Skip to content

New encrypted wallet file header:#10339

Draft
ecdsa wants to merge 7 commits into
masterfrom
new_file_headers
Draft

New encrypted wallet file header:#10339
ecdsa wants to merge 7 commits into
masterfrom
new_file_headers

Conversation

@ecdsa

@ecdsa ecdsa commented Dec 2, 2025

Copy link
Copy Markdown
Member
  • the file is encrypted with a master key
  • the master key is encrypted with one or several passwords
  • passwords can be added to or removed from the list
  • a hmac of the file is written at the beginning of the file
  • passwords can be checked/updated without having to read/write the whole file
  • the GUI assumes a single password
  • partial writes: encrypted blobs are appended at the end of the file each blob is prefixed by its length can recover from incomplete write: hmac is updated after appending

@ecdsa ecdsa force-pushed the new_file_headers branch 2 times, most recently from ac622ca to 63d679e Compare December 2, 2025 16:17
@ecdsa ecdsa added the topic-walletstorage 💾 not wallet itself but storage/db-related label Dec 2, 2025
@SomberNight

Copy link
Copy Markdown
Member

related #5999

ecdsa added 3 commits June 30, 2026 13:10
  - WalletDB no longer inherits from JsonDB, it uses a StoredDict
  - JsonDB inherits from BaseDB
  - FileStorage is only seen by JsonDB
  - calling JSonDB constructor creates the storage

note: this commit temporarily breaks DB upgrades
ecdsa added 4 commits June 30, 2026 13:52
this restores DB upgrades.
(DB upgrades require not converting stored classes)
Add unit test of atomicity.
Use a write batch for DB upgrades.
 - the file is encrypted with a master key
 - the master key is encrypted with one or several passwords
 - passwords can be added to or removed from the list
 - a hmac of the file is written at the beginning of the file
 - passwords can be checked/updated without having to read/write the whole file
 - the GUI assumes a single password
 - partial writes:
    encrypted blobs are appended at the end of the file
    each blob is prefixed by its length
    can recover from incomplete write: hmac is updated after appending
 - always commit change to disk, unless we are in a write_batch
 - if we are in a write_batch, commit to disk and to memory at the same time
 - remove wallet.save_db, json_db.set_modified

As a result, db_upgrades now require one write batch per upgrade

Also, raise an exception if we try to write when the DB is closed.
Note that the sanity check in test_storage_upgrade was removed,
because it side effects the storage: calling wallet.stop() closes the DB.
@ecdsa ecdsa force-pushed the new_file_headers branch from 98da4e5 to 2e94270 Compare June 30, 2026 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

topic-walletstorage 💾 not wallet itself but storage/db-related

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants