Encrypting, Backing-Up, and Restoring Your Qtum Wallet
This post describes how to encrypt, backup, and restore your Qtum wallet.
Encrypting your wallet makes it difficult for your wallet to be opened (and used) without your passphrase. Similarly, having multiple secure backups of your wallet is also important to prevent losing your Qtum coins.
NOTE: This is not an official post from the Qtum (Quantum) team. I'm merely a fan.
Before proceeding, I want to make the following very clear:
- I recommend that you backup your wallet BEFORE encrypting your wallet, "just in case".
- Encrypting your wallet will change your HD wallet's master private key (see below for details). Make sure that you do not use your older wallet after it has been encrypted.
- If you want to copy or move the wallet file (e.g. wallet.dat), make sure to shut down your wallet/node program (e.g. qtum-qt) first.
- When encrypting your wallet, it is recommended to have started the wallet/node program (e.g. qtum-qt) with the
-noconnectoption (see below for details).
- If you encrypted your wallet, you must unlock it (at least "just for staking") to stake QTUM coins.
- It is virtually impossible/unpractical to create a perfectly (100% guaranteed) secure system. As such, there will always be some risk in performing security-related operations (e.g. such as typing a passphrase, etc.)
This will also be repeated in the text below, but keep the guidance given above in mind.
As before, I will be making the following assumptions in this guide:
- You are using either macOS/OSX or Linux (e.g. x86_64/amd64 Ubuntu 16.04). My screenshots will be from macOS.
- You are familiar with using the Unix shell (e.g. bash), Unix commands, and tools (e.g. tar). For Windows users, you'll need to find the equivalent commands (feel free to ask for help in the comments -- or, even better, join the Qtum community on Slack or Reddit).
The qtum-qt GUI wallet will be used in this guide, however the qtumd wallet could also be used (with the qtum-cli tool).
Installing and Starting the Qtum Wallet
NOTE: It is not necessary to download the Qtum blockchain for this guide, so it is recommended that you specify the following command-line parameter:
$ bin/qtum-qt -noconnect
-noconnect will prevent the qtum-qt (or qtumd) wallet/node from downloading the blockchain. For this guide, we're only going to be operating on the wallet.
Even with the
-noconnect command-line, the wallet will show a warning and appear to want to connect to the Qtum network -- but it really isn't (this minor annoyance will be fixed as part of issue #315). You can dismiss/hide the warning.
You'll recall that the wallet file (i.e. wallet.dat, by default) is installed (by default) in the following OS-specific directory:
- On Linux: ~/.qtum
- On macOS/OSX: ~/Library/Application Support/Qtum
- On Windows: %APPDATA%\Qtum
Please make sure that you are able to find your wallet.dat file. We'll be working with this file later.
The Debug Console
The qtum-qt GUI wallet contains a built-in "debug" console that you can use to interface with the wallet (beyond what the GUI normally offers). Using the Debug Console is more or less equivalent to using the bin/qtum-cli tool (i.e. making RPC calls).
To access the Debug Console, select "Debug window" under the "Help" menubar:
Next, select the Console tab:
At the prompt (at the bottom) you can type commands such as
After pressing Enter/Return, you'll get a result:
You can type
help to get a listing of available commands.
Unless you've (oddly) specified otherwise (using a special command-line option), the Qtum wallet is an HD Wallet. In simple terms, this means that the addresses created by your wallet are pre-determined. This is useful since you don't need to back-up your wallet each time it allocates a new Qtum address. By default the wallet will pre-create 100 addresses, and it will take care of adding more addresses as needed.
As noted in the Caveat section, if you encrypt your wallet it will also change the master private key -- which means that future (pre-determined) addresses (beyond what was in your wallet when you encrypted it) will change.
Optional (unsecure): Dumping the wallet addresses to a file
As an (optional) unsecure activity to view the pre-created HD wallet addresses, you can dump the keys and addresses within your wallet to a file. The wallet dump file will contain all of your (private) keys and their associated Qtum addresses -- so this is not a recommended activity to perform on a wallet you intend to keep secure.
