Topic: Question about wallet formats (Read 631 times)

If you're paranoid (like me), you may want to look for a zero-knowledge backup provider. I use SpiderOak myself; their software has always been a little bit twitchy (I probably spend an hour or so troubleshooting it every 6 months), but their security model appears to be pretty good, and their pricing is fair but there are cheaper ones out there. (I do let my wallet files get backed up to them).

Another great answer, thanks! Just wanted to know if it was safe to send around fairly publicly (for backup intentions).

Exactly.



Yes, with the same caveats as most other wallets--

• Weak passwords can be brute-forced (but Armory's KDF is one of the best among Bitcoin wallet software, so it takes longer/costs more to perform brute-force attacks).
• Your privacy is lost / transaction history is viewable (this is true of most, but not all, wallets).
• If your wallet file is stolen by malware, that same malware can probably wait for you to type in your password and then steal it as well.
• If you lose your wallet file with its encrypted private keys and any single private key associated with that wallet, then all of the private keys in that wallet are compromised (can be computed). This is true of many deterministic wallets.

Sorry, my answer went the lazy route (going off what I know already  )

Great answer, thanks!

EDIT: So if I get this straight the encrypted wallet version is basically the same as the normal wallet just that I manually created it using the program. So the "encrypt"-text is just there to clarify it?
EDIT2: Are my private keys safe should someone get a hold of the "normal" wallet file?

The armory_xxxxxxxx_.wallet file is your "normal" wallet file; it's what's used by Armory. Its private keys are always encrypted by Armory.

The armory_xxxxxxxx_encrypt.wallet file is an private-key-encrypted "digital backup" file which you made at some time in the past; you probably simply forgot that you (manually) made this backup (check its last modified date, it will be whenever you created that backup). It is safe to move this file to another location if you like (or delete it... you did make a paper backup, right? )

You can also make a completely unencrypted "digital backup" (by default it would be called armory_xxxxxxxx_decrypt.wallet); if you choose to do so, you'll get a strongly-worded warning about the dangers of making it unencrypted.


The wallet format (the "1.0" format) is pretty well documented over here: https://bitcoinarmory.com/wallet-format/

The optional encryption (which is always used for normal wallet files and for encrypted digital backups) individually encrypts each 32-byte private key (and only the private keys). Each private key is encrypted with AES-256 in CBC mode with no padding, and a randomly generated IV (stored alongside each private key). The single encryption key is derived from the user's password with a custom KDF based on Colin Percival's ROMix function, except it uses SHA-512 as the mixing function instead of BlockMix_Salsa20/8 as originally specified in Percival's scrypt paper (and it also has a few other tweaks compared to ROMix). The KDF uses 16 bytes of salt. (ROMix is the memory-hard part of scrypt.)

I think it's binary, or a binary map. Just as usable to someone who's motivated to take the BTC inside (i.e. just as much raw information as a plain text privkey)

What is the difference between these two:

• armory_xxxxxxxx_.wallet
• armory_xxxxxxxx_encrypt.wallet

That one is encrypted is fairly clear but isn't the normal file "encrypted" as well? Does the first file really contain private keys in plain text?