encryptwallet generates new keys or descriptors for a wallet with previously imported keys or descriptors #26607

1. 
   ishaanam commented at 0:01 am on November 30, 2022: contributor

   As noted in #25634, encryptwallet generates new keys or descriptors because:

   We always want to rotate keys after encryption because the old keys were written to disk unencrypted and thus may have been compromised.

   This makes sense for a wallet where the keys/descriptors were generated by the wallet itself. The problem arises when a user explicitly imports a key or descriptor to a previously blank wallet, or in the case of a legacy wallet when they run sethdseed. This is because now the expectation is set that the wallet should only be using these keys/descriptors/seeds, so it is unexpected when the wallet uses something completely different upon encryption.

   Note: Currently when a blank wallet with imported descriptors is encrypted, new descriptors are not generated, but this is considered a bug and will likely be fixed by #25634

2. ishaanam added the label Feature on Nov 30, 2022
3. 
   willcl-ark commented at 5:03 pm on November 30, 2022: contributor

   Hello @ishaanam. I have reproduced what you report with a descriptor wallet, the case where a blank descriptor wallet is created which then has a descriptor imported, followed by being encrypted:

    0will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    1❯ /home/will/src/bitcoin/src/bitcoin-cli -signet createwallet "test-blank" false true
    2{
    3  "name": "test-blank",
    4  "warning": ""
    5}
    6
    7will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15 took 2s
    8❯ /home/will/src/bitcoin/src/bitcoin-cli -signet -rpcwallet=test-blank listdescriptors
    9{
   10  "wallet_name": "test-blank",
   11  "descriptors": [
   12  ]
   13}
   14
   15will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
   16❯ bitcoin-cli -signet -rpcwallet=test-blank importdescriptors '[{ "desc": "wpkh(tprv8ZgxMBicQKsPeXoDSJ3tQ8KWFCAB5kXLLeGwvX1VUSDtTHgvdTD8zVfi59bMTWaytCjsKGmto6JLjmiraYmn75tpYTymqeW6MVjobp7mBAe/84\'/1\'/0\'/1/*)#5mghvzw3", "timestamp": "now", "active": true }]'
   17[
   18  {
   19    "success": true,
   20    "warnings": [
   21      "Range not given, using default keypool range"
   22    ]
   23  }
   24]
   25
   26will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
   27❯ bitcoin-cli -signet -rpcwallet=test-blank listdescriptors
   28{
   29  "wallet_name": "test-blank",
   30  "descriptors": [
   31    {
   32      "desc": "wpkh([862688bd/84'/1'/0']tpubDCoCENbQUJQQfKRSuzsV5bhh7j7jjJqHiQxdqcc8s4mNdjL4WGmWRqziadsuK4YpLRF8s3K2eiuRdLcuzfw4sQQ3qvbtptKZrQb8Gj8DtU3/1/*)#t84l77he",
   33      "timestamp": 1669821301,
   34      "active": true,
   35      "internal": false,
   36      "range": [
   37        0,
   38        999
   39      ],
   40      "next": 0
   41    }
   42  ]
   43}
   44
   45will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
   46❯ bitcoin-cli -signet -rpcwallet=test-blank encryptwallet "passphrase"
   47wallet encrypted; The keypool has been flushed and a new HD seed was generated (if you are using HD). You need to make a new backup.
   48
   49will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
   50❯ bitcoin-cli -signet -rpcwallet=test-blank listdescriptors
   51{
   52  "wallet_name": "test-blank",
   53  "descriptors": [
   54    {
   55      "desc": "wpkh([862688bd/84'/1'/0']tpubDCoCENbQUJQQfKRSuzsV5bhh7j7jjJqHiQxdqcc8s4mNdjL4WGmWRqziadsuK4YpLRF8s3K2eiuRdLcuzfw4sQQ3qvbtptKZrQb8Gj8DtU3/1/*)#t84l77he",
   56      "timestamp": 1669821301,
   57      "active": true,
   58      "internal": false,
   59      "range": [
   60        0,
   61        999
   62      ],
   63      "next": 0
   64    }
   65  ]
   66}
   

   And also the case where a blank legacy wallet uses sethdseed and then encrypts:

