===
Download the source code version of your choice at [http://ccrypt.sourceforge.net downloads] such as [http://ccrypt.sourceforge.net/download/ccrypt-1.9.tar.gz v1.9]

or in a Debian distribution like Ubuntu just execute

sudo apt-get install ccrypt

===Examples===
To encrypt your wallet:

ccrypt ~/.bitcoin/wallet.dat

To decrypt the file created above:

ccdecrypt ~/.bitcoin/wallet.dat.cpt

or
ccrypt -d ~/.bitcoin/wallet.dat.cpt

===FAQ===
[http://ccrypt.sourceforge.net/faq.html FAQ]

===HomePage===
[http://ccrypt.sourceforge.net/ Ccrypt Project on SourceForge]

===License===
[http://www.gnu.org/copyleft/gpl.html GNU General Public License.]

==Tomb==
===Description===
Tomb is a simple tool to manage encrypted storage on GNU/Linux.

Tomb generates encrypted storage files to be opened and closed using
their associated keyfiles, which are also protected with a password
chosen by the user.

A tomb is like a locked folder that can be safely transported and
hidden in a filesystem; its keys can be kept separate, for instance
keeping the tomb file on your computer harddisk and the key files on a
USB stick.

===HomePage===
[http://tomb.dyne.org Tomb - Crypto Undertaker]

===Donation===
[http://dyne.org/donate Donation page]

===Download===
[http://apt.dyne.org Binaries (WIP: Debian and Ubuntu)]

[http://ftp.dyne.org/tomb Source]

===License===
[http://www.truecrypt.org/legal/license True Crypt Open Source License.]

==True Crypt==
===Description===
Open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. True Crypt creates a virtual encrypted disk within a file and mounts it as a real disk.
===Documentation===
[http://www.truecrypt.org/docs/ Documentation page.]
===Donation===
[http://www.truecrypt.org/donations/?lnk=5 Donation page.]
===Download===
[http://www.truecrypt.org/downloads Binaries]

[http://www.truecrypt.org/downloads2 Source]
===FAQ===
[http://www.truecrypt.org/faq FAQ]
===HomePage===
[http://www.truecrypt.org/ TrueCrypt]
===License===
[http://www.truecrypt.org/legal/license True Crypt Open Source License.]

==xorsplit==
===Description===
Open-source software for Linux. xorsplit copies a file into 3 separate
backup files. Any two of the backup files are sufficient to reconstruct
the original -- but any one of the files will yield at most half of
the original information (the odd bytes or the even bytes).

Optionally, each of the backup files can be encrypted with a password.

===Home page, Download, Donation, and Documentation===
[http://www.xorsplit.com/ xorsplit.com] (Down)

===License===
[http://www.xorsplit.com/xorsplit.c BSD-style Open Source License requiring
that the donation address remain unchanged.]

===Usage===
xorsplit file -- splits the file into file.1, file.2, and file.3

xorsplit-p file -- same, but requesting a password (no password means no encryption)

xorsplit file.3 file.1 outfile -- combine file.1 and file.3 into outfile.

xorsplit-p file.3 file.1 outfile -- same, after using the password to decrypt

==GNU Privacy Guard==
===Description===
GnuPG allows to encrypt and sign your data.

===Homepage===
[http://www.gnupg.org/ gnupg.org]

[[Category:Technical]]
[[Category:Open Source]]

Securing your wallet

2013-06-29T18:30:05Z

Wolf0: /* Linux */

==Introduction==

Wallet security can be broken down into two independent goals:
# Protecting your wallet against loss.
# Protecting your wallet against theft.

In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):
# Making a new secure wallet, using appropriate long-term protection.

''For a brief overview see also: [[Wallet Security Dos and Don'ts (Windows)|Wallet Security Dos and Don'ts]]''

==Paper Wallets==
[[Paper wallet]]s are a fairly simple way to store your bitcoins independent of a computer. When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of your bitcoins being stolen by hackers, or computer viruses.

