We want to encrypt our Bitcoin wallet so attackers cannot dump the private keys, etc.
(We assume we are running a bitcoin-core node)
Help about encrypting the wallet:
$ bitcoin-cli help encryptwallet
Encrypt the wallet for the first time
First we encrypt the wallet (this works for an unencrypted wallet, for an already encrypted wallet we need to use walletpassphrasechange call):
$ bitcoin-cli encryptwallet "my_pass_phrase"
After wallet is encrypted, server will stop.
We run the server again:
$ bitcoind -daemon
Decrypt the wallet
If we try to dump private key associated to an address of ours it fails because we have not set the passphrase yet:
$ bitcoin-cli dumpprivkey "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
error code: -13
Error: Please enter the wallet passphrase with walletpassphrase first.
We enable the passphrase for 300 seconds:
$ bitcoin-cli walletpassphrase "my_pass_phrase" 300
Now we can dump the private key if we want to:
$ bitcoin-cli dumpprivkey "XXXXXXXXXXXXXXXXXXXXXXXX"
We can manually lock the wallet if we do not want to wait until timeout:
$ bitcoin-cli walletlock
Change wallet passphrase
If we want to change the wallet passphrase:
$ bitcoin-cli help walletpassphrasechange
walletpassphrasechange "oldpassphrase" "newpassphrase"
Changes the wallet passphrase from 'oldpassphrase' to 'newpassphrase'.
1. "oldpassphrase" (string) The current passphrase
2. "newpassphrase" (string) The new passphrase
$ bitcoin-cli walletpassphrasechange "old_wallet_passphrase" "my_new_wallet_passphrase"
We can now use the new passphrase:
$ bitcoin-cli walletpassphrase "my_new_wallet_passphrase" 500
$ bitcoin-cli dumpprivkey "1XXXXXXXXXXXXXXXXXXXXXXXXXXX"