Author Topic: [Request Review] Python Code for PrivKey/Address Creation [ColdStorage]  (Read 7947 times)

0 Members and 1 Guest are viewing this topic.

Offline monsterer

If it helps you any with your unit tests, here is a list of:

* private keys
* bitcoin addresses
* hex bitcoin public keys
* BTS public keys
* BTS addresses

They are all corresponding, so the private key for row I corresponds to the bitcoin address, hex public key, BTS pub key and BTS adress for row I.

Code: [Select]
List<string> m_bitcoinPrivKeys = new List<string>()
{
"5HqUkGuo62BfcJU5vNhTXKJRXuUi9QSE6jp8C3uBJ2BVHtB8WSd",
"5JWcdkhL3w4RkVPcZMdJsjos22yB5cSkPExerktvKnRNZR5gx1S",
"5HvVz6XMx84aC5KaaBbwYrRLvWE46cH6zVnv4827SBPLorg76oq",
"5Jete5oFNjjk3aUMkKuxgAXsp7ZyhgJbYNiNjHLvq5xzXkiqw7R",
"5KDT58ksNsVKjYShG4Ls5ZtredybSxzmKec8juj7CojZj6LPRF7"
};

List<string> m_bitcoinAddresses = new List<string>()
{
"141fYYgjgTfxWCzUhFwVrad54EWi8Yw29a",
"19854zGaBhcgHV2hZa6bzqMBW5kHCbw7YA",
"1G7qw8FiVfHEFrSt3tDi6YgfAdrDrEM44Z",
"12c7KAAZfpREaQZuvjC5EhpoN6si9vekqK",
"1Gu5191CVHmaoU3Zz3prept87jjnpFDrXL"
};

List<string> m_bitcoinPubKeys = new List<string>()
{
"04a05c6fd57267cc0f1b82e785f0261e1d25f6751978db972b39747393c489e614a6a45b3c07fe7e24c93846d8e2ce302fa7a9dadda308762bf63db28743d20bba",
"04906435f6f9ce6f3d4e4cf8d3d0ddce209a83277738ffdc7eae6308f4ed2963df0da8746cf13a6189a281965c580f42415d86e96c232a8925ea153254bb879f60",
"045836d5ecf8eb2572f8d3e45e9a401c3acbfffcabe76697ca3539b428aa8641b827fbcad3334e0bfc636463efb494e4a57525fce15721e2e15cfff15808859389",
"04a71eb3edee13ab02f16900f820f66d59028f68ca5a1f48d1676fad9fd78e246191d4619203ce7fa1161a3fc6d3466adcae232559db620b3f74e7fea420c9a60d",
"041e5080611e2f1d9d7a61146ae0dda74181ea557044cf6c418d9ffccd9ebefcf052895a13e0b184a10a95d82d5399a6ecdb36b4f852c6e8774a3aea658f626d64"
};

List<string> m_btsPubKeys = new List<string>()
{
"BTS677ZZd62Ca7SoUJoT1CytBhj4aJewzzi8tQZxYNqpSSK69FTuF",
"BTS5z5e3BawwMY6UmcBQxYpkKZ8QQm4wdtS4KMZiWAcWBUC3RJuLT",
"BTS7W5qsanXHgRAZPijbrLMDwX6VmHqUdL2s8PZiYKD5h1R7JaqRJ",
"BTS86qPFWptPfUNKVi6hemeEWshoLerN6JvzCvFjqnRSEJg7nackU",
"BTS57qhJwt9hZtBsGgV7J5ZPHFi5r5MEeommYnFpDb6grK3qev2qX"
};

List<string> m_btsAddresses = new List<string>()
{
"BTSFN9r6VYzBK8EKtMewfNbfiGCr56pHDBFi",
"BTSdXrrTXimLb6TEt3nHnePwFmBT6Cck112",
"BTSJQUAt4gz4civ8gSs5srTK4r82F7HvpChk",
"BTSFPXXHXXGbyTBwdKoJaAPXRnhFNtTRS4EL",
"BTS3qXyZnjJneeAddgNDYNYXbF7ARZrRv5dr"
};

I created these for my own unit tests in C# :)
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Are you aware of programs/utils/bts_create_key in the bitshares repo?
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

merockstar

  • Guest
I've been waiting eagerly for this. Can't wait until it's refined and field tested.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Actually, you know what's better than encrypting the generated private key with a passphrase?