With each entry on a paper wallet, you are securing a sequence of secret numbers that is used to prove your right to spend the bitcoins assigned to one of your addresses. This secret number, called a [[private key]], is most commonly written as a sequence of fifty-one alphanumeric characters, beginning with a '5'.

One way you can create a paper wallet is by going to the website [[BitAddress|bitaddress.org]]. This website features a free client-side paper wallet generator written in JavaScript. The webpage can be saved as a file and used on an offline computer. Using it online is relatively safe, for storing smaller amounts, but not airtight unless you take extra precautions to ensure your keys are not stolen by spyware. Alternatively Blockchain.info offers a [https://blockchain.info/wallet/paper-tutorial tutorial on how to generate a paper wallet] with an online component so you can still check your balance easily.

To generate a safer paper wallet, it is best to "clean-boot" your computer with a bootable CD (such as a Linux Live CD), with your computer not connected to the Internet, to ensure that you do not have any active spyware that might steal any private keys you generate. Disconnecting from the Internet allows you to confirm that the paper wallet generator is truly self-contained and isn't depending on communication with a remote server. Run the saved paper wallet generator in a web browser, then print your paper wallets or store them on external media (do not save them on the computer), and then shut down the computer. You may need to load an appropriate printer driver in order to print while booted from the live CD.

A paper wallet lists multiple Bitcoin addresses and their corresponding private keys. You can send Bitcoins to any address on the page and they will be inaccessible until the private key is imported into a wallet. Since version 0.6.0, the bitcoin software has a command called "importprivkey" that can load private keys, but you can also use the "Add Funds" - "Private key" screen at [[MtGox]] or Blockchain.info's "My Wallet" service to recover bitcoins from a private key. In the case of MtGox, bitcoins are deposited in your account, and can be sent out of MtGox after the standard number of deposit confirmations.

Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets and private keys are something of value that have already been targeted by malware. Paper wallets isolate you from much of this risk.

If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private key can then be intercepted while you enter it, so only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately''.

== Hardware wallets ==
They are not operational yet, but [[Hardware wallet]]s are a major effort to provide a good combination of enhanced security and usability.

==Importance of security updates==

No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.

==Securing the Bitcoin-QT or bitcoind wallet==

Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.

The wallet contains a pool of queued keys. By default there are 100 keys in the [[key pool]]. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.

Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.

The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.

So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.

== Making a new wallet ==

If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.

There are a number of ways to create a new wallet with Bitcoin-QT or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.

:1. Shut down the Bitcoin program.
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:
:::wallet.dat -> wallet-compromised.dat
:Depending on your OS, the wallet file will be located at:
:::Windows: %APPDATA%\Bitcoin\
:::Linux: ~/.bitcoin/
:::Mac: ~/Library/Application Support/Bitcoin/
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.
:6. Rename wallet.dat to wallet-compromised.dat.
:7. Rename wallet-new.dat to wallet.dat.

You should now have a new wallet with all the bitcoins from the old wallet.

==Making a secure workspace==

If you are using your computer to handle bitcoins, a wallet, Bitcoin-related passwords, or Bitcoin private keys, you must take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of any of the above. In the case that your computer is compromised, the precautions taken below may provide additional protection.

===Debian-based Linux===

The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:

<code>sudo apt-get install ecryptfs-utils</code>

Now you're ready to create a new user

<code>sudo adduser --encrypt-home new_user_name</code>

You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.

When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.

Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.

Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.

<code>ecryptfs-unwrap-passphrase</code>

It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)

The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.

<code>ecryptfs-setup-swap</code>

Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.

For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.

When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.

===Mac===
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.

=====Backup all data=====
Follow these instructions to backup all the bitcoin data (wallet and block chains) to an encrypted disk image.
# Open Disk Utility
# Click New Image and choose a big enough size, 128-bit or 256-bit (faster or more secure) encryption and single partition.
# Save it somewhere you won't lose it (like your Wuala, Dropbox, Strongspace or whatever)
# Choose a safe and strong password
# Move everything from ~/Library/Application Support/Bitcoin/ to the image
# Symlink it back so the app would be able to use it
:::ln -s /Volumes/Bitcoin ~/Library/Application Support/Bitcoin

Don't forget to mount your image before using Bitcoin and unmount it after quitting.

