1
The Bitcoin API enables programs on the server to use JSON RPC to interact with the Bitcoin wallet. Most commands do not need the wallet locked (which I assume is the same thing as encrypted).
Though, it would be nice to encrypt the wallet.dat file on the server for extra protection. However, it doesn't seem that I can get any extra protection if my program needs to use the passphrase to execute JSON RPC commands such encryptwallet and sendtoaddress. My program and wallet will be on the server. If a hacker accesses my server, he can get the passphrase from my program file and then use that to access the wallet on my server.
Therefore, is there any point in encrypting the wallet on the server, if I need to use commands such as sendtoaddres which needs the passphrase on the server?
I'm not sure I understand the benefit of protecting the wallet on disk, if a hacker can get the passphrase. If the passphrase is in the program file and if a hacker can access the server, then he can take a copy of the wallet and program file and then use the passphrase to access the wallet, no? If a hacker gets the passphrase, then can't he get anything he wants from the wallet? – JLP – 2014-03-08T09:46:30.017
1There's no point in putting a super-secure lock on your back door if you're going to leave the front door open. That doesn't mean there's no point in having secure locks. It's your job to secure the passphrase, it's the wallet's job to keep your funds secure if you keep your passphrase secure. (Don't put the passphrase in the program.) – David Schwartz – 2014-03-08T18:19:28.937
@DavidSchwartz The program on the server needs to send and receive bitcoin via bitcoind. To do this, it is using JSON RPC to invoke the Bitcoin API. To send bitcoin to user, it needs to use sendtoaddress, which needs walletpassphrase with passphrase to be invoked first. Therefore, I assume that the program needs the passphrase in order to call walletpassphrase. If I don't put the passphrase in the program, then how will the program be able to call walletpassphrase to unlock the wallet for sendtoaddress? – JLP – 2014-03-09T18:40:54.307
1@JLP The program gets the passphrase from someplace else, of course. Otherwise, if you changed the passphrase, you'd have to change the program. – David Schwartz – 2014-03-09T19:02:42.127
@DavidSchwartz If I'm reading you correctly, sendtoaddress which requires walletpassphrase to unlock encrypted wallet, which needs a passphrase, should NOT be automated on the server. Are you saying that whenever the server needs to send bitcoins to a user, manual intervention is needed whereby the program prompts an admin person to manually enter the passphrase? – JLP – 2014-03-12T17:04:02.313
1@JLP It depends what you're doing. If you're handling small amounts of money frequently, the program should get the passphrase from a safe place and should handle it carefully. If you're handling large amounts of money infrequently, then yes, get it from a person. If you're handling large amounts of money frequently, ... – David Schwartz – 2014-03-13T21:48:48.613