Topic: How does wallet.dat work? - page 2. (Read 3232 times)

Other than the minor correction above, you're exactly right.

Actually, one other minor detail if it matters: there will be one signature per incoming transaction you unlock, rather than per address.  So this transaction would have 5 signatures - 3 from the first key, 2 from the second.

I'm thinking about transactions as atomic, so say you have 3x1BTC incoming on one address (adr1) and 2x1BTC on another (adr2) and 1x5BTC outgoing (payment), then the swarm know you have 5BTC (because they can verify the sum on addresses you have as 5?) does that mean you say "I holder of adr1 and adr2 now give ownership of 5BTC to address XXX and here is a public key to prove i have the private keys to adr1 and adr2"?

Nice.   

Simple version.  The wallet.dat just contains your private key*.  You sign over ownership of coins** sent to your addresses to the new owner.  The transaction records the transfer of ownership.  To prevent someone else (say me) from transferring your coins for you (to my wallet) the network verifies that the transaction is signed by the private key of your address(es).

Every one of your addresses has a corresponding private key.  The magic of ECDSA (and all public/private key encryption) is you can share the public key and keep the private key a secret.  This ensure only you can sign messages with the private key but anyone can verify those messages with the public key.   You don't actually ever send or receive coins, you ANNOUNCE to the world the ownership change.  

Kinda like the digital equivalent of:

later when I spend it:





* Technically it contains more but that is merely to prevent a need to recreate the wallet on each startup.  The private keys are what can't be replaced.  They are the secret part.  If you delete your wallet.dat and don't have a backup it is the lost private keys that you will be crying about.  There are no coins in your wallet, your coins are "safe" the only problem is without access to the private keys you will never be able to transfer/spend them.  You can forever view them on the blockchain if you like.

** Coins are actually an abstraction.  The network works on the concept of inputs and outputs.  All transactions (except newly minted coins) have as their input the output of a prior transaction.  When your wallet says "you have 20 BTC" what it really means is "I have done an exhaustive search of the blockchain and the the combined sum of the value of all the unpsent outputs assigned to addresses for which I have access to the private key total 20 BTC".

I believe the transactions are stored in the blockchain, not the wallet.dat

The private keys are stored in the wallet.dat

So, your client program (I assume you are using Bitcoin-Qt?) uses the information in the wallet.dat to search through the blockchain for transactions that match the known private keys.

Yes, you can't update the blockchain with a new transaction without first proving that you have the private keys to the previous transactions that you want to use as inputs to your new transaction.  Using digital signatures you demonstrate that you have the private key that is associated with the addresses used in the previous transactions and in doing so you assign a new address for the value to be associated with.  Other nodes and miners validate the signature and relay the transaction.  Eventually a miner includes the transaction in a block in the blockchain.

When you spend coins, your client broadcasts a message announcing the new owner of the coins - specifically, the hash of the new owner's public key, which is what's encoded in a bitcoin address.  This message is signed with the private key on record as being the "current owner" (that's you, and that's what makes the coins yours in the first place).  The message also includes a copy of the public key, since the rest of the network may not have it (since transactions identify the new owner only by the hash).  Both of those were generated when you created the address in the first place, possibly before.

The network accepts the public key as long as its hash matches the record everybody knows about.

Ok, I was talking about ECDSA, so in the wallet there are the few transactions with a private key to prove I own them? When do I prove that I own coins? When I spend them I gather but how?

Correct.  I would add that the wallet encryption uses thousands of rounds of SHA-256 to convert the passphrase to the AES key.

So to OP when you say what encryption is used it is important to clarify what are you asking.

What algorithms does Bitcoin use to verify transactions? Transactions are signed by the private keys using ECDSA and verify by miners using the corresponding public keys to verify authenticity

vs

What algorithms does the client use to PROTECT the private keys?  The client uses SHA-256 (for key generation) and AES_256 to encrypt/decrypt the private key portion of the wallet using a passphrase supplied by the user.

Not sure what you are asking here.

Bitcoin uses a digital signature cryptographic function (secp256k1 ECDSA) to "sign" the transaction with a private key. To be a valid signature, the private key used has to match the public key that was hashed to create the address that the bitcoins were previously spent to.

This is all done with hashes and digital signatures (types of cryptographic functions)

The only thing I can think of that is "encrypted" is the private keys in your wallet.  If you choose to encrypt your wallet, Bitcoin-Qt will use the EVP_Encrypt functions from OpenSSL to encrypt the private keys using a type of aes_256_cbc() (I think).

So in wallet.dat there are private keys for unlocking bitcoins sent to an address. But how does that work? What encryption algo is used?