Can you stop a node from storing private keys in it's wallet?

Question

If anyone-can-connect is set true to create a public blockchain, a node owner can maliciously generate and store private keys on the node and then provide them to users.

I was wondering if there is a way to either limit the capability of nodes to create addresses or to remove the capability to store private keys in the wallet

Answer 1

I can't see why there would be a need to prevent nodes creating additional addresses. In any event, there's no way you could ever control that from the blockchain since it's just a local action that takes place on the node, and any user can install a modified version of MultiChain to work around an official restriction. The point of permissioning on the blockchain is to only allow certain addresses to connect, send, receive, etc... – that is the direction I believe you should be looking in to restrict address usage.

Comments

I was looking through this behavior while waiting for a fix for the connect delima, because, as you know, currently any node with activate or admin permission can halt the whole network. Because of that, I am considering scenarios with anyone-can-connect is true. Thank for your response

Answer 2

I think multichain's cold wallet is a feature that prevents this.

Comments

Thank you for you response, but I don't see how a cold node would prevent this behavior.

Cold nodes are just normal nodes that you cannot remotely connect to.
That won't stop a node on a public blockchain or a compromised node on a private one from generating new addresses using `getnewaddress` and saving the private key in the node.

Would you please further explain your answer?

---

Surely if the owner is using getnewaddress instead of createkeypairs then it would not help as the new addresses are generated on the node itself and therefore the private key would get stored in that node wallet only.

---

exactly, that's why I am asking if there is a way to prevent or control such behavior