So is it true that the wallet.dat file contains your public and your private key as well as the encryption you used? <- I am thinking that because you said the only thing that has to be done is to encrypt wallet (within the client) and then only safe the wallet.dat file. So the encryption must be stored in the wallet.dat file?
The wallet.dat file contains everything specific to the addresses you claim as yours. The public/private key pairs, some transaction information, etc. It is encrypted using your passphrase. What the wallet.dat file specifically contains and how it is encrypted (using I believe AES-256-CBC) is well documented elsewhere. The important takeaway from this thread is that the wallet.dat file is all you need. Everything else is generic software that everyone has.
Also if I rename the wallet.da file I would have to re-rename it to "wallet.dat" again when I want to do a transaction with it, right?
Yes. The renaiming is only for your personal reference. The client looks for a wallet.at file in the specific location (%AppData%/Protoshares for example) and creates one if it doesn't find one. When restoring your wallet from your pts_wallet.dat backup you'd need to rename it back to wallet.dat for the client to recognize and load it.
After having done a transaction there is nothing that changed within the wallet.dat file, right (its still just the public and the private key and the encryption)? So I don't have to replace this wallet.dat file that I just used with the one that I originally made a copy of, right?
The wallet.dat file holds a bit more information than that however the most import part, you are correct, is the public/private key pool. This pool has a default of 100 key pairs and gets another 100 added once they are used up.
My solution would look like this: I have one Computer with a hot wallet for daily transactions. From this wallet I send all the PTS/Coins I want to store to an address that is generated by a client on a computer with a fresh OS (this Computer has no other function; surely maleware free). Then I encrypt this wallet and safe only the wallet.dat file on a USB Stick that is encryped with TrueCrypt.
When I want to use coins I copy the wallet.dat file on the USB stick to the maleware free computer (to appdata/protoshares) and send my coins either to the hot wallet address or directly to whoever I want to send coins to... Then I erase the wallet.dat file on the maleware free computer again without saving it.
This works well. Just keep in mind that unless you send ALL your coins from your address the coins you do not send get returned to a hidden change address. So if your "fresh os" wallet has 100 PTS and you send 10 PTS to another address the remaining 90 PTS will get sent to a Change Address in your wallet - burning one of the 100 pub/priv keys in your pool. It's for this reason you need to refresh your backups every 100 transactions.
I am pretty sure I doent have maleware on my laptop because no coins have been stolen yet. But by the solution with the additional computer that has a fresh OS I can make sure that I dont copy and maleware onto the USB where I also safe my wallet.dat. Does that make sense ?!
Any flaws in there?
Other people suggest to install an OS (Linux) on an USB Stick. What advantage would that have?
Sounds like you have a good strategy. The one nice thing about Linux on a USB stick is that you can pretty much boot it with any computer and have access to an already downloaded blockchain, client, etc. in a malware/virus free environment. The client AES-256-CBC encryption for the wallet.dat is pretty good, especially if you use a good pass phrase, so you don't need to get too paranoid
.