=====Backup just wallet.dat=====
Follow these instructions to backup just the wallet.dat file. This results in a smaller disk image, but it's more complicated to do.
# Open Disk Utility
# Click New Image and choose a big enough size, 128-bit or 256-bit (faster or more secure) encryption and single partition.
# Save it somewhere you won't lose it (like your Wuala, Dropbox, Strongspace or whatever)
# Choose a safe and strong password
# Move your wallet.dat file to the image
# Symlink it back so the app would be able to use it
:::ln -s /Volumes/Bitcoin/wallet.dat ~/Library/Application Support/Bitcoin/wallet.dat

[[File:MountWalletAndLauchnBitcoin_OSX_Automator.png|thumbnail|150px|Mount Wallet and launch Bitcoin]]
Don't forget to mount your image before using Bitcoin and unmount after quitting it.

'''Note''': If you start the Bitcoin application without having the image mounted, the application will overwrite your symlink with a new wallet. If that happens, don't panic. Just delete the new wallet.dat, mount the image, and recreate the symlink like above.

'''Automation''': You can create a small application using [http://en.wikipedia.org/wiki/Automator_%28software%29 Automator] (included in OS X) to automatically mount the wallet and then launch Bitcoin App. See the Screenshot on how to do this.

If one ''doesn't'' want to use encrypted Disk images, then a '''small shell script''' can be used instead that takes care of decrypting the wallet, launching bitcoin client, and encrypting it after the client exits. This script works on both OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh bitcoin-launch-script]

===Windows===

Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.

Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.

To mount the Bitcoin data directory on an encrypted drive
<ol start=1 type=1>
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li>
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.
For help finding this directory, see [[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]].</li>
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.
For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li>
<li>Open Bitcoin's settings and configure it NOT to start automatically when you start Windows.
This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</li>
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li>
</ol>

After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.

== Locating Bitcoin's data directory ==

The [[data directory]] is the location where Bitcoin's data files are stored, including the wallet data file.

=== Windows ===

Go to Start -> Run (or press WinKey+R) and run this:

explorer %APPDATA%\Bitcoin

Bitcoin's data folder will open. For most users, this is one of the following locations:

C:\Documents and Settings\YourUserName\Application data\Bitcoin (Windows XP)

C:\Users\YourUserName\Appdata\Roaming\Bitcoin (Windows Vista and 7)

If you have trouble browsing to these folders, note that "AppData" and "Application data" are hidden by default.

=== Linux ===

By default Bitcoin will put its data here:

~/.bitcoin/

You need to do a "ls -a" to see directories that start with a dot.

If that's not it, you can do a search like this:

find / -name wallet.dat -print 2>/dev/null

To change the directory Bitcoin stores its data in:
Run in terminal or script: ./bitcoin(-qt) -datadir=./[Directory_Name]

=== Mac ===

By default Bitcoin will put its data here:

~/Library/Application Support/Bitcoin/

==Backup==

'''Note''': Using Dropbox to back up your Bitcoin data is not recommended as doing so introduces the following [https://en.wikipedia.org/wiki/Dropbox_(service)#Reception security concerns]:
# Dropbox stores your encryption key (meaning that a disgruntled Dropbox employee or an attacker who gained access to the system could decrypt your Dropbox data and steal your bitcoins)
# the Dropbox client only needs a password for the first login. After it authenticates once, the server assigns it a token which it uses to show that, at one time, its user knew the password rather than sending the actual password (meaning that if you ever use the Dropbox client on another PC, that PC's users can access your Dropbox - even if you change your password - and can steal your bitcoins or get a virus that will steal your bitcoins).

For these reasons, an alternative that always uses password authentication such as [http://www.wuala.com/en/bitcoin Wuala] should be used. Wuala's servers do not store your encryption key and the program authenticates with the password each time it is started.

Whether you use Dropbox as your backup or not, it is advised to use what Steve Gibson calls "pre-Internet encryption" which means to use some form of encryption on your files before you back them up, in case an attacker gains access to that backup. Make sure to pick a password that is memorable but secure.

The only file you need to back up is "wallet.dat" which can be done one of two ways. To make a copy of the wallet.dat file, ensure that Bitcoin is closed and copy this file somewhere else. The other way is to use the [[api|backupwallet]] JSON-RPC command to back up without shutting down Bitcoin.

Once a copy has been made, encrypt it, and put it in two or more safe locations. Consider the risk due to theft, fire, or natural disaster in proportion to the value of bitcoins stored in the wallet.

=== General Solutions ===

Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)

There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]

Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX).

There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]

==== Password Strength ====
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords]

However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.

If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.

Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.

===== Choosing A Strong Password =====
Make sure you pick at least one character in each group: 

Lowercase: abcdefghijklmnopqrstuvwxyz
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Number: 1234567890
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)

<9 char = unsuitable for use
09 char = insecure
10 char = low security
11 char = medium security
12 char = good security (good enough for your wallet)
13 char = very good, enough for anything.

You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]

==== Email-based Archival and Remote Backup ====
One of the simplest methods for storing an appropriately '''encrypted''' archive of your wallet.dat file is to send the archive as an email attachment to your own e-mail address. Services like Gmail use very comprehensive distributed networks that make the loss of data very unlikely. One can even obfuscate the name of the files within the archive, and name the archive something less inviting, such as: 'personal notes' or 'car insurance'.

Another solution is to use a file storage service like [http://www.wuala.com/bitcoin Wuala] ( encrypted, [http://www.bitcoin.org/smf/index.php?topic=5817.0 instructions]), [http://www.dropbox.com Dropbox] (after encrypting the wallet first) and [http://en.wikipedia.org/wiki/Comparison_of_online_backup_services others], including the more secure [http://www.spideroak.com SpiderOak].

=== Automated Backups using Cron, Bash and GNU/Linux ===

Linux users can setup backups using cron by telling it to run a backup script at set intervals of time. Run 'crontab -e' and add this line near the bottom:

01 * * * * /usr/local/bin/backupwallet.sh

This cron line will run the /usr/local/bin/backupwallet.sh script at the 01 minute of every hour. Remember to add a newline after the last line of the crontab file, or else the last line won't run. You may also wish to ignore the script's output by appending " > /dev/null 2>&1" to the line (this will also prevent emails from being sent).

Create /usr/local/bin/backupwallet.sh:

#!/bin/bash
# /usr/local/bin/backupwallet.sh
#
# Performs backup of bitcoin wallet.
#
# Written by: https://en.bitcoin.it/wiki/Securing_your_wallet

#
# Standard Options
#
TS=$(date "+%Y%m%d-%H%M")
WALLET=/tmp/wallet-${TS}
WALLET_E=/tmp/wallet-${TS}.crypt
BITCOIN=bitcoind # /path/to/bitcoind
GPG=gpg # /path/to/gpg
GPG_USER=username # Username of gpg recipient. User should have gpg setup.
RM=rm
RM_OPTS='--force'
USE_SHRED=0 # Flip to 1 to use `shred` instead of `rm`.
SHRED=shred
SHRED_OPTS='--force --iterations=9 --zero --remove'

