Author Topic: [Request Review] Python Code for PrivKey/Address Creation [ColdStorage]  (Read 7944 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I am a coffee script noobie and just dont yet know how to use it that way ;)

the huge js file has be deplpyed by the bitsharesJS library from the bishares github account .. i am just using it ..

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Cool. A JavaScript version with all necessary dependencies bundled would probably be ideal, since everyone has a browser that can run it.
...
Anyway, it would be ideal to have all of the above in both a self-contained executable with absolutely minimal dependencies that runs a CLI version of the tool, as well as a Javascript  version that provides a more familiar UI interface that people can run in the browser of a live Linux environment.

If you are brave .. you can give this a try:
https://github.com/xeroc/jshares/archive/master.zip
Download the zip file .. unpack it and run the html file in the browser ..
it will randomly choose a private key and print the public key, private key, and bts address for it in text format and as QR code ..

Nice. Seems to work on Chrome.

Is there a reason you have a huge crypto library mixed in together with the BitShares specific code in a single file? It would make sense to to me to split those up to the BitShares specific code which is easier to study in its own file and a separate minified crypto library. Then people could also replace the various libraries script files with ones from their original sources and if they trust the original sources, they would only have to audit the BitShares specific part.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Cool. A JavaScript version with all necessary dependencies bundled would probably be ideal, since everyone has a browser that can run it.
...
Anyway, it would be ideal to have all of the above in both a self-contained executable with absolutely minimal dependencies that runs a CLI version of the tool, as well as a Javascript  version that provides a more familiar UI interface that people can run in the browser of a live Linux environment.

If you are brave .. you can give this a try:
https://github.com/xeroc/jshares/archive/master.zip
Download the zip file .. unpack it and run the html file in the browser ..
it will randomly choose a private key and print the public key, private key, and bts address for it in text format and as QR code ..

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
related thread: 
https://bitsharestalk.org/index.php?topic=8907.msg160155#msg160155

quote:

here we go .. I just updated the "pytshares" repo on github .. now there are two different scripts:

Code: [Select]
└─(1:%) ./genbtskey.py                                                                                                                                                                                                          ─┘
Secret Exponent         : b3a5255b0567f73da73a27663c0ea5998c67cb6bf860f6dad23af7c1f03290b5
Private Key             : 5KBQNg7LVWcfyZKYzYMVnwsV3d1JS351rD6EhddZvSSzpX2C34X
BTC Address             : 1Bfy6Pv7t1z4hXW89zGHbydnspevDdg9fN
--------------------------------------------------------------------------------
BTC Pubkey (compressed) : 02885d9abff5ca754bdea9c70c9fd95f3d1ea9200b563b2e43081a4d75bc63a1e5
BTC Address             : 1Bfy6Pv7t1z4hXW89zGHbydnspevDdg9fN
--------------------------------------------------------------------------------
BTS PubKey              : BTS5vYdYntohDkUyCCUmzp1QZE2isBwyS6ZARdA6P4gxWgzvFr9qz
BTS Address             : BTSPfYihuV1t7f7HczrY4oJXoX9tULALksLD
--------------------------------------------------------------------------------
┌─(xeroc@hermike:pts/2)────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────(~/pytshares)─┐
└─(%) ./convertbtcpubkey.py 02885d9abff5ca754bdea9c70c9fd95f3d1ea9200b563b2e43081a4d75bc63a1e5                                                                                                                                  ─┘
BTC PubKey      : 02885d9abff5ca754bdea9c70c9fd95f3d1ea9200b563b2e43081a4d75bc63a1e5
BTC Address     : 1BSxmaYgptZ2ZZeknMN8wNjmHViyW8SpC4
BTS PubKey      : BTS5vYdYntohDkUyCCUmzp1QZE2isBwyS6ZARdA6P4gxWgzvFr9qz
BTS Address     : BTSPfYihuV1t7f7HczrY4oJXoX9tULALksLD


Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Depends on your level of paranoia, I suppose. Don't forget to compile python on your livelinux before using your version. And the compiler used for compiling python of course. And the kernel. And...  ;)

http://scienceblogs.com/goodmath/2007/04/15/strange-loops-dennis-ritchie-a/  ;)

