Encrypting, Backing-Up, and Restoring Your Qtum Wallet

in qtum •  last year

qtom_logo.png

Overview

This post describes how to encrypt, backup, and restore your Qtum wallet.

Encrypting your wallet makes it difficult for your wallet to be opened (and used) without your passphrase. Similarly, having multiple secure backups of your wallet is also important to prevent losing your Qtum coins.

NOTE: This is not an official post from the Qtum (Quantum) team. I'm merely a fan.

Caveats!

Before proceeding, I want to make the following very clear:

  • I recommend that you backup your wallet BEFORE encrypting your wallet, "just in case".
  • Encrypting your wallet will change your HD wallet's master private key (see below for details). Make sure that you do not use your older wallet after it has been encrypted.
  • If you want to copy or move the wallet file (e.g. wallet.dat), make sure to shut down your wallet/node program (e.g. qtum-qt) first.
  • When encrypting your wallet, it is recommended to have started the wallet/node program (e.g. qtum-qt) with the -noconnect option (see below for details).
  • If you encrypted your wallet, you must unlock it (at least "just for staking") to stake QTUM coins.
  • It is virtually impossible/unpractical to create a perfectly (100% guaranteed) secure system. As such, there will always be some risk in performing security-related operations (e.g. such as typing a passphrase, etc.)

This will also be repeated in the text below, but keep the guidance given above in mind.

Assumptions

As before, I will be making the following assumptions in this guide:

  1. You are using either macOS/OSX or Linux (e.g. x86_64/amd64 Ubuntu 16.04). My screenshots will be from macOS.
  2. You are familiar with using the Unix shell (e.g. bash), Unix commands, and tools (e.g. tar). For Windows users, you'll need to find the equivalent commands (feel free to ask for help in the comments -- or, even better, join the Qtum community on Slack or Reddit).

The qtum-qt GUI wallet will be used in this guide, however the qtumd wallet could also be used (with the qtum-cli tool).

Installing and Starting the Qtum Wallet

Follow the instructions in my earlier post to install and start the Qtum GUI wallet. Make sure to download the latest Qtum wallet (e.g. Skynet Release v1.2 as of this writing).

NOTE: It is not necessary to download the Qtum blockchain for this guide, so it is recommended that you specify the following command-line parameter:

$ bin/qtum-qt -noconnect

Using -noconnect will prevent the qtum-qt (or qtumd) wallet/node from downloading the blockchain. For this guide, we're only going to be operating on the wallet.

Even with the -noconnect command-line, the wallet will show a warning and appear to want to connect to the Qtum network -- but it really isn't (this minor annoyance will be fixed as part of issue #315). You can dismiss/hide the warning.

You'll recall that the wallet file (i.e. wallet.dat, by default) is installed (by default) in the following OS-specific directory:

  • On Linux: ~/.qtum
  • On macOS/OSX: ~/Library/Application Support/Qtum
  • On Windows: %APPDATA%\Qtum

Please make sure that you are able to find your wallet.dat file. We'll be working with this file later.

The Debug Console

The qtum-qt GUI wallet contains a built-in "debug" console that you can use to interface with the wallet (beyond what the GUI normally offers). Using the Debug Console is more or less equivalent to using the bin/qtum-cli tool (i.e. making RPC calls).

To access the Debug Console, select "Debug window" under the "Help" menubar:
qtumqt-debug-window.png

Next, select the Console tab:
qtumqt-deug-console.png

At the prompt (at the bottom) you can type commands such as getwalletinfo:
qtumqt-debug-getwalletinfo-input.png

After pressing Enter/Return, you'll get a result:
qtumqt-debug-getwalletinfo-output.png

You can type help to get a listing of available commands.

HD Wallet

Unless you've (oddly) specified otherwise (using a special command-line option), the Qtum wallet is an HD Wallet. In simple terms, this means that the addresses created by your wallet are pre-determined. This is useful since you don't need to back-up your wallet each time it allocates a new Qtum address. By default the wallet will pre-create 100 addresses, and it will take care of adding more addresses as needed.

As noted in the Caveat section, if you encrypt your wallet it will also change the master private key -- which means that future (pre-determined) addresses (beyond what was in your wallet when you encrypted it) will change.

Optional (unsecure): Dumping the wallet addresses to a file

As an (optional) unsecure activity to view the pre-created HD wallet addresses, you can dump the keys and addresses within your wallet to a file. The wallet dump file will contain all of your (private) keys and their associated Qtum addresses -- so this is not a recommended activity to perform on a wallet you intend to keep secure.

You may want to specify the -datadir=<some_temporary_directory> command-line parameter (in addition to -noconnect) to your wallet/node program (e.g. qtum-qt) just to perform this activity. This will create a new wallet (i.e. wallet.dat file) and other files and directories at the specified (temporary data directory) location. After performing this activity, feel free to delete the temporary data directory.

Using the Debug Console (see above), enter the following:

> dumpwallet /tmp/wallet_dump.txt

NOTE: Replace /tmp/wallet_dump.txt (above) with a directory/filename of your preference.

Open /tmp/wallet_dump.txt in your favourite text editor. You'll notice it contains something like this:

# Wallet dump created by Qtum v0.14.2.0-797c365-dirty
# * Created on 2017-09-04T22:01:27Z
# * Best block at time of backup was 16752 (9d57d56217fff0ba9fe948189529b6b05eab9634b511b96fad7665f2a6685a83),
#   mined on 2017-09-04T22:00:32Z

# extended private masterkey: xprv9s21ZrQH143K32GwedMSgRTR4dFQeHX27y8QpyzdoUv58e9n4MfJiEwyAvJc974i48GGJMqrhA2tPQyYyr7FrUnh7vwUN3wUo2bUFCuj4w2

L1Pu11NpYqNcozCYFpojbAff3sCMRoubgSJHN6S8Vc3BD8qaeug5 2017-09-04T21:55:04Z reserve=1 # addr=QLf8eTZwSMEsud9P1gBWUb4HM6u9asTH1o hdkeypath=m/0'/0'/9'
KwwnFgfhdNEm6ZeNZpf5Q77oBymcT6hgDY9DNaHF3xbM5PdLUQwP 2017-09-04T21:55:04Z label= # addr=QM4SUqLkzoMM5TStmNeWQU18wbqzbNtUDo hdkeypath=m/0'/0'/0'
L5DbkJaPBDMiPApP43fzaHZEdZ1GcQcgwbWJMyygBcf2MsKmSS3Q 2017-09-04T21:55:04Z reserve=1 # addr=QMRdFtfAJ52hC5pL6p1xi6EUJ94C6aYSD2 hdkeypath=m/0'/0'/3'

...

L48dP3kLACS71g8czia14iJA5beepyYLBWpXgasgfHWbc8pAZZ6y 2017-09-04T21:55:04Z hdmaster=1 # addr=QaXBqRoPcFGfa3cuqYJ6nvAstZioKt2yBx hdkeypath=m

...

KyeTUmMrMezBLkTeMtjuExUxQ4Sb6KVaznCdNwaCmkwG3qSUrqsf 2017-09-04T21:55:10Z reserve=1 # addr=QZFZfsfim7os3349ydRC7F1FBqCQvmjLic hdkeypath=m/0'/0'/97'
KxXbhnbzK7Y9SrAoL196NXunUzCBT7arobxadA5UMFLEW9bQS6DQ 2017-09-04T21:55:10Z reserve=1 # addr=Qdh9sZQDd3tqT2emHsvh5Exhgf527iLG2v hdkeypath=m/0'/0'/95'
L1g2UcRTm3JyV7DRjqpKGkRbGBhdhgqVZ9GFdRnvRcQBgWt26o4q 2017-09-04T21:55:10Z reserve=1 # addr=QeV4zHE6Vb7sFYhs26R1XNMokQSr3EKpyk hdkeypath=m/0'/0'/96'
L3Sh2JsPZw8dhVFWLCh1rupSPGwtjazUhsxFhfskRRCk4AzvEz8G 2017-09-04T21:55:10Z reserve=1 # addr=QiBpoHSfGwJbtJqRsNFTua7hGaMv8zGbGe hdkeypath=m/0'/0'/100'

# End of dump

You'll notice that there are 101 addresses have been created (i.e. m/0'/0'/0' to m/0'/0'/100'), plus the hdmaster.

Backing up your wallet

Hopefully you've located your wallet.dat file (see an earlier section on where to find it). You really have 2 options for backing up your wallet:

  1. Copying the wallet.dat file to a secure location.
  2. Running the backupwallet command in the Debug Console to write the wallet file to a secure location.

If you use the first option, make sure that the Qtum wallet/node program (e.g. qtum-qt) is not running.

For the second option, you can simply type backupwallet in the Debug Console prompt for help on how to use the command (i.e. it takes 1 parameter to specify either a directory or a path with a filename).

Make sure that you put your wallet backup file in a secure location (e.g. a secure USB stick, etc.)

Encrypting Your Wallet

It is strongly recommended to make a backup of your wallet before you encrypt it.

To encrypt your wallet, select "Encrypt Wallet..." option under the "Settings" menubar:
qtumqt-encrypt-wallet.png

Next, confirm a secure passphrase that will be used to unlock your wallet.
qtumqt-encrypt-wallet-passphrase.png

Read and acknowledge the warning (and yes, please of course remember your passphrase):
qtumqt-encrypt-warning.png

After the encryption is completed, you'll get another message:
qtumqt-post-encrypt-warning.png

Click OK and let the wallet/node program (e.g. qtum-qt) shut down.

After the wallet/node program is shut down, I recommend to back-up the wallet using using the first option mentioned earlier (i.e. copy the encrypted wallet.dat file) before restarting qtum-qt.

Unlocking Your Wallet

After restarting your encrypted Qtum wallet, you'll notice the following "lock" icon at the bottom-right:
qtumqt-locked-icon.png

This means that your (encrypted) wallet is currently locked. You cannot stake QTUM coins with a locked wallet.

NOTE: The wallet may appear to be a frozen or unresponsive for a few moments after start-up. This is normal.

To unlock your wallet, select "Unlock Wallet..." option under the "Settings" menubar:
qtumqt-unlock-wallet.png

You'll then be greeted by the following window:
qtumqt-unlock-wallet-window.png

Enter the passphrase you used to encrypt your wallet. You can also choose whether you want to unlock your wallet only for staking. If this option is selected, then you (or anyone else accessing your running wallet/node) will not be able to transfer coins out of your wallet, or perform any other operations needing to access your wallet -- such as dumping your wallet to a file (e.g. using the dumpwallet command in the Debug Console). However, the backupwallet command will still work.

If your wallet is unlocked for staking only, the you'll notice the icon in the bottom-right will look like this:
qtumqt-unlocked-for-staking-icon.png

If you unlock your wallet not just for staking, you'll see a slightly different icon (and hover-over message):
qtumqt-unlocked-completely-icon.png

If you've just unlocked your wallet after encrypting it for the first time, I recommend that you take another backup.

Locking Your Wallet

To lock your wallet again (e.g. if you want to keep the wallet/node running without staking coins), then simply select the "Lock Wallet..." option under the "Settings" menubar:
qtumqt-locking-wallet.png

Restoring Your Wallet

In the event that you completely lost your running wallet (and/or blockchain block data), you can easily restore your wallet by copying your (previously) backed-up wallet file into the (OS-specific) data directory before restarting the Qtum wallet/node program (e.g. qtum-qt).