#
# Storage Options
# Only 1 set of options should be un-commented (the last one will be used).
# Update CP_DEST paths as neccessary.
#
# CP - Storage on a local machine. Could be Dropbox/Wuala folder.
#CP=cp
#CP_DEST='/var/data/backups/' # '~/Dropbox/', etc.
#
# SSH - Storage on a remote machine.
CP=scp
CP_DEST='remoteuser@example.com:~/wallets/'
#
# S3 - Storage on Amazon's S3. Be sure s3cmd is installed and properly setup.
# You may need "s3cmd put --force" if you use a sub-directory in CP_DEST.
#CP=s3cmd put
#CP_DEST='s3://bucket'

do_clean() {
# Remove temporary wallets.
if [ 1 -eq $USE_SHRED ]; then
$SHRED $SHRED_OPTS $WALLET $WALLET_E
else
$RM $RM_OPTS $WALLET $WALLET_E
fi
}

do_fail() {
do_clean
echo failed!
exit 1
}

# Perform the backup.
echo -n Making backup...
$BITCOIN backupwallet $WALLET
[ ! -s "$WALLET" ] && do_fail # If the backup does not exist or is empty, fail.
echo done.
echo -n Encrypting backup...
$GPG -r $GPG_USER --output $WALLET_E --encrypt $WALLET
[ 0 -ne $? ] && do_fail # If gpg returns a non-zero result, fail.
echo done.
echo -n Copying to backup location...
$CP $WALLET_E "$CP_DEST"
[ 0 -ne $? ] && do_fail # If the $CP command returns a non-zero result, fail.
echo done.
do_clean

exit 0

The shell script:

* Calls bitcoind backupwallet to create a time/date-stamped wallet.
* GPG encrypts the wallet with your public key.
* Copies the result using one of several storage options (cp, scp, and s3cmd).
* Uses the rm or shred command to remove the temporary wallet files.

Be sure to modify the script options to fit your setup. After you save, make sure the file can be executed properly by the cron user. Common permissions for files in /usr/local/bin/ can be applied using (verify with your distribution!):

cd /usr/local/bin/ && chown root:root backupwallet.sh && chmod 755 backupwallet.sh

[[Category:Technical]]

==Restore==

Assuming your backup is recent enough that you haven't used up all of your key pool... restoring a wallet to a new (or old) location and rescanning the block chain should leave you with all your coins. Just follow these steps:
* Shut down the Bitcoin program.
* Copy your backed-up wallet.dat into your bitcoin data directory.
* If you are copying in a backed-up wallet.dat that was last used on a Bitcoin version prior to 0.3.21 into an existing profile, delete files ''blk*.dat'' to make the client re-download the block chain. You may also need to do this if your transactions don't all show up after you restart Bitcoin.

==Erasing Plain-text Wallets==

In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.

The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.

In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.

For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.

==Online and Mobile Wallets==

Thus far, this article has been discussing the security of a wallet file for Bitcoin-QT or bitcoind that is under your sole control. Additional wallets applications and services have become available that offer other features and more convenience but not without introducing additional risk. When storing bitcoins with an [[eWallet]] such as Instawallet or Easywallet, you are essentially storing your private keys or wallet with that provider.

Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but depending on the service, your bitcoins may be lost if the service is compromised.

Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing.

==See Also==

* [[Data directory]]
* [[How to import private keys]]
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]
* [[How to set up a secure offline savings wallet]]
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]
* [http://blog.cyplo.net/2012/04/01/bitcoin-wallet-recovery-photorec/ Find lost wallet eg. after disk format, using Photorec]

[[Category:Security]]

[[de:Sichere deine Geldbörse]]
[[es:Cómo asegurar su monedero]]
[[zh-cn:保护你的钱包]]

Mini private key format

2013-06-26T12:01:31Z

Wolf0:

[[Image:QR-privkeys-sidebyside.png|thumb|right|QR codes of the same private key, in mini versus regular private key format. Both codes have the same dot density and error correction level, but the mini key is 57% of the full code's size.]]
The '''mini private key format''' is a method of encoding a Bitcoin private key in as few as 30 characters so that it can be embedded in a small space. This private key format was first used in Casascius physical bitcoins, and is also favorable for use in QR codes. The fewer characters encoded in a QR code, the lower dot density can be used, as well as more dots allocated to error correction in the same space, significantly improving readability and resistance to damage. The mini private key format offers its own built-in check code as a small margin of protection against typos.

An example key using this encoding is '''S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy'''.

