2011-09-23 20:37:21 +02:00
|
|
|
Bitcoin 0.4.1 BETA
|
2011-04-20 20:45:43 +02:00
|
|
|
|
|
|
|
Copyright (c) 2009-2011 Bitcoin Developers
|
|
|
|
Distributed under the MIT/X11 software license, see the accompanying
|
|
|
|
file license.txt or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
This product includes software developed by the OpenSSL Project for use in
|
|
|
|
the OpenSSL Toolkit (http://www.openssl.org/). This product includes
|
|
|
|
cryptographic software written by Eric Young (eay@cryptsoft.com).
|
|
|
|
|
|
|
|
|
|
|
|
Intro
|
|
|
|
-----
|
|
|
|
Bitcoin is a free open source peer-to-peer electronic cash system that is
|
|
|
|
completely decentralized, without the need for a central server or trusted
|
|
|
|
parties. Users hold the crypto keys to their own money and transact directly
|
|
|
|
with each other, with the help of a P2P network to check for double-spending.
|
|
|
|
|
|
|
|
|
|
|
|
Setup
|
|
|
|
-----
|
|
|
|
Unpack the files into a directory and run:
|
|
|
|
bin/32/bitcoin (GUI, 32-bit)
|
|
|
|
bin/32/bitcoind (headless, 32-bit)
|
|
|
|
bin/64/bitcoin (GUI, 64-bit)
|
|
|
|
bin/64/bitcoind (headless, 64-bit)
|
|
|
|
|
2011-07-02 23:08:35 +02:00
|
|
|
|
|
|
|
Wallet Encryption
|
|
|
|
-----------------
|
2011-07-13 07:21:49 +02:00
|
|
|
Bitcoin supports native wallet encryption so that people who steal your
|
|
|
|
wallet file don't automatically get access to all of your Bitcoins.
|
|
|
|
In order to enable this feature, chose "Encrypt Wallet" from the
|
|
|
|
Options menu. You will be prompted to enter a passphrase, which
|
|
|
|
will be used as the key to encrypt your wallet and will be needed
|
|
|
|
every time you wish to send Bitcoins. If you lose this passphrase,
|
|
|
|
you will lose access to spend all of the bitcoins in your wallet,
|
|
|
|
no one, not even the Bitcoin developers can recover your Bitcoins.
|
|
|
|
This means you are responsible for your own security, store your
|
2011-08-11 11:21:55 +02:00
|
|
|
passphrase in a secure location and do not forget it.
|
2011-07-02 23:08:35 +02:00
|
|
|
|
2011-07-13 07:21:49 +02:00
|
|
|
Remember that the encryption built into bitcoin only encrypts the
|
|
|
|
actual keys which are required to send your bitcoins, not the full
|
|
|
|
wallet. This means that someone who steals your wallet file will
|
|
|
|
be able to see all the addresses which belong to you, as well as the
|
|
|
|
relevant transactions, you are only protected from someone spending
|
|
|
|
your coins.
|
2011-07-02 23:08:35 +02:00
|
|
|
|
2011-07-13 07:21:49 +02:00
|
|
|
It is recommended that you backup your wallet file before you
|
|
|
|
encrypt your wallet. To do this, close the Bitcoin client and
|
|
|
|
copy the wallet.dat file from ~/.bitcoin/ on Linux, /Users/(user
|
|
|
|
name)/Application Support/Bitcoin/ on Mac OSX, and %APPDATA%/Bitcoin/
|
|
|
|
on Windows (that is /Users/(user name)/AppData/Roaming/Bitcoin on
|
|
|
|
Windows Vista and 7 and /Documents and Settings/(user name)/Application
|
|
|
|
Data/Bitcoin on Windows XP). Once you have copied that file to a
|
|
|
|
safe location, reopen the Bitcoin client and Encrypt your wallet.
|
|
|
|
If everything goes fine, delete the backup and enjoy your encrypted
|
|
|
|
wallet. Note that once you encrypt your wallet, you will never be
|
|
|
|
able to go back to a version of the Bitcoin client older than 0.4.