     0will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
     1❯ bitcoin-cli -signet createwallet "legacy-blank" false true "" false false
     2{
     3  "name": "legacy-blank",
     4  "warning": "Empty string given as passphrase, wallet will not be encrypted.\nWallet created successfully. The legacy wallet type is being deprecated and support for creating and opening legacy wallets will be removed in the future."
     5}
     6
     7will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
     8❯ bitcoin-cli -signet -rpcwallet=legacy-blank dumpwallet ~/temp/legacy-blank.dat
     9{
    10  "filename": "/home/will/temp/legacy-blank.dat"
    11}
    12
    13will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    14❯ cat ~/temp/legacy-blank.dat
    15# Wallet dump created by Bitcoin Core v24.99.0-1f89af219a89
    16# * Created on 2022-11-30T16:51:30Z
    17# * Best block at time of backup was 119205 (0000006d7edaf1db84ea4dd191a1059c8942a8690d11e5793c101cd9a835867d),
    18#   mined on 2022-11-30T16:47:42Z
    19
    20
    21
    22# End of dump
    23
    24will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    25❯ bitcoin-cli -signet -rpcwallet=legacy-blank sethdseed
    26
    27will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    28❯ bitcoin-cli -signet -rpcwallet=legacy-blank dumpwallet ~/temp/legacy-blank2.dat
    29{
    30  "filename": "/home/will/temp/legacy-blank2.dat"
    31}
    32
    33will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    34❯ cat ~/temp/legacy-blank2.dat
    35# Wallet dump created by Bitcoin Core v24.99.0-1f89af219a89
    36# * Created on 2022-11-30T16:51:59Z
    37# * Best block at time of backup was 119205 (0000006d7edaf1db84ea4dd191a1059c8942a8690d11e5793c101cd9a835867d),
    38#   mined on 2022-11-30T16:47:42Z
    39
    40# extended private masterkey: tprv8ZgxMBicQKsPf41GqRFE9oJ5LUFaUYSPoTvW2DGfkMHS23JkYmUpJESovxhE16tukeFoAWZeDMjKLpvY6HV4CnmztJd9KZ9UVmr6W4YQ1ND
    41
    42cS1EGujnQyHVrF1QgNDa6HA3mzaCbmzPAud92qCr9Hjqz5kt9nZQ 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqqq7eevru93f5fgjfsl4948758tg28pa2fwx87 hdkeypath=m/0'/1'/612'
    43cTKQkvH1EhvBn19sHmuksEbsr84DF1GPJo2fc3XiJa3uHZW8Awhb 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqq8jhplnkk2mxdwvvp2qwc74z2052mnmhx20dt hdkeypath=m/0'/0'/964'
    44cRp9qb6iy1numr64PVuP2VpJ6Gz884zaXyLeD6hEvveM9SmkUX8C 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqqvqj3nc248fdwzsqxwxcpjxjxvgx84k2zl9nc hdkeypath=m/0'/0'/841'
    45cVAwysyi3RNmGZvhMqZcEzgUx2wvbRA2o4YHGaQvL63cRmArx8Mr 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqqd7cst9e6qzq8nfq5g935trxq84uzzvpdzyfn hdkeypath=m/0'/1'/245'
    46cPkM9wtpU8vQKKBXhFkjErnZRArZYS2vaMDGqVQ4SgcpBpXuezBh 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqpy8638txumqzwzmv4zd29mnguad56l0qwu2ny hdkeypath=m/0'/0'/554'
    47cQ9UtSdvhwm9xUxWYLZS17gusvVQfVuq71Bi1NcVe2DV7NbHZgmy 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqzv4tkl0l4lqx5z6d4r3s7nxeejvdkd3ucjz35 hdkeypath=m/0'/0'/131'
    48cR9TR27yCJS8jFTafPVHy1iWurzHZzacFKsWhPbAAz8pM215yTTY 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqrs9ja6r3pvcu4leyw26ary07un2zjy8a5nhcc hdkeypath=m/0'/0'/820'
    49cSNwBi2pTk6gnXhdn64cTtxrErGjSiB72jweqGx1zMdwNqNGe18X 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqruy7wpm4ayh544ladrq65nkrv5l8mfu2tncnn hdkeypath=m/0'/1'/223'
    50cNVmGK1Nec7xMbpfYrgAXeFNU4gByhe4pnx529Hy5GvZtbopWePV 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqy3yhqml6uym38evxqmndk5g0f0sh9lkpqg5lr hdkeypath=m/0'/0'/617'
    51cTNhdN6iRCuDSRQNSPVUEDSBWrhNd19vjPUQCrjK4w3e66CJ2ewx 2022-11-30T16:51:52Z reserve=1 # addr=tb1qqynzxhkfug3a25ddnus42tcvt427mqysrf6eea hdkeypath=m/0'/1'/305'
    52cS2UVev83tCmKhJNMFmmnoVQT25ctfrY9SuoAzQS5PaD4VizZy9Q 2022-11-30T16:51:52Z reserve=1 # addr=tb1qq99sclx9hw96msjwwyq80ky0z00tle8epayuzw hdkeypath=m/0'/1'/418'
    53
    54~snip~
    55
    56# End of dump
    57
    58will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    59❯ bitcoin-cli -signet -rpcwallet=legacy-blank encryptwallet "passphrase"
    60wallet encrypted; The keypool has been flushed and a new HD seed was generated (if you are using HD). You need to make a new backup.
    61
    62will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    63❯ bitcoin-cli -signet -rpcwallet=legacy-blank walletpassphrase "passphrase" 1000
    64
    65will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15
