Topic: Exporting xprv from Bitcoin Core HD wallet (Read 360 times)

That's not really true. There are other environment files created when the wallet is open and data may be in those files, but only temporarily. If the wallet is open, you should not copy just the wallet.dat, you may lose data doing so and could cause corruption. However if Bitcoin Core is safely shut down or the wallet file is unloaded, it is fine to copy the wallet.dat file because that's where everything is actually stored. The contents are not typically in multiple files.

All that the backupwallet command does is flush the data so that it is actually written to the file. Then it copies it. You can achieve the same thing by shutting down Bitcoin Core or unloading the wallet. Note that an unclean shutdown will not necessarily flush everything to the wallet.dat file, so you need to have a clean shutdown.

I was told on irc by luke jr that you should use the backup option. Otherwise the wallet file's contents are strewn across multiple files. The backup option consolidates them into one file.

Really? I was under the impression it is simply creating a copy of the wallet.dat, as all that option seems to do is create a copy of your "wallet.dat"... it isn't creating an archive or anything like that. Or are you saying that the GUI/RPC option makes sure that the wallet.dat is "updated" with current data and then "copied"?


Also, I probably should have mentioned earlier that if you *are* going to be manually copying the wallet.dat, you shouldn't do it while Bitcoin Core GUI or bitcoind is actually running. You should make sure that it is shutdown first.

Which then also begs the question, does shutting down the GUI/bitcoind leave the wallet.dat in a state similar to using the "Backup wallet" option?

Sure, but passphrases are also supposed to be memorable and memorized, so ideally you would also remember what your passphrase is, in addition to having written it down somewhere. And losing your written passphrase isn't as bad as losing the physical backup of your wallet. A passphrase still requires the thing it unlocks, so anyone who finds it either won't know what to do with it or won't be able to to anything with it. And if you lose it, you should still remember it so it isn't like you've lost the backup either.

Of course, verifying your backups means that you will be entering your passphrase so you will be reinforcing the memory of that passphrase too.

Directly copying the wallet.dat file isn't recommended since it may not have everything you need to restore your wallet. You should use the option in the file menu or the RPC command. This consolidates all the data into one file for you.

To encrypt a digital backup you need to create and store a passphrase. Where do you store this passphrase?
Eventually "making a backup" comes down to store a passphrase, and you cannot store it as is using a remote service.

You need then:

1) a digital encrypted backup on a remote storage service
+
2) a passphrase on a physical backup

Make more backups in other locations so it's unlikely that everything would fail simultaneously. And when a storage device fails, the data isn't gone permanently unless the device is physically destroyed (but you should have remote backups), and even then, not always. It's possible to recover data from storage devices even after they are "dead". For example, if you use a spinning hard disk drive and the drive motor, control board, or read head fails (some of the most common causes of drive failures), specialized data recovery services can open up that drive, pull out the platters, and recover all of your data anyways. And you can avoid catastrophic failures by using multiple drives in a RAID array.

Obviously you should have remote backups, whether that's cloud storage or a physical drive you plug in every so often and put a backup on it.

Bit rot is a thing that could affect your backups, but routinely making and verifying backups is something that you should be doing so it really isn't a problem.

If you insist on having a paper backup, you can hex encode or base64 encode the wallet.dat file and print that out 

---

I suppose what you are really looking for is the HD seed that Bitcoin Core uses. The HD seed is used to derive the xprv which is then used to derive the child keys. The HD seed is what Bitcoin Core is able to store and use, not the derived xprv. You can find the HD seed in the file created by dumpwallet. It is a private key that is marked with hdseed=1. You'll probably also want any of your previous HD seeds (if you've changed HD seed before or just encrypted your wallet but had used it before encrypting). Those are private keys marked with inactivehdseed=1. All HD seeds will have hdkeypath=s so that's another way you can find them.

A new Bitcoin Core wallet can have a HD seed set by using the sethdseed command.

---

But, I still wouldn't recommend backing up the HD seed. This kind of backup, while it does backup your private keys, loses a ton of other data. You'll lose all transaction data, which may be annoying to get back if you've exhausted the keypool before (in general, keypools and gap limits are issues with private key only backups). You'll lose any metadata like labels. And you lose the creation date and time of keys (important for making rescans faster).

What you really should be doing for backups depends on what your thread model is. What are you trying to protect against by backing up?

Are you trying to protect against ransomware or other malware that locks you out of your computer? An offline digital backup is sufficient. You could use a hard drive that you backup your whole PC to every once in a while. Or use a remote storage service. You should also encrypt it. To protect against that case, you should be backing up your entire PC anyways, so making an additional physical backup to protect against it doesn't make that much sense.

