Page MenuHomePhabricator

[wallet] Reopen CDBEnv after encryption instead of shutting down

Authored by Fabien on Jan 10 2020, 16:15.


Shutting down the software was to prevent the BDB environment from
writing unencrypted private keys to disk in the database log files, as
was noted here. This PR replaces the shutdown behavior with a CDBEnv
flush, close, and reopen which achieves the same effect: everything is
cleanly flushed and closed, the log files are removed, and then the
environment reopened to continue normal operation.

To ensure that no unencrypted private keys are in the log files after
encrypting the wallet, I wrote this script to pull private keys from the
original wallet file and searches for these keys in the log files (note
that you will have to change your file paths to make it work on your own

As for concerns about private keys being written to slack space or being
kept in memory, these behaviors no longer exist after the original
wallet encryption PR and the shutting down solution from 2011.

Backport of core PR12493:

Test Plan
ninja all check
./test/functional/ wallet_*

Run bitcoin-qt and encrypt your wallet. Check the app is no longer restarting.

Diff Detail

rABC Bitcoin ABC
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

This revision is now accepted and ready to land.Jan 10 2020, 17:44