    66❯ bitcoin-cli -signet -rpcwallet=legacy-blank dumpwallet ~/temp/legacy-blank2-2.dat
    67{
    68  "filename": "/home/will/temp/legacy-blank2-2.dat"
    69}
    70
    71will@ubuntu in bitcoin on  mempool-use-result [$] via 🐍 v3.6.15 took 2s
    72❯ cat ~/temp/legacy-blank2-2.dat
    73# Wallet dump created by Bitcoin Core v24.99.0-1f89af219a89
    74# * Created on 2022-11-30T16:52:55Z
    75# * Best block at time of backup was 119205 (0000006d7edaf1db84ea4dd191a1059c8942a8690d11e5793c101cd9a835867d),
    76#   mined on 2022-11-30T16:47:42Z
    77
    78# extended private masterkey: tprv8ZgxMBicQKsPdMzt7AQkfLZYJmRSZuneBTHrFWHufW4RY7CnxLU145V9KrzVgD9Uae3zuqNPXnYCYwHM8sHRUevy8EnAQZKvsTsjhdE5SzH
    79
    80cS1EGujnQyHVrF1QgNDa6HA3mzaCbmzPAud92qCr9Hjqz5kt9nZQ 2022-11-30T16:51:52Z change=1 # addr=tb1qqqq7eevru93f5fgjfsl4948758tg28pa2fwx87 hdkeypath=m/0'/1'/612'
    81cTKQkvH1EhvBn19sHmuksEbsr84DF1GPJo2fc3XiJa3uHZW8Awhb 2022-11-30T16:51:52Z change=1 # addr=tb1qqq8jhplnkk2mxdwvvp2qwc74z2052mnmhx20dt hdkeypath=m/0'/0'/964'
    82cRp9qb6iy1numr64PVuP2VpJ6Gz884zaXyLeD6hEvveM9SmkUX8C 2022-11-30T16:51:52Z change=1 # addr=tb1qqqvqj3nc248fdwzsqxwxcpjxjxvgx84k2zl9nc hdkeypath=m/0'/0'/841'
    83cVAwysyi3RNmGZvhMqZcEzgUx2wvbRA2o4YHGaQvL63cRmArx8Mr 2022-11-30T16:51:52Z change=1 # addr=tb1qqqd7cst9e6qzq8nfq5g935trxq84uzzvpdzyfn hdkeypath=m/0'/1'/245'
    84cPkM9wtpU8vQKKBXhFkjErnZRArZYS2vaMDGqVQ4SgcpBpXuezBh 2022-11-30T16:51:52Z change=1 # addr=tb1qqpy8638txumqzwzmv4zd29mnguad56l0qwu2ny hdkeypath=m/0'/0'/554'
    85cQ9UtSdvhwm9xUxWYLZS17gusvVQfVuq71Bi1NcVe2DV7NbHZgmy 2022-11-30T16:51:52Z change=1 # addr=tb1qqzv4tkl0l4lqx5z6d4r3s7nxeejvdkd3ucjz35 hdkeypath=m/0'/0'/131'
    86cR9TR27yCJS8jFTafPVHy1iWurzHZzacFKsWhPbAAz8pM215yTTY 2022-11-30T16:51:52Z change=1 # addr=tb1qqrs9ja6r3pvcu4leyw26ary07un2zjy8a5nhcc hdkeypath=m/0'/0'/820'
    87cSNwBi2pTk6gnXhdn64cTtxrErGjSiB72jweqGx1zMdwNqNGe18X 2022-11-30T16:51:52Z change=1 # addr=tb1qqruy7wpm4ayh544ladrq65nkrv5l8mfu2tncnn hdkeypath=m/0'/1'/223'
    88cNVmGK1Nec7xMbpfYrgAXeFNU4gByhe4pnx529Hy5GvZtbopWePV 2022-11-30T16:51:52Z change=1 # addr=tb1qqy3yhqml6uym38evxqmndk5g0f0sh9lkpqg5lr hdkeypath=m/0'/0'/617'
    89cTNhdN6iRCuDSRQNSPVUEDSBWrhNd19vjPUQCrjK4w3e66CJ2ewx 2022-11-30T16:51:52Z change=1 # addr=tb1qqynzxhkfug3a25ddnus42tcvt427mqysrf6eea hdkeypath=m/0'/1'/305'
    90cS2UVev83tCmKhJNMFmmnoVQT25ctfrY9SuoAzQS5PaD4VizZy9Q 2022-11-30T16:51:52Z change=1 # addr=tb1qq99sclx9hw96msjwwyq80ky0z00tle8epayuzw hdkeypath=m/0'/1'/418'
    91
    92~snip~
    93
    94###### New addresses ######
    95
    96cPV9EqcMDSDas3VZ6w7oaRiCu4stExvw4M6NCuHcP8Qane1qX2XY 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqyttdptmedemkqr7lr0swf9nnhmrehvsqpntly hdkeypath=m/0'/0'/790'
    97cRtq38h74CLuj4yVoFGZCxTmf1AAvmkKXg45zykQauNRULJ9RBGE 2022-11-30T16:52:19Z reserve=1 # addr=tb1qq9fnzts4z9mq7vl922ta4t2agtv79h37zluyml hdkeypath=m/0'/0'/874'
    98cRpUnfmr4VhaRBy3aa3NUrTWyxM9s9NcQLsuQqzXKYNxeGiescGS 2022-11-30T16:52:19Z reserve=1 # addr=tb1qq927zlr6ud6ydqrzqu2ulymrtms4vztzez3el6 hdkeypath=m/0'/0'/868'
    99cV4k5mGr5SSXJVdsxe1MnWVwjVLzY29HKBK6TjtF1n169dFbWWC8 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqgameyljj8h0a2w0ezjxnydsy486f8nqs55q09 hdkeypath=m/0'/0'/14'
   100cRzic43ysjCsgAzpVWWkiFBFDoVfPMfcEnb27UyF55DENhCdsk8p 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqgl2xpd696jzg6j2y2w2zhlzy50leqpwva4eht hdkeypath=m/0'/0'/521'
   101cNHUHxEkbs52cBPXRqJa8fYNUkdxo6citXaYyUSdNqASdw5UQ3cQ 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqf5n9lkz2qmawyju6u0nxa0fzw7yu56y0fpxdc hdkeypath=m/0'/0'/830'
   102cPnTRrudruF1QAW9VPj69KaAD1qpDrVwUUgHn9wohkBFU1z7TgA9 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqfme4qxadtztftdcjmm3v9tgnhhzg2f38048ev hdkeypath=m/0'/0'/819'
   103cTqZE7LZL6Y2Vb9th38YahQHQdbG5etqkweMVcXq6a1MNwkVKXzk 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqfu9suhw39vzdgwuvtlwlj44l73m56zrkk29f6 hdkeypath=m/0'/0'/558'
   104cUM5taDcfGzrTLpn67MZTJF2t3sFcw97cquRMrRexHZMGSzsDZj6 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqfl2ax7rmr4euq2prte6hkkex85hpc48shka2q hdkeypath=m/0'/0'/665'
   105cMnvMLYxhBb6GZY7r9Xc8LjtCVh8Bu1kspmSosJzM5Etq2ppuv7T 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqt8qkjyazm0lzmta2m8dw0kzr5j2czxl84eq78 hdkeypath=m/0'/0'/692'
   106cSgiy6EBZZY5TaxXHKc14CicwqVwXcdZpx8AZ9c4kzNEhRZiBSkG 2022-11-30T16:52:19Z reserve=1 # addr=tb1qqv7sye9g0283yr387v9l3e08c4cwgkqc5d3zrw hdkeypath=m/0'/0'/336'
   107
   108~snip~
   109
   110# End of dump
   

