100 BTC for a key extracting program

[grondilu]

*** EDIT:  Bounty has ended.  Program was written. ***
I give 100 BTC to whoever can make the following program :

The program takes a bitcoin address on command line.

If the bitcoin address is not one of in the user's wallet, then the program does nothing apart from returning an error code.

If the bitcoin address is one of the user's wallet, then the program ouputs the corresponding Private key in PEM format, so it can be used by openssl.

That's all.  100 BTC.

[davout]

I don't really see how to get a public key from it's hash.

[caveden]

If the address is a hash of the true public key, how are transactions verified? The sender attaches the public key of all output addresses to the transaction?
If so, if an address has ever been used to send any coins, it should be possible to retrieve its public key from the chain...

[grondilu]

I don't really see how to get a public key from it's hash.

Hum, right.  My bad.

Ahh I have to think this more thorously.

PS.  I've edited the original post in accordance.

[grondilu]

If the address is a hash of the true public key, how are transactions verified? The sender attaches the public key of all output addresses to the transaction?
If so, if an address has ever been used to send any coins, it should be possible to retrieve its public key from the chain...

Anyway there must be a way to get the public key, since after all the bitcoin program uses it to verify transactions.

But I confess I have to get a better understanding of the whole key signing process.

[caveden]

@grondilu,

You might want to add to your "specification" that you want free software...

[davout]

If so, if an address has ever been used to send any coins, it should be possible to retrieve its public key from the chain...

Absolutely, but that's a very serious limitation when dealing with addresses that are very often generated and then used only once.

But maybe that's acceptable depending on the use you want to make of such a feature.

Anyway there must be a way to get the public key, since after all the bitcoin program uses it to verify transactions.

Yes, look at a raw block with at least 2 txns in it at BBE, you'll find answers

[theymos]

Yes, look at a raw block with at least 2 txns in it at BBE, you'll find answers

The public key is also shown on address pages if it has ever been used on the network.

(Don't scrape regular BBE pages, though. I'll add a page on /q if anyone actually needs it.)

The sender attaches the public key of all output addresses to the transaction?

Right. When you redeem a transaction sent to an address, you include the public key in the scriptSig. Then this is checked against both the hash and the signature.

[bitcoinex]

Maybe something like import-export secret keys?

It would be convenient to keep piece of money outside of wallet.dat. Also this key output in the non ascii-armored  format can be printed into the barcode and cached on paper.

Code:

-----BEGIN BITCOIN ADDRESS PRIVATE KEY BLOCK-----
Address: 1cuh4378ry8743yr87yf87tf87wtf
Version: Bitcoin 0.3.21 (GNU/Linux)

mQENBEyMI0kBCADKLwrZ2wzYVsNhpBJMNiLDIr9WrkemaJQxM3PoOo717O1AiEhh
9muyD9bxLBmpCt5B/ltt00C5/xJ6NiUJD7/1oz/0h5H3YlJBS5eOZxJUnDXyEzzT
PZmz463Do/Kdp+4D8xqRHrWM+GXxYNSKxU00zTjwUK0EeZdwjq/UJWjI8Xf1q+lS
-----END BITCOIN ADDRESS PRIVATE KEY BLOCK-----

[grondilu]

Maybe something like import-export secret keys?

It would be convenient to keep piece of money outside of wallet.dat. Also this key output in the non ascii-armored  format can be printed into the barcode and cached on paper.

Code:

-----BEGIN BITCOIN ADDRESS PRIVATE KEY BLOCK-----
Address: 1cuh4378ry8743yr87yf87tf87wtf
Version: Bitcoin 0.3.21 (GNU/Linux)

mQENBEyMI0kBCADKLwrZ2wzYVsNhpBJMNiLDIr9WrkemaJQxM3PoOo717O1AiEhh
9muyD9bxLBmpCt5B/ltt00C5/xJ6NiUJD7/1oz/0h5H3YlJBS5eOZxJUnDXyEzzT
PZmz463Do/Kdp+4D8xqRHrWM+GXxYNSKxU00zTjwUK0EeZdwjq/UJWjI8Xf1q+lS
-----END BITCOIN ADDRESS PRIVATE KEY BLOCK-----

I actually only need an "export" feature.   I also don't think we need a special bitcoin header.  We can stick to the header openssl use.  I actually want to, for I want to use openssl with this key.

so the format should be :
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEII84GK/wX8stbmJWYL/WUM1nPAK1miIBDBeyNuo2vyf4oAcGBSuBBAAK
oUQDQgAE/yRZIKrOj4GBfLFtMYuocJ5QF1Tr9rWMh2ixCyfodDWRWTIU21v3ehDR
NJiAXHKwkhDqQ//i46NHoNUhjvx/lw==
-----END EC PRIVATE KEY-----

(I got this output from "openssl ecparam -out key.pem -name secp256k1 -genkey")

The  bitcoin address should be built from this file using an other program.

