Is there sensitive data in the <chain>/wallet directory?

+2 votes
Is all sensitive information (i.e., private keys) contained in the wallet.dat file, and the wallet dir is only stuff like pub keys & watch only addresses? Or is there sensitive info in the folder files also?

I'm looking at backup & restore procedures, and want to make sure I understand what file(s) I should be most paranoid about.


asked Sep 13, 2019 by untom

1 Answer

0 votes
Please see this page which has detailed information about backup and restore:
answered Sep 16, 2019 by MultiChain
Thank you. I understand that keys are kept in the wallet.dat file. I'm asking if sensitive information is kept ONLY there. There're a number of DB folders - including one also named 'wallet'.

Based on what I've read, it seems a reasonable assumption that sensitive information is confined to that file; but for security audits including MultiChain, an explicit explanation of how sensitive information is managed could be helpful.

Is it safe to say that
 - all private keys MultiChain stores are kept in the wallet.dat file, and nowhere else?
 - other than the wallet.dat file (and multichain.conf for the RPC password), all other data kept by a node is non-sensitive. This may include info such as asset/stream subscriptions, watched addresses, & chain state information that could be reconstructed by inspecting the chain.

Yes, in general everything can be recovered from the blockchain apart from a node's private keys, which are in the wallet.dat file. The wallet directory contains information which can be recovered from the chain if need be.

Also as you say, there is the multichain.conf file which contains RPC credentials.

Finally, depending on how you're using MultiChain, you might want to think about off-chain data (in the chunks directory). Off-chain data will only be replicated to other nodes which are subscribed to a stream, rather than all nodes in the network. And if some subscribed nodes are running MultiChain Enterprise, they may not have retrieved the data for every off-chain item, or may have purged some.