|
2011-07-02 23:08:35 +02:00
|
|
|
|
2011-08-31 19:28:14 +02:00
|
|
|
Keep in mind that you are always responsible for your own security.
|
2011-07-13 07:21:49 +02:00
|
|
|
All it takes is a slightly more advanced wallet-stealing trojan which
|
|
|
|
installs a keylogger to steal your wallet passphrase as you enter it
|
|
|
|
in addition to your wallet file and you have lost all your Bitcoins.
|
|
|
|
Wallet encryption cannot keep you safe if you do not practice
|
|
|
|
good security, such as running up-to-date antivirus software, only
|
|
|
|
entering your wallet passphrase in the Bitcoin client and using the
|
|
|
|
same passphrase only as your wallet passphrase.
|
2011-07-02 23:08:35 +02:00
|
|
|
|
|
|
|
|
2011-08-11 13:09:25 +02:00
|
|
|
Technical details of wallet encryption
|
|
|
|
--------------------------------------
|
|
|
|
Wallet encryption uses AES-256-CBC to encrypt only the private keys
|
|
|
|
that are held in a wallet. The keys are encrypted with a master key
|
|
|
|
which is entirely random. This master key is then encrypted with
|
|
|
|
AES-256-CBC with a key derived from the passphrase using SHA512 and
|
|
|
|
OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by
|
|
|
|
the speed of the machine which does the initial encryption (and is
|
|
|
|
updated based on the speed of a computer which does a subsequent
|
|
|
|
passphrase change). Although the underlying code supports multiple
|
|
|
|
encrypted copies of the same master key (and thus multiple passphrases)
|
|
|
|
the client does not yet have a method to add additional passphrases.
|
|
|
|
|
|
|
|
At runtime, the client loads the wallet as it normally would, however
|
|
|
|
the keystore stores the keys in encrypted form. When the passphrase
|
|
|
|
is required (to top up keypool or send coins) it will either be queried
|
|
|
|
by a GUI prompt, or must first be entered with the walletpassphrase
|
|
|
|
RPC command. This will change the wallet to "unlocked" state where the
|
|
|
|
unencrypted master key is stored in memory (in the case of GUI, only for
|
|
|
|
long enough to complete the requested operation, in RPC, for as long as
|
|
|
|
is specified by the second parameter to walletpassphrase). The wallet is
|
|
|
|
then locked (or can be manually locked using the walletlock RPC command)
|
|
|
|
and the unencrypted master key is removed from memory.
|
|
|
|
|
|
|
|
Implementation details of wallet encryption
|
|
|
|
-------------------------------------------
|
|
|
|
When the wallet is locked, calls to sendtoaddress, sendfrom, sendmany,
|
|
|
|
and keypoolrefill will return Error -13: "Error: Please enter the wallet
|
|
|
|
passphrase with walletpassphrase first."
|
|
|
|
|
|
|
|
When the wallet is unlocked, calls to walletpassphrase will fail.
|
|
|
|
|
|
|
|
When a wallet is encrypted, the passphrase is required to top up the
|
|
|
|
keypool, thus, if the passphrase is rarely entered, it is possible that
|
|
|
|
keypool might run out. In this case, the default key will be used as the
|
|
|
|
target for payouts for mining, and calls to getnewaddress and getaccount
|
|
|
|
address will return an error. In order to prevent such cases, the keypool
|
|
|
|
is automatically refilled when walletpassphrase is called with a correct
|
|
|
|
passphrase and when topupkeypool is called (while the wallet is unlocked).
|
|
|
|
Note that the keypool continues to be topped up on various occasions when
|
|
|
|
a new key from pool is used and the wallet is unlocked (or unencrypted).
|
|
|
|
|
|
|
|
|
|
|
|
|
2011-04-20 20:45:43 +02:00
|
|
|
See the documentation at the bitcoin wiki:
|
|
|
|
https://en.bitcoin.it/wiki/Main_Page
|
|
|
|
|
|
|
|
... for help and more information.
|