Prevent unencrypted private keys from being written to wallet.dat #635

pull gavinandresen wants to merge 3 commits into bitcoin:master from gavinandresen:encryptionbug changing 7 files +177 −20

gavinandresen commented at 6:52 PM on November 12, 2011: contributor
Unencrypted private keys could remain in the wallet.dat file (and other berkely db database files) after wallet encryption.

This pull request does several things to fix the problem:
1. Completely rewrites the wallet.dat file upon encryption.
2. Removes all keys from the keypool so they will not be used for new transactions (they are encrypted and stored in the new wallet, in case any bitcoins are sent to them).
3. Modifies the database code so temporary database files are cleaned up when bitcoin shuts down
4. Successful encryption of the wallet is now followed by a shutdown, so old unencrypted private keys that might have been in the database's caches will not be written to the new, encrypted wallet file.
laanwj commented at 9:09 AM on November 13, 2011: member
ACK -- only a small issue that can wait:
- The CreateThread(Shutdown, NULL) in bitcoinrpc.cpp should eventually be replaced with something that is safe with the GUI (just like needs to be done when calling 'stop'), as it will result in a race condition and segmentation fault. But for now, I think the number of users that use RPC to encrypt the wallet while running the UI is exactly zero.
Resilvering 9e9869d0fe
Obsolete keypool and make sure database removes log files on shutdown. d764d9161e
add message about restarting bitcoin after encrypting wallet succesfully 4585f7e2c1
gavinandresen referenced this in commit b6d11a3018 on Nov 15, 2011
gavinandresen merged this on Nov 15, 2011
gavinandresen closed this on Nov 15, 2011
coblee referenced this in commit eab160c9c3 on Jul 17, 2012
ptschip referenced this in commit 27bc272cf2 on Jun 6, 2017
Losangelosgenetics referenced this in commit 587dea3263 on Mar 12, 2020
DrahtBot locked this on Sep 8, 2021

Contributors

gavinandresen

laanwj