   I think it’s important to note in both cases that imported keys/descriptors are never deleted, but rotating to keys generated after encryption seems desirable to me too. As @achow101 says, the warnings are pretty explicit in the GUI and RPC that a new backup needs to be made:

   wallet encrypted; The keypool has been flushed and a new HD seed was generated (if you are using HD). You need to make a new backup.

   Is your issue therefore about the visibility/importance of this warning message, or that you think the behaviour is so unintuitive that users will still get it wrong?

4. 
   ishaanam commented at 5:31 am on December 5, 2022: contributor

   Hey @willcl-ark, thanks for taking a look at this.

   I think it’s important to note in both cases that imported keys/descriptors are never deleted, but rotating to keys generated after encryption seems desirable to me too.

   Yes, this is desirable but only when a user is using keys generated by the wallet. Doing this after importing is unintuitive because when something is explicitly imported, it is expected to be used.

   Is your issue therefore about the visibility/importance of this warning message, or that you think the behaviour is so unintuitive that users will still get it wrong?

   This can be considered more of a feature request for the following suggestion by @achow101 made in the linked PR:

   Perhaps there needs to be some distinction between “this wallet needs to start out without any automatically generated things” and “this wallet must only have things the user adds explicitly”.

   In the latter scenario, a wallet would not rotate keys upon encryption because that would violate this property. If this explanation helped clarify things please let me know and I will update the PR description to reflect some of this.

5. 
   willcl-ark commented at 9:31 am on September 15, 2023: contributor

   Another (cleaner) way to circumvent this issue would be to create a new blank encrypted wallet and import the descriptors into that directly.

Contributors
ishaanam willcl-ark

Labels
Feature