BitBoxSwiss
[Feature Request] Allow Encryption of Watch only wallets on Desktop App with a Password
I think that this feature is vital given watch only wallets have been a thing for a while now in the BitBoxApp.
It's not encouraging good security practices if there isn't even an 'advanced' option for this imo.
Yes please, I'm waiting for it too. Either with password or with hardware wallet decryption. The latter is just not a watch only wallet. Maybe a way to set it the way someone wants it
Unfortunately it's not an easy feature as it involves encrypting ondisk data (which is not easy with our current DB setup) and has lots of edge cases and UX considerations.
This, coupled with the fact that one can work around this issue (albeit suboptimally) by having full-disk encryption on the computer and by password-locking the computer when leaving it, made this issue a lower priority than other feature/product requests.
Thanks for the response, but this isn’t a minor issue. Encryption for watch-only wallets is a basic security feature and shouldn’t be dismissed just because it’s “hard” to implement.
Full-disk encryption and locking the computer don’t protect wallet data specifically. Users shouldn’t have to rely on a blanket approach to secure sensitive wallet information. There are plenty of other apps, like Sparrow, that encrypt wallet data directly, rather than depending on system-wide security measures. These apps prioritize wallet-level encryption because it’s the right way to ensure user data is protected.
This type of thinking makes me uncomfortable because it raises questions about what other shortcuts you might have taken when it comes to security. This isn’t a "nice to have" feature, it’s a basic security requirement and should be prioritized.
Thanks for your feedback. I understand your concern, and I personally also hope that we can get around to this sooner than later. Unfortunately I can't promise it. The reality is that every feature is a tradeoff, and sometimes it's hard to prioritize features so that everyone is satisfied.
If you find full-disk encryption and locking your computer unacceptable as a workaround, it may be better to use Sparrow instead in the meantime, which natively supports BitBox02. We'll keep this issue updated.
@craigraw could you post some experience with the encryption approach in Sparrow?
- What DB do you use?
- at which level is encryption applied? Is it the whole DB encrypted or the entries in it?
- Is the whole DB contents loaded in RAM or are query results decrypted in a streaming fashion?
Would appreciate insights here.
I appreciate the reply once again.
I would still say that i wouldn't consider this a 'feature' as this would suggest that it is a non-necessary luxury but frankly any app that handles sensitive data would be laughed off if they said you should rely on LUKS for example. I cannot imagine sparrow, keepass, standard notes, ente and the proton suite (all tools that handle sensitive data for example) ever being taken seriously if they didn't have their own tailored encryption. Being able to transact and store the data securely seem's like the basic functionality of a HWW and software wallet combination in my eyes so please correct me if i'm wrong and the long term goal was to keep data unencrypted. This would supersede the wants of 'silent payment' (as an example) in my opinion as that is not necessary for everyone and has near zero adoption yet was prioritised.
Unfortunately sparrow does not deal with stables (for good reason) so I don't have an option that I can use that is solid.
I apologise for being blunt but I had assumed that this would be a feature that would roll out after watch only did maybe a year ago now and I consider this non negotiable.
Sparrow uses H2, fully encrypting the database with Argon2di as the key derivation function whenever a password is supplied. It also encrypts any private key material within the database separately with AES. Public keys are kept in RAM while the wallet is open. Private keys are loaded as needed (hence asking again for a password), used and that memory is then cleared immediately.