[bitcoinex]

you're right

[nanotube]

i think gavin's bitcointools can already extract keys from wallet?

[Gavin Andresen]

i think gavin's bitcointools can already extract keys from wallet?

It dumps out keys in abbreviated hex (I worry about naive users accidently publishing screen snapshots showing their full private keys).

Teaching bitcointools to dump out keys in OpenSSL ascii-armored format is a great idea.  It is just not high on my personal priority list right now.

[grondilu]

Teaching bitcointools to dump out keys in OpenSSL ascii-armored format is a great idea.  It is just not high on my personal priority list right now.

Good.  I'm glad you're interested.  I'll wait.

[dirtyfilthy]

I think I have what you want:

https://github.com/dirtyfilthy/bc_key

extracts private keys into PEM format. if this is satisfactory address for bounty is 12fEVjSwiBpLzGkgNyPNwjnHiqD3J2v96H

[grondilu]

I think I have what you want:

https://github.com/dirtyfilthy/bc_key

extracts private keys into PEM format. if this is satisfactory address for bounty is 12fEVjSwiBpLzGkgNyPNwjnHiqD3J2v96H

Ok just give me some time to analyse the code, because such a code reads my wallet so obviously I have to be carefull


PS.  Well, this looks perfectly fine, and I've tested it with success.

I kind of regret I put such a high price for a program that small, but I have only one word. 

Paiement is done :
13f9f65532c012ebcc5073fd670c9edc8c73ab449e5821150c0f4822c35ae33d

[dirtyfilthy]

payment received, cheers!

[grondilu]

Hum... I used your tool to extract the private key from one of my bitcoin address :


1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt

I obtained this public key (using conversion with "openssl ec -pubout -in privkey.pem") :

-----BEGIN PUBLIC KEY-----
MIH1MIGuBgcqhkjOPQIBMIGiAgEBMCwGByqGSM49AQECIQD/////////////////
///////////////////+///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb
/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIh
AP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABJJ6TBhmiWm4
Y1ACBVJVn0oyG9Ay5IzEZq8cPyrs1PERl963YQh5UrGOT0NodynfHswkz8bUpaJW
FsowR/l9wXc=
-----END PUBLIC KEY-----

(no, I won't paste the private key here )

Anyway, I need a tool to check that this public key (assuming it is not mine, it's just an exemple) is indeed the one of the bitcoin address 1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt

For some reasons I can only do that in bash.

So I try this :

Code:

wget -O - http://blockexplorer.com/q/hashtoaddress/$(
bc_key 1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt ~/.bitcoin/wallet.dat |
openssl ec -pubout |
grep -v 'PUBLIC KEY' |
base64 -d |
openssl dgst -sha256 |
cut -d\  -f2 |
xxd -p -r |
openssl dgst -rmd160
)

However I try, I never manage to confirm the initial bitcoin address.


What do I get wrong ?

[dirtyfilthy]

One problem i can see with this is that when you base64 decode the PEM public key you're left with the key in DER format, but the key is stored in the wallet as a raw byte object, and it's this raw object that is hashed and turned into a bitcoin address, so the simply hashing the DER format key the same way isn't going to work unfortunately.

[grondilu]

One problem i can see with this is that when you base64 decode the PEM public key you're left with the key in DER format, but the key is stored in the wallet as a raw byte object, and it's this raw object that is hashed and turned into a bitcoin address, so the simply hashing the DER format key the same way isn't going to work unfortunately.

Isn't DER format the same as raw byte ?   Anyway I opened an other thread and Hal found out that the key has a "ASN.1 cruft" or something.  So I add to add a tail -c 64.

I have to read about this ASN thing.