_ Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top up vote 3 down vote favorite After the heartbleed vulnerability, I'm concerned that my private keys could have been compromised.I want to send all my coins to a new address with a freshly generated key.However, if I just ask the Bitcoin Core client to generate a new address, it will just select one from the existing keypool.The keypool keys may also have been compromised, so I don't want to use them.I want a key that is really brand new.Short of asking Bitcoin to generate hundreds of new addresses to exhaust the keypool, is there a way to flush the keypool and start getting fresh addresses?I understand this happens when you encrypt a wallet, but I prefer not to do that.(Anyway, if my wallet was already encrypted, that wouldn't be an option.)bitcoin-core private-key keypool up vote 2 down vote If you call getnewaddress 100 times (via RPC for bitcoind, in the debug console for Bitcoin-Qt), the key pool is flushed.

After that, you can request one more new address and send all your funds there.up vote 1 down vote You have probably considered it already, but the only thing I can think of, is to create a new wallet.Make a new wallet, and get an address from it Backup your old wallet Delete the old wallet from the Bitcoin directory Start Bitcoin Core (it'll create a new wallet).bitcoin eltávolításaCopy a receive address from the new wallet.gui bitcoinClose Bitcoin Core Transfer the bitcoins from the old wallet Backup your new wallet.juho eerola bitcoinReplace the new wallet in the Bitcoin directory with your old wallet.bitcoin gain calculator

Start Bitcoin Core Send your Bitcoins to the previously copied address from the new wallet Close Bitcoin Core Replace the old wallet in the Bitcoin directory with your new wallet.Keep the backup of the old wallet, to be able to check old transactional data, and addresses you've sent to, or if someone unexpectedly sends you bitcoins to an old address.up vote 1 down vote What I ended up doing was more or less what Pieter Wuille suggests: write a small shell script to call bitcoind getrawchangeaddress more than 100 times.gbbg bitcoin(Using getnewaddress would have cluttered my list of receiving addresses.)bitcoin glassdoorBrowse other questions tagged bitcoin-core private-key keypool or ask your own question.Jump to: , This page describes the algorithm used for encrypting the wallet.dat file used in the original Bitcoin client.

Wallet encryption uses to encrypt only the private keys that are held in a wallet.The keys are encrypted with a master key which is entirely random.This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA-512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change).Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.At runtime, the client loads the wallet as it normally would, however the keystore stores the keys in encrypted form.When the passphrase is required (to top up keypool or send coins) it will either be queried by a GUI prompt, or must first be entered with the walletpassphrase RPC command.

This will change the wallet to "unlocked" state where the unencrypted master key is stored in memory (in the case of GUI, only for long enough to complete the requested operation, in RPC, for as long as is specified by the second parameter to walletpassphrase).The wallet is then locked (or can be manually locked using the walletlock RPC command) and the unencrypted master key is removed from memory.When the wallet is locked, calls to sendtoaddress, sendfrom, sendmany, and keypoolrefill will return Error -13: "Error: Please enter the wallet passphrase with walletpassphrase first."When the wallet is unlocked, calls to walletpassphrase will fail.When a wallet is encrypted, the passphrase is required to top up the keypool, thus, if the passphrase is rarely entered, it is possible that keypool might run out.In this case, the default key will be used as the target for payouts for mining, and calls to getnewaddress and getaccount address will return an error.

In order to prevent such cases, the keypool is automatically refilled when walletpassphrase is called with a correct passphrase and when topupkeypool is called (while the wallet is unlocked).Note that the keypool continues to be topped up on various occasions when a new key from pool is used and the wallet is unlocked (or unencrypted).When wallet passphrase enrcyption becomes enabled, any unused keys from the keypool are flushed (marked as used) and new keys protected with encyption are added.For this reason, make a new backup of your wallet so that you will be able to recover the keys from the new key pool should access to your backups be necessary.Comments Open listunspent is really slow Sign up for free to join this conversation on GitHub.Already have an account?Sign in to comment You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Bitcoin Core has a Hierarchical Deterministic Wallet (HD wallet/BIP32) since version 0.13.

A HD wallet is a system that derives all keys from a single starting point called the ‘seed’.This allows users to only back-up their wallet once and all future generated keys can be re-generated starting from the seed.To speed up review and deployment the first version of HD wallet in Bitcoin Core was made simple without many bells and whistles.Now new features are being added to the wallet, like this HD wallet auto-restore, which ensures it always checks the keypool when synchronizing with the node and that the amount of unused keys it searches for is large enough.Jonasschnelli, the author of the PR, has a few question for discussion.He’d like to know whether we should try to always restore funds, or check for the wallet’s best seen block and compare it with the newest block from the node, and only then restore.He thinks we should only restore when the best seen block lacks behind as encrypted wallets may need to unlock to generate new keys and for performance reasons.Achow101 thinks it could prompt the user when the GUI pops up if it needs to generate more keys.

However, it should also work in the command line interface, which is harder to solve that way.BlueMatt proposes to stop updating the best seen block when the keypool is small enough and do a re-scan from that height when the wallet unlocks and the keypool is extended.Sipa notes the pruned nodes also need to stop pruning.Another question is how much the gap limit in the keypool should be.Currently this is 100, but that seems too low.The current bottleneck is the derivation time, which is a problem with Berkeley DB flushing.Fixing the Berkeley DB issue would result in a massive improvement and would allow to bump the keypool to something like 1000 or 10000.Currently pruned nodes don’t advertise themself as having any blocks, and as a result they don’t serve any blocks to other peers.As the blockchain size continues to grow it’s likely the amount of pruned nodes will rise in the future.Non-pruned full nodes advertise themself by NODE_NETWORK, Jonasschnelli proposes to make a message that advertise pruned nodes that relay and are able to serve the last 144 blocks (1 day worth of blocks), namely NODE_NETWORK_LIMITED.

Previous discussions on this subject led to the conclusion of using two service bits, for 144 blocks and ~1000 blocks.The only thing to bikeshed about is how high we need to cutoff, as it should be at least a couple of blocks higher because of reorgs/boundary.Gmaxwell proposes to use the existing pruning minimum of 288 blocks.Jonasschnelli thinks we should allow the current pruning peers that’ve set prune=550 (550MB, which is the minimum) to signal relay and a limited amount of blocks around the latest block (10), as this would lower the bandwidth requirements by not having to serve historical blocks.Gmaxwell notes there are other ways of limiting bandwidth and we don’t have signaling room to send out every variation of block relay.There’s also been reorgs of more than 10 blocks deep (like BIP50), so this would cause many problems if all your peers only serve 10 blocks.Luke-jr proposed to let bitcoind and bitcoin-qt expire after 7-8 years of no updates.As it’s assumed that within 7 years the software will become obsolete, as softforks and maybe hardforks will render it insecure as well as exploits during that time.