What is point of encrypting wallet, if Bitcoin API's sendtoaddress needs passphrase?

1

The Bitcoin API enables programs on the server to use JSON RPC to interact with the Bitcoin wallet. Most commands do not need the wallet locked (which I assume is the same thing as encrypted).

Though, it would be nice to encrypt the wallet.dat file on the server for extra protection. However, it doesn't seem that I can get any extra protection if my program needs to use the passphrase to execute JSON RPC commands such encryptwallet and sendtoaddress. My program and wallet will be on the server. If a hacker accesses my server, he can get the passphrase from my program file and then use that to access the wallet on my server.

Therefore, is there any point in encrypting the wallet on the server, if I need to use commands such as sendtoaddres which needs the passphrase on the server?

JLP

Posted 2014-03-07T20:00:57.487

Reputation: 209

Answers

2

The wallet passphrase is there to protect the wallet file on disk. It is not an authentication mechanism or a security measure against anyone who can see what is sent to it. It does however prevent private keys from hitting disk in readable form.

Pieter Wuille

Posted 2014-03-07T20:00:57.487

Reputation: 54 032

I'm not sure I understand the benefit of protecting the wallet on disk, if a hacker can get the passphrase. If the passphrase is in the program file and if a hacker can access the server, then he can take a copy of the wallet and program file and then use the passphrase to access the wallet, no? If a hacker gets the passphrase, then can't he get anything he wants from the wallet?JLP 2014-03-08T09:46:30.017

1There's no point in putting a super-secure lock on your back door if you're going to leave the front door open. That doesn't mean there's no point in having secure locks. It's your job to secure the passphrase, it's the wallet's job to keep your funds secure if you keep your passphrase secure. (Don't put the passphrase in the program.)David Schwartz 2014-03-08T18:19:28.937

@DavidSchwartz The program on the server needs to send and receive bitcoin via bitcoind. To do this, it is using JSON RPC to invoke the Bitcoin API. To send bitcoin to user, it needs to use sendtoaddress, which needs walletpassphrase with passphrase to be invoked first. Therefore, I assume that the program needs the passphrase in order to call walletpassphrase. If I don't put the passphrase in the program, then how will the program be able to call walletpassphrase to unlock the wallet for sendtoaddress?JLP 2014-03-09T18:40:54.307

1@JLP The program gets the passphrase from someplace else, of course. Otherwise, if you changed the passphrase, you'd have to change the program.David Schwartz 2014-03-09T19:02:42.127

@DavidSchwartz If I'm reading you correctly, sendtoaddress which requires walletpassphrase to unlock encrypted wallet, which needs a passphrase, should NOT be automated on the server. Are you saying that whenever the server needs to send bitcoins to a user, manual intervention is needed whereby the program prompts an admin person to manually enter the passphrase?JLP 2014-03-12T17:04:02.313

1@JLP It depends what you're doing. If you're handling small amounts of money frequently, the program should get the passphrase from a safe place and should handle it carefully. If you're handling large amounts of money infrequently, then yes, get it from a person. If you're handling large amounts of money frequently, ...David Schwartz 2014-03-13T21:48:48.613