Securing web app wallet.dat (Ubuntu)


I'm building a web app making JSON-RPC calls to the bitcoind server. I have security concerns on how to protect the wallet.dat file.

I'm encrypting the directory where wallet.dat will be. Should I also use the bitcoind encryptwallet command? When using Bitcoin client wallets like Electrum every time I send BTC it asks me for my password. Building a web app where users will have their own account (and addresses) should a bitcoind password be used? Does bitcoind store the private keys for every public address generated?



Posted 2013-07-30T06:33:06.923

Reputation: 37



Yes for all your questions.

Suppose you don't encrypt wallet, if someone access your computer with unlocked bitcoin directory (such directory must be readable for running bitcoin) he can steal your BTC.

It might be better just to encrypt wallet and leave unencrypted directory. He can steal encrypted wallet.dat, which isn't useful.


Posted 2013-07-30T06:33:06.923

Reputation: 488

When encrypting my wallet using encryptwallet the following API calls fail until I run walletpassphrase:

settxfee sendtoaddress

Which are essential for my web app.

How would this be done? Every time a user wants to send Bitcoins to another address I will need to call the walletpassphrase function, which requires to enter the passphrase and leaves the wallet.dat file unencrypted for N seconds. – Antoni – 2013-08-01T06:31:00.977

Yes, you are right – ripazha – 2013-08-01T06:56:43.883