Skip to content

Comments

implement loadwallet and unloadwallet RPC commands#102

Closed
hairetikos wants to merge 19 commits intoZclassicCommunity:masterfrom
hairetikos:copilot/add-loadwallet-unloadwallet-rpc
Closed

implement loadwallet and unloadwallet RPC commands#102
hairetikos wants to merge 19 commits intoZclassicCommunity:masterfrom
hairetikos:copilot/add-loadwallet-unloadwallet-rpc

Conversation

@hairetikos
Copy link

@hairetikos hairetikos commented Nov 28, 2025
edited
Loading

since zcash lacks this, we had to implement it

partially completes #101

for now, we support a single wallet being loaded, and unloaded

when loading a wallet again, a rescan is properly triggered -- this may be slow with some wallets, it is single-threaded rescan, we can consider multi-threaded upgrades in the future

however, if you load and unload and reload the same wallet, it will be fast once a single rescan has been done (ideal for when the quantum-resistant encryption is implemented)

functions that require a wallet (getbalance, etc), will fail gracefully

since this is complete, we can now work on full encryption using dm-crypt on linux, and veracrypt on mac/windows

Adds runtime wallet management via two new RPC commands. Supports single wallet at a time with secure memory wiping for Zcash/Zclassic shielded transaction types (Sprout and Sapling z-addresses).

loadwallet "filename"

  • Verifies no wallet currently loaded and file exists
  • Opens/verifies wallet database, creates CWallet instance
  • Registers as validation interface
  • Performs full blockchain rescan (required for z-addresses to rebuild witness caches)
  • Re-enables mining if configured

unloadwallet

  • Waits for pending async operations (z_sendmany, z_shieldcoinbase, z_mergetoaddress)
  • Stops mining, flushes wallet to disk
  • Securely wipes all cryptographic material via memory_cleanse():
    • Master encryption keys (vMasterKey)
    • HD seed, Sprout/Sapling spending keys, regular private keys
  • Resets BerkeleyDB environment

Implementation

  • CBasicKeyStore::CleanupKeys() - Clears all key maps (transparent, Sprout, Sapling)
  • CCryptoKeyStore::CleanupKeys() - Wipes encrypted key material before clearing
  • CWallet::CleanupForUnload() - Clears wallet state (transactions, nullifiers, metadata, master keys)
# Usage
zcl-cli unloadwallet
zcl-cli loadwallet "backup-wallet.dat"

Pattern follows existing pre_wallet_load() / post_wallet_load() in zcbenchmarks.cpp.

hairetikos and others added 19 commits November 9, 2025 18:46
@hairetikos
fix full complete sync from genesis (without fast sync)
644bb6c 
fix full complete sync from genesis (without fast sync)

Allow larger blocks for historical chain variations
@hairetikos
build curl --without-libpsl (fix builds on systems without spl)
fdd412b 
since updating the curl version to a more secure version, it will try to build with libpsl by default, which will fail on platforms without libspl

we don't need spl, so add --without-libpsl to fix those builds
@hairetikos
png logo used for ASCII art in metrics.h
501b000 
img2txt -W 88 -H 20 -f utf8 -d none contrib/newlogo.png > newlogo.ansi
@hairetikos
disable debug.log by default
11b5073 
this insecure default was inherited from zcash

debug.log contains a lot of sensitive transaction metadata, it should only be enabled for debugging purposes (hence, it is called debug.log)

disable it by default
@hairetikos
Add debuglogfile conf option since we now disable it by default
8fbb67b
@hairetikos
implement secure shredding for debug.log & onion V3 key
b7e6395 
These functions securely shred files using a 3-pass overwrite pattern, ensuring sensitive data is irrecoverable.

This is important because the `debug.log` file may contain sensitive transaction metadata.  `debug.log` should only be used for debugging purposes.

a function to also securely shred the onion V3 private key.  upon restarting the node a new V3 key and address will be auto-generated
@hairetikos
Merge pull request #8 from hairetikos/privacy
152740e 
Privacy
@hairetikos
fix face condition & file locking
f7c221b
Initial plan
a6f37ff
@hairetikos
Revert PR #8 "Privacy" - Remove shredlogs, shredonion RPC commands an…
f4d9ff9 
…d debuglogfile option

Co-authored-by: hairetikos <19870044+hairetikos@users.noreply.github.com>
@hairetikos
Add -lcurl to zcash_gtest_LDADD
791e330 
fixes building tests
@hairetikos
reverts code added for shredding - re-implement using native shred later
9d4f473 
this reverts the code added for shredding operations

will re-implement it but best to use OS-native shredding utils such as `shred`

that way we do not have to maintain the internal shredding code as filesystems etc change over time, plus `shred` is solid and well-tested and used
@hairetikos
Change fPrintToDebugLog to false
1935754
@hairetikos
add debug.log option as it's disabled by default now
08bb23b
Initial plan
eab1b0e
@hairetikos
Implement loadwallet and unloadwallet RPC commands
730f33d 
Co-authored-by: hairetikos <19870044+hairetikos@users.noreply.github.com>
@hairetikos
Address code review feedback: improve memory cleanup safety
aa1ab90 
Co-authored-by: hairetikos <19870044+hairetikos@users.noreply.github.com>
@hairetikos
Final implementation of loadwallet and unloadwallet RPC commands
9c563b3 
Co-authored-by: hairetikos <19870044+hairetikos@users.noreply.github.com>
@hairetikos
Remove accidentally committed backup file
cc30c68 
Co-authored-by: hairetikos <19870044+hairetikos@users.noreply.github.com>
@hairetikos
Copy link
Author

hairetikos commented Nov 28, 2025

will re-open with just the relevant commits cherry-picked

@hairetikos hairetikos closed this Nov 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hairetikos