Safety best practises

Precautions

What is going to be mentioned in this section is about general precautions for all cryptocurrencies, not just ecochain.
In the next section we are going to be specific and give instructions about Ecochain wallets.

We are very serious about security. There are two main sources of security breaches, the first one is security holes and bugs
in software. The second is uneducated or careless users and this is the common case. Following correct security practices are not
hard at all; usually users fell victims of hacking, malware or just lose their funds by accident because they didn’t follow
simple rules.

We stress the point that the following are for anyone and not only for the tech savvy. It is just common logic. Before receiving
any funds in you wallet you must already have safe backups any many places (at least two). The creation and saving of the keys
must be done in a safe way.

The steps are the following:

Download an opensource zip utility if you don’t have one.
Download a tool which can create random passwords(not online creation).
There are many for windows. For Linux or MacOS you can use pwgen command.
Length should be at least 15 characters.
Download a desktop shred utility. For windows you can use for example
CCleaner, Bitkiller, Eraser… For Linux you can use the shred command.
For MacOS use gshred. Install them from the official repository.
Go offline. That is , make sure that you have shutdown your internet connection.
Scan the programs you have just downloaded using an antivirus (windows users).
Create a random passphrase (at least 15 characters length). Use the tool that you have downloaded at step 2
Create you private keys. This depends on the type of blockchain but all wallets have
an option to export you wallet file, export you keys in plaintext or encrypted using a
passphrase, or they provide a seed (random words). If there is no export option except of setting a password (passphrase)
that means that this is probably an online centralized wallet. Never use a centralized wallet!
Even better, the wallet should be opensource.
Extract the created keys in all possible formats (even plain text). Exception is the passphrase
and/or seedphrase. This must be written down in paper using a pen in big clear handwriting, leaving some
spacing between them.
Zip all the files to one file, using the program you downloaded at step1. Zip, gzip, tar, 7zip are good examples. The important thing here
is that you zip with the option of encrypted. Click encrypted (preferably using AES-256). Provide a randomly created password here using the tool of step2.

Example for encrypting under AES-256
Try opening your encrypted zip file. You must not be able to open it without the password. Also, you must be able to
decrypt it typing the password. Do not copy-paste, read from paper to check that everything is right
Copy your encrypted zip file in two USB sticks (or burn a CD/DVD)
Permanently delete the created files(exported wallet and keys). “Move to trash” is not enough! Use the program that you have downloaded at step 3.
Now it is time to go online. If you have windows, antivirus must be on all the time.
There is a non necessary step to be taken now but we believe it can add more safety in the long run. The most often fund loss come from the fact that people lose their private keys, including backups. For example USB sticks may be inaccessible after long time. You can upload you encrypted zip file to a cloud storage (for example Dropbox, google Drive, yandex disk etc).Some people are reluctant to do that, afraiding that it is not safe. But actually it is very safe as long as the passhphrase on paper is safe. The file is encrypted under AES-256, rendering it useless to anyone that doesn’t have a passphrase. In this occasion be sure to write on paper the credentials of you cloud account as well.
Launch the desktop wallet. Whenever you want to restore the wallet, import the keys from you USB (or CD). Make sure that everything is ok.

Now you are ready. You can give you public address to anyone.

For mobile wallets the process is similar. Write down the seed on a text file(while offline). If there is no seed option you must connect you mobile using a usb cable to your PC.
Don’t send any information online!(Wechat, email or anything). After that, follow the above process (encrypted zip, saving to USB etc).

Instruction for Ecochain wallets

Core (desktop) wallet

You just need to follow the general instructions mentioned above. Some details:

At step 8 , back up your wallet (Menu File->Backup Wallet) and also extract your private keys: Menu Help->Debug Window->console and give the command
dumpwallet myfilenamehere.txt.

Check the images below:
At step 15, if you need to import the wallet (corrupted file, new OS installation , accidental delete etc) you have to options Either Restore
(Menu File->restore Wallet) or import the keys: Menu Help->Debug Window->console and give the command
importwallet myfilenamehere.txt

Troubleshooting

After importing a private key or keys you must rescan the chain. The wallet does not automatically rescan. Until rescanning the balance will be wrong (if non zero).
In some occasions the wallet may be out of sync. If you notice difference in balance between the block explorer and your wallet you must rescan. Rescanning is easy;
you just need to stop you wallet and start it again using the -rescan flag:

Sometimes, and more often in windows (it depends on filesystem type) the wallet file can be corrupted. This usually happens after an abrupt power off or a virus. Whatever
the case, the user’s coins who took precautions are not in danger. The only thing to do is to import the wallet again (or the private keys).

Often the problem is not in the wallet but in the other files (blockdata or chainstate). If you experience any problems you can restart the wallet using the flag -reindex-chainstate first. If the problem persists you must restart with -reindex flag (reindex is slower). In the rare occasion that still there
is a problem then you must redownload the whole blockchain. You must stop the wallet, delete the ecocmainnet folder and import the wallet or keys again.
Then you must wait for the blockchain to be downloaded.

One very rare occasion is the following: the user’s wallet file is corrupted. The program is not able to read all private keys, so some funds appear to be missing.
Also the user doesn’t have a backup (no precautions are taken). In this difficult occasion there is still hope. The wallet create all its private keys deterministically
from a “master” key. As long as this key is not corrupted the program can reconstruct all the keys. The user can try to run the wallet with the -salvage flag.
If he is not very unlucky he will be able to reconstruct all his keys, replacing the corrupted wallet with a functional one. It goes without saying that after the succesfful
recovery the user must immidiattely take precautions (backup wallet etc).

mobile wallet

For ecochain’s mobile wallet it is better to export the private key in “keystore” format. Check the following image:

That way it is under the protection of passphrase. We have already mentioned the process; write on paper the passphrase and transfer the file to USB stick.Here you can
skip the encryption zip step (step 9) if you are confident that you mobile’s wallet passphrase is strong enough. Else, zip-encrypt it before you transfer it to the USB stick.

Conclusion

User’s funds can stay safe if the user follows precautions and common logic. Maybe the above look like a lot at first glance. But keep in mind that:

The above process is to take about 10-15minutes.
The above process need to be done only once
It is simple to carry on, it not rocket science
It provides peace of mind
It secures your wallet permanently(as long as the user doesn’t do something dangerous, ie share your keys to the world)