How are the encrypted private keys stored in the Copay wallet?

[crypto-recovery]

I'm helping a client recover a lost Bitcoin.com wallet, which is a fork of the Copay wallet. The client does not have a backup file or their 12-word recovery phrase. Yes, I realize this is not supposed to be possible.

Can anyone help me understand how the encrypted private keys are stored in the Copay wallet? I found a 3-year old post suggesting that the keys are stored as a cookie in the Chrome browser (https://www.reddit.com/r/Bitcoin/comments/2cduk9/attention_if_youre_playing_around_with_copayio/). (Although this may just be for the Copay Chrome extension and it may no longer be true at all.)

Many thanks for pointers and / or explanations.

[avibrazil]

The private keys in Copay are mathematically generated from 2 or 3 pieces of information:

1. The 12-word phrase
2. (Optional) the password for the phrase
3. The derivation path (something like m/44'/0'/0')

If you have this info, you can use Copay or any BIP-44 wallet/address generator to generate the public and private keys again. Search github for Ian Coleman’s bip39 project.

If you’ve lost the 12-word phrase, say goodby to your funds.

[crypto-recovery]

Hi Avi,

Thank you, I really appreciate the reply.

However, you have explained how the keys are generated rather than how they are stored.

Once you have funded your Bitcoin.com wallet you can quit the wallet, shut down your computer, reboot it, and you can still move your funds, without entering the 12-word phrase or a passphrase. That suggests that the private key is stored on the computer somewhere (and not just in RAM).

Does that seem correct?

I'm trying to figure out where that encrypted private key is stored.

[avibrazil]

Check in the wallet interface if you can find the master private key for the account, it stars with xprv…. If you find it, there is a chance you can re-create the private keys with external software.

About internal storage only a Copay developer can help.

[dabura667]

wallets are stored as a json file that is encrypted using sjcl library with the "spending password" (which is not the same as the "salt passphrase")... or if you did not set a spending password, it is stored in plaintext.

Where it is stored depends on the OS.

iOS is the secure enclave Android is some secure storage API offered. Windows is some folder in AppData MacOS and Linux are somewhere in the Home folder under .config I think. Chrome App (has been deprecated for a while) I think stores in the normal Chrome app storage folder for the app itself.

[crypto-recovery]

Thank you, that's very helpful!

[jbarks]

have you found any luck with this?

[crypto-recovery]

I think dabura667's comment looks correct.

Is that your question? Or are you asking if I successfully recovered the wallet?

[jbarks]

if you ended up recovering the wallet. I have a similar issue - a spending pass was created without my knowledge or consent. I am digging around my mac app files but I cannot seem to find much.

[jbarks]

What I am really after is where is the password located, or in which file type. json files reveal nothing to me

[gabrielbazan7]

@jbarks hi ! if you still having problems, create a new issue and I will assist you. Thanks

[Synless]

I have a backup of all my files but I can't manage to find any traces of the private key. I still remember my spending password but not the sentence (no time to backup, unexpected factory reset).

Can someone provide more clues on where Copay stores the information of the wallet ?

[BGalliotti]

@Synless please follow #8632

Best regards.