Walletwasabi: Delete Wallet Button

It might be better to do a Hide/Archive feature instead. We could then put a button or menu to show hidden/archived wallets

Yes, that might be enough for some cases.

But one user wants to delete the cold card skeleton wallet file from the laptop to ensure that the xpub does not leak. So in this case, archiving would not solve the issue...

That user was me, Max. I go by duly_noded on Telegram & Twitter.

Another option would be adding the ability to encrypt wallet files. Wallets on Wasabi are created using the BIP39 seed/password combination. To avoid confusion, once a wallet is created using the BIP39 seed/password combination the wallet file could also be encrypted using the same password that was used to create the wallet xpriv/xpub. That would also help avoid some of the lost coin/password issues that have taken place with Wasabi as it would require a user to know the password to load (and fund) the wallet.

Nevertheless, I've tried quite a few wallets over the years and I can't think of any that allow the loading and viewing of a wallet without a password or pin. Technically, Electrum does, but it at least offers a wallet encryption password when the wallet is created.

As I mentioned on Telegram, I've made my own workaround with a bash script but I still think that Wasabi should not store coldcard wallets locally. I think any user advanced enough to be using the microSD feature and creating PSBT's will realize that if they start Wasabi and their coldcard wallet is no longer listed, it still exists on the microSD or can be regenerated at any time with the coldcard.

I would discourage anyone working on this. Deleting wallet also means deleting wallet related meta data, which is always expected to change, so this will be huge maintenance burden.

Also it's dangerous.

nopara73,
are you saying it's dangerous if I delete a local copy of a coldcard wallet after I exit wasabi?

I agree with your feature request to encrypt the sensitive public keys of the wallet. Currently, anyone with access to the hardware can fully de-anonymize the user. Yes, of course when the attacker has the hardware, most likely everything is screwed. But I think we should be as secure as possible. Well, this encryption is an entirely other issue...

In regards of deleting only the cold card watch only wallet, the issue here is that Wasabi should not even know which hardware wallet is signing - and to encode the logic to check which wallet it is, and then delete only a certain one has lot's of complexity. This is for me a concept NACK, though maybe there's a nice way of implementing this.

Thanks for your considered thoughts, Max.

I'm not attached to any particular solution to this. My desire to anonymize the xpub (and the hardware wallet type, for that matter) for any hardware wallets is exactly aimed at mitigating the notion that "when the attacker has the hardware, most likely everything is screwed".

As it is, wasabi clearly does know what hardware wallet is signing, and keeps a local copy of that info in cleartext after wasabi is shutdown.

I mentioned in an earlier conversation that I would just implement a bash script that deletes my local coldcard wallet json upon shutdown. After seeing nopara73's remark about that being a potential problem, perhaps it would be better if I make my script instead encrypt/decrypt my local coldcard wallet file.

I welcome any further thoughts by you or anyone, and appreciate your time.

Ok, so I'd say that we agree, concept NACK for deleting wallet. If you agree, please close the issue :)

@davterra, I really would like to see proper encryption of all sensitive data in Wasabi. If you have a working script, can you please make it public? Maybe even better, do you think you can work on a PR that does this within Wasabi?

I've opened issue #1870 to continue the conversation under the proper title.

Yes, agreed on deleting and I will close this issue. I don't yet have an encryption script and I'm leaving for a camping trip in a couple of hours. I will revisit next week.

I'm actually a bit of a noob when it comes to github, filing issues, and PR's, etc. You opened this issue pursuant to a conversation we had on Telegram. Am I even able to close it?

I meant it's dangerous for most people, probably not for those ones who can use GitHub:)

Agree with this. This must be an option as @MaxHillebrand describes in the first comment.