You may want to specify the
-datadir=<some_temporary_directory> command-line parameter (in addition to
-noconnect) to your wallet/node program (e.g. qtum-qt) just to perform this activity. This will create a new wallet (i.e. wallet.dat file) and other files and directories at the specified (temporary data directory) location. After performing this activity, feel free to delete the temporary data directory.
Using the Debug Console (see above), enter the following:
> dumpwallet /tmp/wallet_dump.txt
/tmp/wallet_dump.txt (above) with a directory/filename of your preference.
/tmp/wallet_dump.txt in your favourite text editor. You'll notice it contains something like this:
# Wallet dump created by Qtum v0.14.2.0-797c365-dirty # * Created on 2017-09-04T22:01:27Z # * Best block at time of backup was 16752 (9d57d56217fff0ba9fe948189529b6b05eab9634b511b96fad7665f2a6685a83), # mined on 2017-09-04T22:00:32Z # extended private masterkey: xprv9s21ZrQH143K32GwedMSgRTR4dFQeHX27y8QpyzdoUv58e9n4MfJiEwyAvJc974i48GGJMqrhA2tPQyYyr7FrUnh7vwUN3wUo2bUFCuj4w2 L1Pu11NpYqNcozCYFpojbAff3sCMRoubgSJHN6S8Vc3BD8qaeug5 2017-09-04T21:55:04Z reserve=1 # addr=QLf8eTZwSMEsud9P1gBWUb4HM6u9asTH1o hdkeypath=m/0'/0'/9' KwwnFgfhdNEm6ZeNZpf5Q77oBymcT6hgDY9DNaHF3xbM5PdLUQwP 2017-09-04T21:55:04Z label= # addr=QM4SUqLkzoMM5TStmNeWQU18wbqzbNtUDo hdkeypath=m/0'/0'/0' L5DbkJaPBDMiPApP43fzaHZEdZ1GcQcgwbWJMyygBcf2MsKmSS3Q 2017-09-04T21:55:04Z reserve=1 # addr=QMRdFtfAJ52hC5pL6p1xi6EUJ94C6aYSD2 hdkeypath=m/0'/0'/3' ... L48dP3kLACS71g8czia14iJA5beepyYLBWpXgasgfHWbc8pAZZ6y 2017-09-04T21:55:04Z hdmaster=1 # addr=QaXBqRoPcFGfa3cuqYJ6nvAstZioKt2yBx hdkeypath=m ... KyeTUmMrMezBLkTeMtjuExUxQ4Sb6KVaznCdNwaCmkwG3qSUrqsf 2017-09-04T21:55:10Z reserve=1 # addr=QZFZfsfim7os3349ydRC7F1FBqCQvmjLic hdkeypath=m/0'/0'/97' KxXbhnbzK7Y9SrAoL196NXunUzCBT7arobxadA5UMFLEW9bQS6DQ 2017-09-04T21:55:10Z reserve=1 # addr=Qdh9sZQDd3tqT2emHsvh5Exhgf527iLG2v hdkeypath=m/0'/0'/95' L1g2UcRTm3JyV7DRjqpKGkRbGBhdhgqVZ9GFdRnvRcQBgWt26o4q 2017-09-04T21:55:10Z reserve=1 # addr=QeV4zHE6Vb7sFYhs26R1XNMokQSr3EKpyk hdkeypath=m/0'/0'/96' L3Sh2JsPZw8dhVFWLCh1rupSPGwtjazUhsxFhfskRRCk4AzvEz8G 2017-09-04T21:55:10Z reserve=1 # addr=QiBpoHSfGwJbtJqRsNFTua7hGaMv8zGbGe hdkeypath=m/0'/0'/100' # End of dump
You'll notice that there are 101 addresses have been created (i.e.
m/0'/0'/100'), plus the
Backing up your wallet
Hopefully you've located your wallet.dat file (see an earlier section on where to find it). You really have 2 options for backing up your wallet:
- Copying the wallet.dat file to a secure location.
- Running the
backupwalletcommand in the Debug Console to write the wallet file to a secure location.
If you use the first option, make sure that the Qtum wallet/node program (e.g. qtum-qt) is not running.
For the second option, you can simply type
backupwallet in the Debug Console prompt for help on how to use the command (i.e. it takes 1 parameter to specify either a directory or a path with a filename).
Make sure that you put your wallet backup file in a secure location (e.g. a secure USB stick, etc.)
Encrypting Your Wallet
It is strongly recommended to make a backup of your wallet before you encrypt it.
To encrypt your wallet, select "Encrypt Wallet..." option under the "Settings" menubar:
Next, confirm a secure passphrase that will be used to unlock your wallet.
Read and acknowledge the warning (and yes, please of course remember your passphrase):
After the encryption is completed, you'll get another message:
Click OK and let the wallet/node program (e.g. qtum-qt) shut down.
After the wallet/node program is shut down, I recommend to back-up the wallet using using the first option mentioned earlier (i.e. copy the encrypted wallet.dat file) before restarting qtum-qt.
Unlocking Your Wallet
After restarting your encrypted Qtum wallet, you'll notice the following "lock" icon at the bottom-right:
This means that your (encrypted) wallet is currently locked. You cannot stake QTUM coins with a locked wallet.
NOTE: The wallet may appear to be a frozen or unresponsive for a few moments after start-up. This is normal.
To unlock your wallet, select "Unlock Wallet..." option under the "Settings" menubar:
You'll then be greeted by the following window:
Enter the passphrase you used to encrypt your wallet. You can also choose whether you want to unlock your wallet only for staking. If this option is selected, then you (or anyone else accessing your running wallet/node) will not be able to transfer coins out of your wallet, or perform any other operations needing to access your wallet -- such as dumping your wallet to a file (e.g. using the
dumpwallet command in the Debug Console). However, the
backupwallet command will still work.
If your wallet is unlocked for staking only, the you'll notice the icon in the bottom-right will look like this:
If you unlock your wallet not just for staking, you'll see a slightly different icon (and hover-over message):
If you've just unlocked your wallet after encrypting it for the first time, I recommend that you take another backup.
Locking Your Wallet
To lock your wallet again (e.g. if you want to keep the wallet/node running without staking coins), then simply select the "Lock Wallet..." option under the "Settings" menubar:
Restoring Your Wallet
In the event that you completely lost your running wallet (and/or blockchain block data), you can easily restore your wallet by copying your (previously) backed-up wallet file into the (OS-specific) data directory before restarting the Qtum wallet/node program (e.g. qtum-qt).
If the data directory is missing (e.g. you have a new computer), the easiest way to restore your wallet is to perform the following steps:
- Start the Qtum wallet/node program using the
-noconnectcommand-line parameter so that the data directory is re-created.
- Once the wallet/node program is running (for about 10 seconds or so), shut it down again.
- Replace the wallet.dat file that was just created in the (OS-specific) data directory with your latest wallet (i.e. wallet.dat file) backup.
- Restart the Qtum wallet/node program without using the
The important step above is to make sure that the wallet (e.g. wallet.dat file) that you backed-up earlier is in the right (OS-specific) directory.
There are certain situations (which I won't cover here) where you may need to use the
-keypool options when recovering a wallet.
As you no doubt noticed, the most important part of securing your wallet is to ensure that you choose a secure passphrase that you will not forget, and that you keep multiple secure backups of your wallet (e.g. on 2 or more secure USB sticks locked away in different geographical locations).
Practically-speaking, it is common to use a USB backup along with storing your encrypted wallet in a cloud storage service (tip: use Steganography).
NOTE: In my previous tutorial, I mentioned that I would be making a post describing how to stake coins using qtumd on a cloud hosting provider. However, I've come to the conclusion that this option would be too costly (for most people). Instead, I'm preparing a guide describing how to use the Raspberry Pi 3 (model B) to stake QTUM coins.