Deriving a 256-bit number from the passphrase and doing modular addition with that number and the generated private key to get a new private key. That way you can first generate a random private key (back that up for safe keeping), then use that and various passphrases to generate new private keys (and corresponding BTS addresses). Then use one of those addresses to store your funds.

The beauty of that approach is that it provides plausible deniability. You can have two different passphrases (the real one and a fake one) to generate two different BTS addresses (real and fake). You fund both addresses, but you put just enough to be plausible in the fake one and put the rest of your funds in the real one.

Now even if someone steals your paper backup of the original random private key and extorts you to get the passphrase that allows them to derive the private key that unlocks the funds, you can provide the fake passphrase and let them get away with the small amount of decoy money stored there while keeping the rest of your wealth safe. This of course assumes that the attacker doesn't know how much money you have stored in which balances, or else he could continue extorting you until you give up the passphrase that unlocks the balance that he knows belongs to you. I have to say that blockchain analysis makes it actually pretty easy for the attacker to be fairly confident a balance belongs to you (sucks for you if he is wrong I guess), so perhaps this wouldn't be all that useful in practice until CryptoNote-like privacy is implemented on the blockchain.

« Last Edit: December 08, 2014, 02:07:39 am by arhag »

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Cool. A JavaScript version with all necessary dependencies bundled would probably be ideal, since everyone has a browser that can run it.

Python is pretty ubiquitous on Linux, but even this code required me to install the ecdsa python module that my base python installation on Ubuntu 14.04 didn't have (sudo apt-get install python-ecdsa).

If I was trying to use this on an Ubuntu live CD, I would also have to put python-ecdsa_0.10-2_all.deb on my flash drive to set up the ecdsa python module before being able to run your script (since connecting to the internet to install it is obviously unacceptable).

Also it would be really great if the python script also optionally allowed the user to provide a passphrase to encrypt the private key and display that in the results as well. I would prefer the plaintext WIF private key to never actually exist anywhere other than the live environment. So, if I am writing down the private key on paper or storing in a password manager, I want it to be in encrypted form where the unique long passphrase is in my head and only ever typed on live Linux environments.

Of course this can also be done manually using openssl:
  • Enter command "openssl aes-256-cbc -a"
  • Type in passphrase and press enter
  • Retype same passphrase and press enter again
  • Paste the WIF private key from the python script and press enter then press Control-D twice
  • Copy the two lines output by the program after the private key you entered (this is the encrypted private key)

Then to decrypt it back into the plaintext WIF private key (also this should be done immediately after the previous steps to verify that you encrypted it properly):
  • Enter command "openssl aes-256-cbc -a -d"
  • Type in the same passphrase you used to encrypt and press enter
  • Paste the two encrypted lines from the previous steps and press enter then press Control-D twice
  • Copy the one line output by the program after the two lines you entered (this is the plaintext WIF private key)

Finally, although this code is good for generating the keys and funding the balances. It still does not address the offline transaction signing part (which toast has been working on). That will require some minimal BitShares code that can unpack and understand a transaction to present to the user what the transaction is doing (sending a certain amount of funds from these balances to these addresses) and provide a way for them to sign the transaction by providing the private keys necessary. Understanding the transaction and presenting that information to the user is important (rather than just blindly signing a transaction digest), because the online tool that generated the unsigned transaction in the first place may have been compromised to instead create a transaction that sends all of the user's funds to a hacker's address instead. 

Anyway, it would be ideal to have all of the above in both a self-contained executable with absolutely minimal dependencies that runs a CLI version of the tool, as well as a Javascript  version that provides a more familiar UI interface that people can run in the browser of a live Linux environment.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I wrote a python script (copy-paste + modification) to get a random private key and the corresponding bts pubkey and bts address ..
https://github.com/xeroc/pytshares/blob/master/genbtskey.py

THAT CODE IS UNTESTED!!
USE WITH CAUTION!

Crosschecking results with https://bitsharestalk.org/index.php?topic=8907.msg115470#msg115470
are looking good ..
maybe there is a dev that can take a look and confirm/review the python code for correctness ..


For those not getting the reason for this script.
Suppose you want to have coldstorage ... how do you create a private key and the corresponding pubkey/address that you can fund WITHOUT installing the full client?!

I'd love to see someone code this in JS and have a offline Website like brainwallet.org for that too ...
« Last Edit: January 20, 2015, 08:25:44 am by xeroc »