If the data directory is missing (e.g. you have a new computer), the easiest way to restore your wallet is to perform the following steps:

  1. Start the Qtum wallet/node program using the -noconnect command-line parameter so that the data directory is re-created.
  2. Once the wallet/node program is running (for about 10 seconds or so), shut it down again.
  3. Replace the wallet.dat file that was just created in the (OS-specific) data directory with your latest wallet (i.e. wallet.dat file) backup.
  4. Restart the Qtum wallet/node program without using the -noconnect command-line parameter.

The important step above is to make sure that the wallet (e.g. wallet.dat file) that you backed-up earlier is in the right (OS-specific) directory.

Advanced Topics

There are certain situations (which I won't cover here) where you may need to use the -rescan or -keypool options when recovering a wallet.

If you ever need help, I recommend that you reach out to the Qtum community on Slack, Reddit, WeChat, QQ, etc.

Final Thoughts

As you no doubt noticed, the most important part of securing your wallet is to ensure that you choose a secure passphrase that you will not forget, and that you keep multiple secure backups of your wallet (e.g. on 2 or more secure USB sticks locked away in different geographical locations).

Practically-speaking, it is common to use a USB backup along with storing your encrypted wallet in a cloud storage service (tip: use Steganography).

NOTE: In my previous tutorial, I mentioned that I would be making a post describing how to stake coins using qtumd on a cloud hosting provider. However, I've come to the conclusion that this option would be too costly (for most people). Instead, I'm preparing a guide describing how to use the Raspberry Pi 3 (model B) to stake QTUM coins.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

UPDATE: The instructions above will still work with the latest Qtum wallet (i.e. Ignition v1.0.2).

I should also mention that if you restore your wallet.dat file, you can opt to restart qtum-qt (or qtumd) with the -rescan option:

  -rescan
       Rescan the block chain for missing wallet transactions on startup

This will ensure that your wallet/node knows about the UTXOs from your restored wallet.dat file. In theory, the wallet should do this automatically, but it doesn't hurt to force it.

@cryptominder Thanks for the article. I recently tried re-opening my original QTUM wallet (ver 0.14.0). It reported 0 node connections and was unable to update the blockchain (stuck at 31 weeks behind), so effectively never opens and I am unable to access my QTUM. I therefore downloaded the latest wallet ver 0.14.3 which synchronized successfully but didn't recognize/display the QTUM from the ver. 0.14 wallet. The original wallet, when I attempt to open, now reports "Error loading block database. Do you want to rebuild the block database now?" and then gets stuck at 31 weeks behind again with 0 node connections. I tried your instructions for restoring the wallet but no data directory is re-created in Windows: %APPDATA%\Qtum (on my system I have: E:\AppData\qtum)

So now the old wallet won't sync and the new wallet won't recognize any QTUM in my wallet.dat. What am I doing wrong?

Good! I sometime post about qtum come to my steemit haha

crytpominder how i do recover my wallet on a new windows device? I have the dat file saved but don't know where to access the noconnect command line

Congratulations @cryptominder! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Thank you

Very useful article, thank you for posting. Upvoted and resteemed.

Thanks very much for the informative post!
I had this huge drama trying to find my wallet.dat file on a mac until I discovered that library files are hidden by default for Mac users. This helped me find it: http://osxdaily.com/2011/07/22/access-user-library-folder-in-os-x-lion/

I have the maxOS High Sierra and have tried uninstalling and reinstalling the newest version of Qtum but it always says connecting to peers but never syncs. What can I do?

Nice! Thanks for sharing the information!

omg. totally need a tl;dr version for those who don't know the unix shell commands.

was hoping it'd be a straightforward process, but the complexity of this makes me wanna procrastinate and just leave tokens on exchange until Qtum releases a simplified user-friendly wallet.

I guess the simplified option (for someone on Mac), could simply be to encrypt wallet before transferring anything in, then backing up the wallet.dat file - and then the password used and that backup file would be the security for accessing it and restoring if needed...?

wouldn't need to worry about anything to do with the debugging console or dumping wallet addresses to file...?

would I be correct in this assumption?

Thanks for the great information. Check out our article on qtum wallet as well when you have got a chance :)