==Usage on a physical bitcoin==
The way it might appear within a physical bitcoin is on a round card printed as follows:

Side of discs showing mini private key: (from [[Casascius physical bitcoins]]) 
[[Image:Miniprivkeys.jpg|300px]]

Side of discs showing prefix of bitcoin address (printed on the opposite side): 
[[Image:Minipubkeys.jpg|300px]]

The examples in this article use the private key and Bitcoin address of the leftmost circle in the above two photos.

==Usage in bar codes==
The mini private key is suitable for use in QR codes. The recommended settings for maximizing readability are: QR version 3, error correction level Q (near highest, 25% possible lost codeword recovery). This results in a 29x29 grid. A minikey QR code can also fit in a 25x25 grid with QR version 2, error correction level L (lowest, 7% possible lost codeword recovery).

The sample private minikey encoded as a QR code on a 29x29 grid looks like this:

[[Image:Private_minikey_in_2D_barcode.gif]]

The mini private key is small enough to fit in a one-dimensional barcode while still remaining practical. Among the most popular one-dimensional barcode symbologies, the one known as "Code 128" is best suited for encoding a minikey due to its favorable data density and support for mixed case strings. The variant known as "Code 128-B" produces the shortest code for strings containing lowercase characters.

The sample private minikey encoded with Code 128-B looks like this:

[[Image:Private_minikey_in_1D_barcode.gif]]

==Import==
Mini private keys can be imported through the following clients/services:

===Applications===
* [[Armory]]

The current mainline ("Satoshi") client cannot currently be used to import minikeys.

===Mobile===

* Mt. Gox Mobile can redeem a private key scanned from a QR Code or is entered using the keyboard. Upon importing, Mt. Gox sweeps the funds to a secondary address, and then a user must wait for six confirmations before the funds will appear in the Mt. Gox account.

===Web===

* [[BlockChain.info]]
** Private keys can be imported into a Blockchain.info wallet and bitcoins can be sent to another address immediately upon import without needing to wait for any confirmations. Even after import, funds remain associated with the private key until they are actually spent to a different address.
* [[StrongCoin]]
* [[Mt. Gox]]
** Importing minikeys is done through the deposit screen using the "Import Private Key" deposit method. Upon importing, Mt. Gox sweeps the funds to a secondary address, and then a user must wait for six confirmations before the funds will appear in the Mt. Gox account. Removing the imported bitcoins from the Mt. Gox account is treated as a bitcoin withdrawal and counts against daily/monthly limits.
** Mt. Gox also permanently remembers any imported private key and automatically sweeps any future funds sent to it into the user's Mt. Gox account.
** Mt. Gox's import screen doesn't properly detect or reject typos. If you make a mistake, Mt. Gox will treat it as a valid entry and report that a private key with a balance of 0.00 BTC from a bitcoin address you won't recognize was "successfully" imported.

==Decoding==
The private key encoding consists of 30 alphanumeric characters from the [[base58]] alphabet used in Bitcoin. The first of the characters is always the uppercase letter S.

To determine whether the minikey is valid:

# Add a question mark to the end of the mini private key string.
# Take the SHA256 hash of the entire string. However, we will only look at the first byte of the result.
# If the first byte is 00, the string is a well-formed minikey. If the first byte is not 00, the string should be rejected as a minikey.

===Example with SHA256===
Here is an example with the sample private key S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy.

The string "S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy?" has a SHA256 value that begins with 00, so it is well-formed.

To obtain the full 256-bit private key, simply take the SHA256 hash of the entire string. There is no encoding for line breaks in the string, even if the key is broken into multiple lines for printing. The SHA256 should be taken of exactly thirty bytes.

SHA256("S6c56bnXQiBjk9mqSYE7ykVQ7NzrRy") = 4C7A9640C72DC2099F23715D0C8A0D8A35F8906E3CAB61DD3F78B67BF887C9AB

This sample key in [[wallet export format]] is 5JPy8Zg7z4P7RSLsiqcqyeAF1935zjNUdMxcDeVrtU1oarrgnB7, and the corresponding [[Bitcoin address]] is 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW.

