MacOSX: wallet.dat content should be stored in Mac OSX Keychain #2545

issue jonasschnelli opened this issue on April 22, 2013
  1. jonasschnelli commented at 7:47 AM on April 22, 2013: contributor

    I'm not sure if it's a good idea, but let's see what others think:

    Could we not store the wallet.dat content in the MacOSX keychain? The keychain then would provide a basic security (secured with the login credentials). Of course we could keep the wallet encryption function (encrypted wallet in encrypted keychain data). In my eye it would provide basic security for normal users.

    As you noticed, i'm focusing on mac improvements. Windows 8 should also have a encrypted registry like keychain.

    What do you think about this? Already discussed? I could provide the MaxOSX implementation. It just could be a keychain string store with a base64 string of wallet.dat. Length is limited to NSString length what then would be 2^32 - 1 (4.2 billion chars).

    </jonas>

  2. luke-jr commented at 8:38 AM on April 22, 2013: member
    1. wallet.dat is going away anyway
    2. OS-specific formats like this are not portable and probably hard to backup
    3. What benefit is there to double-encrypting?
  3. jonasschnelli commented at 8:44 AM on April 22, 2013: contributor
    1. okay, i did not notice this (due to i'm new here) :)
    2. right, but export wallet function could be done, but maybe is a overhead?
    3. benefit: novice (normal) users has encrypted walled by default (encrypted with login credentials). If "somebody" grabs the harddrive or a backup of the drive, he cannot get access to the wallet.dat file. I just say, it would prevent normal users from having unencrypted wallets on their disk (it's then like encrypted partitions on your disk).
  4. gavinandresen commented at 3:53 PM on April 24, 2013: contributor

    I agree it would be nice if the OSX wallet was smart enough to store keys in the OSX keychain; it is exactly the type of thing the keychain is designed for.

  5. laanwj added the label Wallet on May 6, 2014
  6. laanwj added the label Feature on Feb 9, 2016
  7. laanwj removed the label Refactoring on Feb 9, 2016
  8. laanwj removed the label Priority Low on Dec 6, 2017
  9. Sjors commented at 8:14 PM on March 16, 2018: member

    I agree that the keychain is a more appropriate place for private keys than the wallet.dat file. In particular this protects users with unencrypted hard drives and non-admin users on a shared computer (?).

    An interesting possibility would be to create a fresh keychain specifically for the wallet.

    I suspect however that it's too much effort to maintain this in a cross platform setup.

    Some practical of issues I'm seeing:

    1. Backups. I suppose backup commands could fetch all keys from the keychain first
    2. macOS might prompt user for keychain access at weird moments, as it needs to save more keys
    3. Multiple wallet support (#11383 / #12610)
    4. Wallet encryption support (is the value that's stored in the key chain encrypted?)
    5. How do we warn the user that they shouldn't delete their keychain and take those keys with them when moving to a new machine?
  10. ryan-mars commented at 9:20 PM on March 16, 2018: none

    I'm not subscribed to this issue or watching this repo but I just received an email notification for @Sjors comment. Is this a Github bug?

  11. 2xic commented at 12:25 AM on March 24, 2018: none

    @Sjors Yes, using the keychain will protect users with unencrypted hard drives and non-admin users on a shared computer. Because "a keychain is an encrypted container" (link). It is also possible to create multiple keychains(with a different password) for the same account. Therefore people sharing the same account can also stay safe. Also, the access to the keychain can be application restricted (only bitcoin core can access the keychain).

    (my answer/thoughts/ideas regarding your comments)

    1. Backups. I suppose backup commands could fetch all keys from the keychain first There is possible to do a simple fetch command. Apple also has a nice tool for transferring the keychain from old to new computers (link). However, I think having a fetch command is good for cross-platform compatibility.

    2. macOS might prompt user for keychain access at weird moments, as it needs to save more keys This might be a problem. I have been doing some test with the keychain API. I do get a prompt for inserting passwords at some weird times (some functions are weirder than others). However, if the keychain support gets backed well enough into the GUI this problem might fade away.

    3. Multiple wallet support (#11383 / #12610) Having a different service name for the keychain or creating a new keychain for each wallet can separate the multiple wallets.

    4. Wallet encryption support (is the value that's stored in the key chain encrypted?) Yes.

    5. How do we warn the user that they shouldn't delete their keychain and take those keys with them when moving to a new machine? I'm no UX expert so this will be a bad answer. Since the keychain will be treated as a wallet.dat, the keychain implementation should get the same warnings as the wallet.dat implementation.

  12. MarcoFalke added the label Brainstorming on Nov 20, 2019
  13. fanquake commented at 12:43 AM on April 26, 2020: member

    I'm going to close this for now. I think the likelihood of us adding more macOS specific code to implement this is very low.

  14. fanquake closed this on Apr 26, 2020
  15. Sjors commented at 11:41 AM on April 26, 2020: member

    If Apple ever adds the correct curve to their secure enclave chips on Macs, and allows signing with it, then we should consider adding support for that.

  16. DrahtBot locked this on Feb 15, 2022
Contributors
jonasschnelliluke-jrgavinandresenSjorsryan-mars2xicfanquake
Labels
FeatureBrainstormingWalletmacOS
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me