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Are you aware of programs/utils/bts_create_key in the bitshares repo?

no I wasn't. I can just put that (alone) on a flashdrive and run it offline in a live-cd?
The issue with that one is that ideally .. you need to compile it on a offline ci
omputer running a livelinux of some kind ..
while python is almost stand-alone

Javascript would ve alot nicer though

Depends on your level of paranoia, I suppose. Don't forget to compile python on your livelinux before using your version. And the compiler used for compiling python of course. And the kernel. And...  ;)

Yes, it should be possible to put that alone on a flashdrive and run it offline.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Ok .. I successfully read into unittesting of python and added your unit tests for private key addresses pubkeys and wif format.
unit test can be executed via
  $ python2 -m unittest genbtskey
Code: [Select]
.....
----------------------------------------------------------------------
Ran 5 tests in 1.893s

OK

I also added the option to have a single argument .. a WIF key .. and convert that to the corresponding address/pubkey ..

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Would you like to take the code pack it and write some test modules for it?

What's the code pack? If it's python, I'm afraid my knowledge is pretty rudimentary. :)
mine is too :) lol

I will try to learn it myself :)

Offline monsterer

Would you like to take the code pack it and write some test modules for it?

What's the code pack? If it's python, I'm afraid my knowledge is pretty rudimentary. :)
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Actually, you know what's better than encrypting the generated private key with a passphrase?

Deriving a 256-bit number from the passphrase and doing modular addition with that number and the generated private key to get a new private key. That way you can first generate a random private key (back that up for safe keeping), then use that and various passphrases to generate new private keys (and corresponding BTS addresses). Then use one of those addresses to store your funds.

The beauty of that approach is that it provides plausible deniability. You can have two different passphrases (the real one and a fake one) to generate two different BTS addresses (real and fake). You fund both addresses, but you put just enough to be plausible in the fake one and put the rest of your funds in the real one.

Now even if someone steals your paper backup of the original random private key and extorts you to get the passphrase that allows them to derive the private key that unlocks the funds, you can provide the fake passphrase and let them get away with the small amount of decoy money stored there while keeping the rest of your wealth safe. This of course assumes that the attacker doesn't know how much money you have stored in which balances, or else he could continue extorting you until you give up the passphrase that unlocks the balance that he knows belongs to you. I have to say that blockchain analysis makes it actually pretty easy for the attacker to be fairly confident a balance belongs to you (sucks for you if he is wrong I guess), so perhaps this wouldn't be all that useful in practice until CryptoNote-like privacy is implemented on the blockchain.

thanks for the input ..

somewhere I do have a working BIP32 python implementation and could easily add this to the python script ..
For your idea I certainly need to learn more about ECC to be sure it's correct what I implement :)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
If it helps you any with your unit tests, here is a list of:

* private keys
* bitcoin addresses
* hex bitcoin public keys
* BTS public keys
* BTS addresses

They are all corresponding, so the private key for row I corresponds to the bitcoin address, hex public key, BTS pub key and BTS adress for row I.

Code: [Select]
List<string> m_bitcoinPrivKeys = new List<string>()
{
"5HqUkGuo62BfcJU5vNhTXKJRXuUi9QSE6jp8C3uBJ2BVHtB8WSd",
"5JWcdkhL3w4RkVPcZMdJsjos22yB5cSkPExerktvKnRNZR5gx1S",
"5HvVz6XMx84aC5KaaBbwYrRLvWE46cH6zVnv4827SBPLorg76oq",
"5Jete5oFNjjk3aUMkKuxgAXsp7ZyhgJbYNiNjHLvq5xzXkiqw7R",
"5KDT58ksNsVKjYShG4Ls5ZtredybSxzmKec8juj7CojZj6LPRF7"
};

