Can I force my wallet to only have news keys, post-encryption?

12

1

Now that v0.4 of the bitcoin client has encryption I've gone ahead and encrypted the keys in my wallet. But I had previously made backups of my (unencrypted) wallet and those keys are the same keys that are now encrypted.

This gives me a false sense of security.

Is there any way after I've upgraded to v0.4 and encrypted to force all my existing keys to become invalid and then to spend to a new (encrypted) key so that even if an attacker gets ahold of my backup that my coins are safe?

Stephen Gornick

Posted 2011-09-25T15:59:07.173

Reputation: 26 118

Answers

6

Seems to me that the easiest way would be to create a brand new, encrypted wallet using the new client, then send all your coins to that one and forget about the old one.

(You can force a new wallet by simply deleting wallet.dat before launching the client)

D.H. - bitcoin.se

Posted 2011-09-25T15:59:07.173

Reputation: 5 187

Can I create a brand new encrypted wallet? I thought I could only create a wallet and then encrypt it. i.e., if I had malware already that would copy the wallet.dat as soon as it was created, it would get the unencrypted copy before I had a chance to encrypt.Stephen Gornick 2011-09-25T17:34:21.957

Yeah, I think you're right about that. I was addressing the case where you have some old backup that someone could possibly get ahold of (that's the way you put it in your question). The case where you have malware insta-stealing your new wallet I'm not sure about.D.H. - bitcoin.se 2011-09-25T18:00:52.487

3@Stephen: irrelevant. If you had a malware you could also have a keylogger that would get your passphrase, or whatever else.o0'. 2011-09-26T07:15:14.717

1You can start the client with -keypool=1, then encrypt the wallet, and then restart normally and add an address. Only one key ever touched your hard drive then in unencrypted form. There should be an option to force a new wallet to be created directly in encrypted mode though, but that'll be for after bitcoin-qt is merged.Pieter Wuille 2011-09-26T10:12:08.300

Apparently there were problems with the encryption of existing key pool entries. https://bitcointalk.org/index.php?topic=51604.0

Stephen Gornick 2011-11-12T04:16:54.920

How to transfer all funds to new keys http://bitcoin.stackexchange.com/questions/1272/how-can-i-transfer-all-funds-to-new-keys

Stephen Gornick 2011-12-15T03:42:12.757

Gotta also remember to not re-use any addresses generated prior to encryption. http://bitcointalk.org/index.php?topic=77314.msg859310#msg859310 It is probably best to simply archive the old wallet.dat and start with a new, empty wallet and encrypt it before any receiving any coins.

Stephen Gornick 2012-04-19T18:40:26.230

4

Bitcoin 0.5 will flush the key pool upon encryption. This means that when you encrypt a fresh wallet, none of its active reserve keys will ever have touched the disk in unencrypted form.

Pieter Wuille

Posted 2011-09-25T15:59:07.173

Reputation: 54 032