Are you trying to protect against your house burning down (or some natural disaster) destroying everything in it? Well, your physical paper backup isn't going to stand against a fire. So in that case, again, a digital backup to a remote storage service. You could use a sturdier physical storage medium like metal, but good luck finding it after your house burns down. But it could still be destroyed or rendered unusable by damage. Yes, you could send that physical backup to somewhere else to be stored, but then you need to trust that whoever you are storing it with does so securely, and that that place isn't also destroyed. At least with a remote digital backup, you can be certain that the service provider is backing up their stuff so if their data center is destroyed, your data will still accessible. And you can encrypt it so it will be secure.

Or are you one of those people who uses tails and then nukes the computer they used it on (and more generally, uses ephemeral OSes so everything needs to be re-installed and re-initialized every use)? In that case, a physical backup is probably better for you. Obviously you want to keep your private keys as offline as possible, only putting them on a computer for as little time as necessary. So a physical offline backup is better for your use case. But you still need to consider the implications of your backup being lost or destroyed, so you better have multiple and you'll need to trust whoever is storing them for you.

---

So suppose you've made digital backups and a physical backup, and the reason for the physical backup is "just in case all digital backups fail simultaneously". I don't think that's a good reason to make a physical backup. The reason being, if all digital backups failed simultaneously, you've got bigger things to worry about. Think about what might cause your own computer to physically fail and data become unrecoverable. Think about what a remote service who specializes in cloud storage to lose all of their data and all of their backups. For both to happen simultaneously, the only things I can think of are cataclysmic events. Either some terrible natural disaster has occurred like an asteroid hit the Earth, or a war has broken out and a bunch of cities just got nuked. In either case, you are either dead or have bigger things to worry about than the safety of your Bitcoin. Hell, money probably doesn't matter, and the Internet will basically be destroyed (tons of physical connections will have been severed).

So why would making a physical backup be a bad idea? Well, it's another thing to keep track of, another thing to verify still works. And most people aren't going to encrypt their physical backups (because the UX for doing that sucks). So if you lose that backup or it gets stolen, you'll need to go through the hassle of making a new wallet and moving all of your coins there. Otherwise you risk your coins being stolen. So why risk that? Just make a digital backup instead.

---

In general, I don't really recommend using paper backups if you are using just a software wallet. There are so many other things in a wallet that are necessary for working, more than just private keys. The wallet file provides those things, so really you should be backing up the wallet file, not just the private keys.

If you're using a hardware wallet though, then yes, making a paper offline backup makes sense. The seed is all you need to restore a hardware wallet, but is not enough to restore a software wallet, you need to have both the hardware wallet seed and the wallet file data to truly restore your wallet. But it doesn't make sense to digitally backup the hardware wallet's seed since the whole point of a hardware wallet is to have a kind of airgap. So a physical backup makes sense there. But, as mentioned earlier, you still need to protect against that backup being lost or destroyed.

What is actually your plan? If both storages including the cloud backup fails due to corruption there is no way to recover them back.

If your plan is to write them on the piece of paper you can backup the private key, not the xprv.

You will need to type this command below from the console to export the private key including the import command.


Once you get the private key you can print them or write it on the piece of paper as your physical backup.

Sure, but what should I do when my all digital storage (including cloud one) fails?

Not easy? You simply do as Abdussamad suggested and use the backup wallet option in the menu of the GUI or just backup the "wallet.dat" file directly if you're not using the GUI... how is that not easy?

yeah use the backup wallet option in the file menu of the bitcoin-qt gui instead

While this may "backup" your Bitcoin Core HD wallet, you will not be able to restore it to Bitcoin Core. Currently, xprvs cannot be imported into Bitcoin Core. Furthermore, Bitcoin Core does not use the standard BIP 44/49/84 derivation paths so you will need to find a wallet that lets you enter a custom derivation path. And that wallet needs to let you also use hardened derivation for the addresses themselves.

I would not recommend anyone use this method of backing up your Bitcoin Core wallet.

Hi, I recently wanted to backup my Bitcoin Core HD (hierarchical deterministic) wallet. Unfortunately, Bitcoin Core currently doesn't make it easy, so many of you need a tutorial how to.

Before you proceed, disconnect your computer from the Internet just to be safe.

Simply go to Bitcoin Core, open a console and type in console:
where (filename) is the name of file where you want to export.

If it asks for your wallet passphrase, then type in:
where (passphrase) is a passphrase to your wallet. Then, after you run a dumpwallet command, make sure to lock it again to protect against evil villians who might mess with your computer around:

Then look at a directory your console printed out (most of the time it is yoiur home directory) and open this file with any text editor like Notepad or gedit. Print out or handwrite the line that says "Extended private key".

After you have printed out or handwritten down your private key, delete the file permamently by using Shift + Delete keyboard combination.