gavinandresen/WalletEncryption

## WalletEncryption
KEPT FOR REFERENCE:  Optional encryption of private keys was implemented starting with Bitcoin version 0.4.


Design notes on what an ideal wallet encryption feature for Bitcoin would look like:

Encrypt only the important information-- the private keys needed to spend coins (sign transactions).

Decrypt only when a key is needed to sign a transaction (on a send).

I don't think encrypting the public keys, transactions/comments is worth it, but that might be
debatable.  If only the private keys are encrypted, then somebody stealing your wallet CAN violate
your privacy and find out the balance of bitcoins in that wallet and see all transactions to/from
that wallet.  If encrypting the public keys/transactions is desired, then I think that should be
done as a separate password (it will have to be entered every time bitcoin starts) and as a
second project.

The Mac has a standard way of storing passwords (the KeyChain).  Are there equivalents for
Windows/Linux? Bitcoin shouldn't reinvent the wheel, but should leverage the system's standard
way of storing/sharing/backing up/recovering passwords.

Changing passwords has to work.

This use case should work:
 + Set password
 + Backup wallet
 + ... time passes...
 + Change password
 + ... time passes, wallet gets (partially, maybe) corrupted...
 + Restore/import backed up wallet : Must be able to enter old password to recover, but old
   keys should be re-encrypted with new password.

JSON-RPC sendtoaddress/sendfrom commands will need an (optional) password param.

Idea from dirtyfilthy in IRC chat:  If private keys are encrypted using a public key,
then generating new ones and encrypting them doesn't require user to enter their password
(only using them to spend would).  That's important because of the way the bitcoin keypool works.

However, that does open up another possible attack:  can write public/private keypairs into your
wallet without your password, and you'll eventually use the attacker's keys (and they can spend
the coins behind your back).
	KEPT FOR REFERENCE: Optional encryption of private keys was implemented starting with Bitcoin version 0.4.


	Design notes on what an ideal wallet encryption feature for Bitcoin would look like:

	Encrypt only the important information-- the private keys needed to spend coins (sign transactions).

	Decrypt only when a key is needed to sign a transaction (on a send).

	I don't think encrypting the public keys, transactions/comments is worth it, but that might be
	debatable. If only the private keys are encrypted, then somebody stealing your wallet CAN violate
	your privacy and find out the balance of bitcoins in that wallet and see all transactions to/from
	that wallet. If encrypting the public keys/transactions is desired, then I think that should be
	done as a separate password (it will have to be entered every time bitcoin starts) and as a
	second project.

	The Mac has a standard way of storing passwords (the KeyChain). Are there equivalents for
	Windows/Linux? Bitcoin shouldn't reinvent the wheel, but should leverage the system's standard
	way of storing/sharing/backing up/recovering passwords.

	Changing passwords has to work.

	This use case should work:
	+ Set password
	+ Backup wallet
	+ ... time passes...
	+ Change password
	+ ... time passes, wallet gets (partially, maybe) corrupted...
	+ Restore/import backed up wallet : Must be able to enter old password to recover, but old
	keys should be re-encrypted with new password.

	JSON-RPC sendtoaddress/sendfrom commands will need an (optional) password param.

	Idea from dirtyfilthy in IRC chat: If private keys are encrypted using a public key,
	then generating new ones and encrypting them doesn't require user to enter their password
	(only using them to spend would). That's important because of the way the bitcoin keypool works.

	However, that does open up another possible attack: can write public/private keypairs into your
	wallet without your password, and you'll eventually use the attacker's keys (and they can spend
	the coins behind your back).