Bitcoin 0.4.0rc1 BETA Copyright (c) 2009-2011 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying file license.txt or http://www.opensource.org/licenses/mit-license.php. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). Intro ----- Bitcoin is a free open source peer-to-peer electronic cash system that is completely decentralized, without the need for a central server or trusted parties. Users hold the crypto keys to their own money and transact directly with each other, with the help of a P2P network to check for double-spending. Setup ----- Unpack the files into a directory and run: bin/32/bitcoin (GUI, 32-bit) bin/32/bitcoind (headless, 32-bit) bin/64/bitcoin (GUI, 64-bit) bin/64/bitcoind (headless, 64-bit) Wallet Encryption ----------------- Bitcoin supports native wallet encryption so that people who steal your wallet file don't automatically get access to all of your Bitcoins. In order to enable this feature, chose "Encrypt Wallet" from the Options menu. You will be prompted to enter a passphrase, which will be used as the key to encrypt your wallet and will be needed every time you wish to send Bitcoins. If you lose this passphrase, you will lose access to spend all of the bitcoins in your wallet, no one, not even the Bitcoin developers can recover your Bitcoins. This means you are responsible for your own security, store your passphrase in a secure location and do not forget it. Remember that the encryption built into bitcoin only encrypts the actual keys which are required to send your bitcoins, not the full wallet. This means that someone who steals your wallet file will be able to see all the addresses which belong to you, as well as the relevant transactions, you are only protected from someone spending your coins. It is recommended that you backup your wallet file before you encrypt your wallet. To do this, close the Bitcoin client and copy the wallet.dat file from ~/.bitcoin/ on Linux, /Users/(user name)/Application Support/Bitcoin/ on Mac OSX, and %APPDATA%/Bitcoin/ on Windows (that is /Users/(user name)/AppData/Roaming/Bitcoin on Windows Vista and 7 and /Documents and Settings/(user name)/Application Data/Bitcoin on Windows XP). Once you have copied that file to a safe location, reopen the Bitcoin client and Encrypt your wallet. If everything goes fine, delete the backup and enjoy your encrypted wallet. Note that once you encrypt your wallet, you will never be able to go back to a version of the Bitcoin client older than 0.4. Keep in mind that you are always responsible for your own security. All it takes is a slightly more advanced wallet-stealing trojan which installs a keylogger to steal your wallet passphrase as you enter it in addition to your wallet file and you have lost all your Bitcoins. Wallet encryption cannot keep you safe if you do not practice good security, such as running up-to-date antivirus software, only entering your wallet passphrase in the Bitcoin client and using the same passphrase only as your wallet passphrase. Technical details of wallet encryption -------------------------------------- Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases. At runtime, the client loads the wallet as it normally would, however the keystore stores the keys in encrypted form. When the passphrase is required (to top up keypool or send coins) it will either be queried by a GUI prompt, or must first be entered with the walletpassphrase RPC command. This will change the wallet to "unlocked" state where the unencrypted master key is stored in memory (in the case of GUI, only for long enough to complete the requested operation, in RPC, for as long as is specified by the second parameter to walletpassphrase). The wallet is then locked (or can be manually locked using the walletlock RPC command) and the unencrypted master key is removed from memory. Implementation details of wallet encryption ------------------------------------------- When the wallet is locked, calls to sendtoaddress, sendfrom, sendmany, and keypoolrefill will return Error -13: "Error: Please enter the wallet passphrase with walletpassphrase first." When the wallet is unlocked, calls to walletpassphrase will fail. When a wallet is encrypted, the passphrase is required to top up the keypool, thus, if the passphrase is rarely entered, it is possible that keypool might run out. In this case, the default key will be used as the target for payouts for mining, and calls to getnewaddress and getaccount address will return an error. In order to prevent such cases, the keypool is automatically refilled when walletpassphrase is called with a correct passphrase and when topupkeypool is called (while the wallet is unlocked). Note that the keypool continues to be topped up on various occasions when a new key from pool is used and the wallet is unlocked (or unencrypted). See the documentation at the bitcoin wiki: https://en.bitcoin.it/wiki/Main_Page ... for help and more information.