==Check code==
The mini private key format offers a simple typo check code. Mini private keys must be generated in a "brute force" fashion, keeping only keys that conform to the format's rules. If a key is well-formed (30 Base58 characters starting with S), but fails the hash check, then it probably contains a typo.

If the SHA256 hash of the string followed by '?' doesn't result in something that begins with 0x00, the string is not a valid mini private key.

==Creating mini private keys==
Creating mini private keys is relatively simple. One program which can create such keys is [[Casascius Bitcoin Utility]].

Mini private keys must be created "from scratch", as the conversion from mini private key to full-size private key is one-way. In other words, there is no way to convert an existing full-size private key into a mini private key.

To create mini private keys, simply create random strings that satisfy the well-formedness requirement, and then eliminate the ones that do not pass the typo check. (This means eliminating more than 99% of the candidates.) Then use the appropriate algorithm to compute the corresponding private key, and in turn, the matching Bitcoin address. The Bitcoin address can always be computed from just the private key.

It is strongly advisable to avoid using the digit "1" in minikeys unless it is being printed in such a way where a user is unlikely to mistake it for the lowercase letter "l". Few clients and redemption tools are prepared to tell the user that their entry containing the letter "l" should actually be the number "1" - rather, they will simply reject the code and may leave the user confused.

In all cases, you '''must''' use a secure cryptographic random number generator to eliminate risks of predictability of the random strings.

==Casascius Series 1 coins==

Casascius Series 1 Physical Bitcoins use a 22-character variant of the minikey format, instead of 30 characters. Everything is the same other than the length. To properly implement minikey redemption, services and clients MUST support the 30-character format, but MAY support the 22-character format as well. Use of the 22-character format for future applications is discouraged due to security considerations.

==Python Code==
The following code produces sample 30-character SHA256-based mini private keys in Python. For real-world use, ''random'' must be replaced with a better source of entropy, as the Python documentation for ''random'' states the function ''"is completely unsuitable for cryptographic purposes"''.

<source lang="python">
import random
import hashlib

BASE58 = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

def Candidate():
"""
Generate a random, well-formed mini private key.
"""
return('%s%s' % ('S', ''.join(
[BASE58[ random.randrange(0,len(BASE58)) ] for i in range(29)])))

def GenerateKeys(numKeys = 10):
"""
Generate mini private keys and output the mini key as well as the full
private key. numKeys is The number of keys to generate, and
"""
keysGenerated = 0
totalCandidates = 0
while keysGenerated < numKeys:
try:
cand = Candidate()
# Do typo check
t = '%s?' % cand
# Take one round of SHA256
candHash = hashlib.sha256(t).digest()
# Check if the first eight bits of the hash are 0
if candHash[0] == '\x00':
privateKey = GetPrivateKey(cand)
print('\n%s\nSHA256( ): %s\nsha256(?): %s' %
(cand, privateKey, candHash.encode('hex_codec')))
if CheckShortKey(cand):
print('Validated.')
else:
print('Invalid!')
keysGenerated += 1
totalCandidates += 1
except KeyboardInterrupt:
break
print('\n%s: %i\n%s: %i\n%s: %.1f' %
('Keys Generated', keysGenerated,
'Total Candidates', totalCandidates,
'Reject Percentage',
100*(1.0-keysGenerated/float(totalCandidates))))

def GetPrivateKey(shortKey):
"""
Returns the hexadecimal representation of the private key corresponding
to the given short key.
"""
if CheckShortKey(shortKey):
return hashlib.sha256(shortKey).hexdigest()
else:
print('Typo detected in private key!')
return None

def CheckShortKey(shortKey):
"""
Checks for typos in the short key.
"""
if len(shortKey) != 30:
return False
t = '%s?' % shortKey
tHash = hashlib.sha256(t).digest()
# Check to see that first byte is \x00
if tHash[0] == '\x00':
return True
return False
</source>