List<string> m_bitcoinAddresses = new List<string>()
{
"141fYYgjgTfxWCzUhFwVrad54EWi8Yw29a",
"19854zGaBhcgHV2hZa6bzqMBW5kHCbw7YA",
"1G7qw8FiVfHEFrSt3tDi6YgfAdrDrEM44Z",
"12c7KAAZfpREaQZuvjC5EhpoN6si9vekqK",
"1Gu5191CVHmaoU3Zz3prept87jjnpFDrXL"
};

List<string> m_bitcoinPubKeys = new List<string>()
{
"04a05c6fd57267cc0f1b82e785f0261e1d25f6751978db972b39747393c489e614a6a45b3c07fe7e24c93846d8e2ce302fa7a9dadda308762bf63db28743d20bba",
"04906435f6f9ce6f3d4e4cf8d3d0ddce209a83277738ffdc7eae6308f4ed2963df0da8746cf13a6189a281965c580f42415d86e96c232a8925ea153254bb879f60",
"045836d5ecf8eb2572f8d3e45e9a401c3acbfffcabe76697ca3539b428aa8641b827fbcad3334e0bfc636463efb494e4a57525fce15721e2e15cfff15808859389",
"04a71eb3edee13ab02f16900f820f66d59028f68ca5a1f48d1676fad9fd78e246191d4619203ce7fa1161a3fc6d3466adcae232559db620b3f74e7fea420c9a60d",
"041e5080611e2f1d9d7a61146ae0dda74181ea557044cf6c418d9ffccd9ebefcf052895a13e0b184a10a95d82d5399a6ecdb36b4f852c6e8774a3aea658f626d64"
};

List<string> m_btsPubKeys = new List<string>()
{
"BTS677ZZd62Ca7SoUJoT1CytBhj4aJewzzi8tQZxYNqpSSK69FTuF",
"BTS5z5e3BawwMY6UmcBQxYpkKZ8QQm4wdtS4KMZiWAcWBUC3RJuLT",
"BTS7W5qsanXHgRAZPijbrLMDwX6VmHqUdL2s8PZiYKD5h1R7JaqRJ",
"BTS86qPFWptPfUNKVi6hemeEWshoLerN6JvzCvFjqnRSEJg7nackU",
"BTS57qhJwt9hZtBsGgV7J5ZPHFi5r5MEeommYnFpDb6grK3qev2qX"
};

List<string> m_btsAddresses = new List<string>()
{
"BTSFN9r6VYzBK8EKtMewfNbfiGCr56pHDBFi",
"BTSdXrrTXimLb6TEt3nHnePwFmBT6Cck112",
"BTSJQUAt4gz4civ8gSs5srTK4r82F7HvpChk",
"BTSFPXXHXXGbyTBwdKoJaAPXRnhFNtTRS4EL",
"BTS3qXyZnjJneeAddgNDYNYXbF7ARZrRv5dr"
};

I created these for my own unit tests in C# :)

Would you like to take the code pack it and write some test modules for it?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I am going to give it a try with JS ..
found this thing and will try to implement that stuff for BTS
http://procbits.com/2013/08/27/generating-a-bitcoin-address-with-javascript

edit: it seems I am too stupid to learn JS :)
« Last Edit: December 08, 2014, 04:53:15 pm by xeroc »

merockstar

  • Guest
Are you aware of programs/utils/bts_create_key in the bitshares repo?

no I wasn't. I can just put that (alone) on a flashdrive and run it offline in a live-cd?
The issue with that one is that ideally .. you need to compile it on a offline ci
omputer running a livelinux of some kind ..
while python is almost stand-alone

Javascript would ve alot nicer though

i'd also love a brainwallet feature. I know it's currently possible but it should be simplified.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Are you aware of programs/utils/bts_create_key in the bitshares repo?

no I wasn't. I can just put that (alone) on a flashdrive and run it offline in a live-cd?
The issue with that one is that ideally .. you need to compile it on a offline ci
omputer running a livelinux of some kind ..
while python is almost stand-alone

Javascript would ve alot nicer though

merockstar

  • Guest
Are you aware of programs/utils/bts_create_key in the bitshares repo?

no I wasn't. I can just put that (alone) on a flashdrive and run it offline in a live-cd?