The Safe (Wallet)
The Safe (src/wallet/): How Bitcoin Keeps Your Money Secure
While the rest of Bitcoin Core is focused on the Public ledger and the Global network, the src/wallet/ directory is focused entirely on You. This is the Safe where your secret keys are stored. This folder contains the most sensitive and important code for you as a user, as it governs the ownership of your wealth. It is the only part of the program that knows your personal secrets, and it is built like a digital fortress to ensure those secrets never leak.
The Key to the Vault: Private Keys vs. Public Addresses
A common mistake for non-coders is thinking that your Bitcoin "is in" your wallet. It’s not. Your Bitcoin is always "on the blockchain" (the public ledger managed by the Librarian in Section 4). What your wallet holds are the Private Keys.
-
The Public Address: This is like your email address or your bank account number. You can give it to anyone so they can send you money.
-
The Private Key: This is like the password to your email or the physical key to a safe. If you lose it, you can't get in. If someone steals it, they own everything inside. The Safe architecture is designed to generate these keys, store them securely on your hard drive, and use them to "Sign" transactions when you want to spend money.
Hierarchical Deterministic (HD) Wallets: The "Seed" Concept
Modern Bitcoin wallets (since 2013) use a technology called HD Wallets (defined in src/wallet/hdwallet.cpp).
The Analogy: Imagine you have a single "Magic Seed." If you plant this seed, it grows into a tree with 1,000 branches. On each branch is a different safe with its own key.
-
You only need to remember the Seed (usually a list of 12 or 24 words).
-
If your computer explodes, you can take those 24 words to a new computer, and the software will "re-grow" the exact same tree with all 1,000 safes. The code in
src/wallet/handles the complex math of deriving thousands of keys from a single seed, ensuring that you never have to "back up" your wallet more than once.
The Coin Selector: The Math of Spending
When you decide to send 1 BTC to a friend, the code in src/wallet/spend.cpp becomes the "Coin Selector." It looks through your safe for all the "small change" (UTXOs) you've received over the years and tries to find the best combination to make up exactly 1 BTC.
// src/wallet/spend.cpp - The Coin Selection Algorithm (Knapsack)
bool CWallet::SelectCoins(const std::vector<COutput>& vAvailableCoins, ...) {
// 1. Look at all the 'unspent' coins in the safe.
// 2. We have a 0.5 BTC coin from last year and a 0.6 BTC coin from today.
// 3. We use a "Knapsack" algorithm to find the perfect combo.
// 4. We want to avoid creating tiny "dust" coins that are expensive to spend.
return KnapsackSolver(nTargetValue, vCoins, setCoinsRet, nValueRet);
}
The Non-Coder's Technical Deep Dive: Imagine you're at a grocery store and your total is $10.75. You open your physical wallet and find a $20 bill, a $10 bill, three $1 bills, and a handful of quarters. You have several ways to pay:
-
You could give the $20, but then you get $9.25 in change.
-
You could give the $10 and three quarters. The "Safe" code does this math for you in a fraction of a second. It chooses the best "coins" to spend to keep your wallet "clean" and, more importantly, to ensure you pay the lowest possible transaction fee to the miners. If the code chooses a poor combination, your transaction might be twice as "heavy," meaning you'd have to pay twice as much in fees.
The Shield: Encryption and the Crypter
Because your private keys are so valuable, the Safe is protected by a powerful encryption layer found in src/wallet/crypter.cpp. When you set a "Passphrase" on your wallet, the code uses a mathematical "Grinder" called AES-256-CBC.
-
The Grind: It takes your keys and turns them into random-looking gibberish.
-
The Unlock: To spend money, you provide your password. The "Crypter" uses your password to temporarily "Un-grind" the keys in your computer's RAM.
-
The Architect's Note: The keys are never written to the hard drive in an un-ground (unencrypted) state. Even if a hacker steals your entire
wallet.datfile, they cannot see your keys without your password. It would take all the computers on Earth billions of years to guess a strong password. This encryption is the "Thick Steel Door" of the safe.
Privacy: The "Change" Address System
Every time you spend Bitcoin, the Safe automatically creates a Change Address. The Process:
-
You have a "bill" for 10 BTC.
-
You want to pay Bob 1 BTC.
-
Your wallet sends 1 BTC to Bob and 9 BTC back to yourself at a brand-new address that you've never used before. This is a core architectural feature for privacy. It makes it harder for a random person on the internet to track your total wealth, because they don't know which of those two "payments" went to Bob and which one went back to you. The code in
src/wallet/manages this complex "shell game" automatically so you don't have to think about it.
The Database: wallet.dat (The Inventory)
The wallet keeps its own mini-library (using the Librarian's tools from Section 4) to store your transaction history. This is usually stored in a file called wallet.dat. It contains:
-
Your master seed.
-
Your address book (people you've sent money to).
-
Your labels (e.g., "Money from Grandma").
-
Your "Keypool" (a pre-generated stack of 1,000 keys so your wallet is always ready to receive money).
Summary of Section 7
The src/wallet/ architecture is designed for Financial Sovereignty. It gives you the power to be your own bank, providing professional-grade security, automated coin management, and robust encryption. It is the part of Bitcoin Core that turns a network participant into a true Owner of digital property. The Safe ensures that even in a world of hackers and spies, your wealth remains private, secure, and entirely under your control.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: