# Gavin Andresen # 2011-12-21 00:38:40 # https://bitcointalk.org/index.php?topic=34028.msg656908#msg656908 RE: documentation about key encryption: @p{par} See the comment at the top of crypter.h: @p{par} Code: Private key encryption is done based on a CMasterKey, @p{brk} which holds a salt and random encryption key. @p{par} CMasterKeys are encrypted using AES-256-CBC using a key @p{brk} derived using derivation method nDerivationMethod @p{brk} (0 == EVP_sha512()) and derivation iterations nDeriveIterations. @p{brk} vchOtherDerivationParameters is provided for alternative algorithms @p{brk} which may require more parameters (such as scrypt). @p{par} Wallet Private Keys are then encrypted using AES-256-CBC @p{brk} with the double-sha256 of the public key as the IV, and the @p{brk} master key's key as the encryption key (see keystore.[ch]). @p{brk} @p{brk} The way I think of it: Take the passphrase and salt and SHA512-hash them nDerivationIterations times. That gets you an encryption key and initialization vector. @p{par} Use those to AES-256-decrypt the encrypted_key master key. @p{par} Now you can AES-256-decrypt the private keys, using the master key as the key and the (double-sha256-hash) PUBLIC part of the keypair as the initialization vector. @p{par} The "SHA-512-hash them a bunch of times" is actually done by the OpenSSL EVP_BytesToKey routine@p{--} documentation for that is here: @s{(link)} @p{par} @p{brk}