simple script to generate address from private key

[JeromeS]

OK, so I wanted to have a small script that I can use to generate new (offline) bitcoin addresses and be sure that the information was not stored anywhere or sent to anyone, but I couldn't find anything that does that that's also simple enough that I can read the source code and verify it myself.

anyway I ended up writing this python 2.5 script (and then decided to upload it here, in case it's useful to anyone else)

Code:

import ecdsa

secp256k1curve=ecdsa.ellipticcurve.CurveFp(115792089237316195423570985008687907853269984665640564039457584007908834671663,0,7)
secp256k1point=ecdsa.ellipticcurve.Point(secp256k1curve,0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8,0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141)
secp256k1=ecdsa.curves.Curve('secp256k1',secp256k1curve,secp256k1point,(1,3,132,0,10))

#--------------------------------------

import binascii, hashlib

def addy(pk):
 pko=ecdsa.SigningKey.from_secret_exponent(pk,secp256k1)
 pubkey=binascii.hexlify(pko.get_verifying_key().to_string())
 pubkey2=hashlib.sha256(binascii.unhexlify('04'+pubkey)).hexdigest()
 pubkey3=hashlib.new('ripemd160',binascii.unhexlify(pubkey2)).hexdigest()
 pubkey4=hashlib.sha256(binascii.unhexlify('00'+pubkey3)).hexdigest()
 pubkey5=hashlib.sha256(binascii.unhexlify(pubkey4)).hexdigest()
 pubkey6=pubkey3+pubkey5[:8]
 pubnum=int(pubkey6,16)
 pubnumlist=[]
 while pubnum!=0: pubnumlist.append(pubnum%58); pubnum/=58
 address=''
 for l in ['123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'[x] for x in pubnumlist]:
  address=l+address
 return '1'+address

Code:

print addy(0x18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725)
print addy(int(hashlib.sha256('something small and easy to remember but not easy to guess').hexdigest(),16))
print addy(int(hashlib.sha256(file('hiddeninplainsight.jpg','rb+').read()).hexdigest(),16))

The code uses the ecdsa library which can be found here.
The address function takes a private key and returns the corresponding bitcoin address.

The last two lines have some practical uses of the address function. Since the sha256 hash function returns a 256 bit long value, it can be used to generate a private key. This is useful if you want to have a bitcoin address and private key that you can remember without having to write it down anywhere, or if you want to use a file that you have on your computer as the key. When you want to spend the coins that you have in that address, all you have to do is use the same function to generate the private key and address.

WARNING #1: using a file that you have on your computer or a short sentence to generate a private key / address pair makes it a lot easier for an attacker to guess your private key. Instead of having to try 2^256 possibilities, they only have to try the files on your computer one by one, or your favorite book/game/your birthday...

WARNING #2: I just made this script today and I'm fairly new to bitcoin. Use at your own risk !

woooo five posts i'm outta here

[1713904782]

1713904782

[1713904782]

1713904782

[Panama Jack]

Cool idea. 

[Stephen Gornick]

WARNING #2: I just made this script today and I'm fairly new to bitcoin. Use at your own risk !

Just wanted to make sure that part stands out..., since money is involved.

[crazy_rabbit]

Did anyone confirm whether or not this works? It's a very nice idea.

Is there a code-wiki for bitcoin where people can paste their code snippets?

-crazy_rabbit

[JeromeS]

np

Code:

import hashlib, binascii

t='123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

def numtowif(numpriv):
 step1 = '80'+hex(numpriv)[2:].strip('L').zfill(64)
 step2 = hashlib.sha256(binascii.unhexlify(step1)).hexdigest()
 step3 = hashlib.sha256(binascii.unhexlify(step2)).hexdigest()
 step4 = int(step1 + step3[:8] , 16)
 return ''.join([t[step4/(58**l)%58] for l in range(100)])[::-1].lstrip('1')

def wiftonum(wifpriv):
 return sum([t.index(wifpriv[::-1][l])*(58**l) for l in range(len(wifpriv))])/(2**32)%(2**256)

def validwif(wifpriv):
 return numtowif(wiftonum(wifpriv))==wifpriv

print numtowif(0x0C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D)
print hex(wiftonum('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ'))
print validwif('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ')
print validwif('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTK')

I used this as a reference for the algorithms. This code is also in Python 2.5.
Again, you're welcome to use this code anyway you want, but use at your own risk !

[flatfly]

np

Code:

import hashlib, binascii

t='123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

def numtowif(numpriv):
 step1 = '80'+hex(numpriv)[2:].strip('L').zfill(64)
 step2 = hashlib.sha256(binascii.unhexlify(step1)).hexdigest()
 step3 = hashlib.sha256(binascii.unhexlify(step2)).hexdigest()
 step4 = int(step1 + step3[:8] , 16)
 return ''.join([t[step4/(58**l)%58] for l in range(100)])[::-1].lstrip('1')

def wiftonum(wifpriv):
 return sum([t.index(wifpriv[::-1][l])*(58**l) for l in range(len(wifpriv))])/(2**32)%(2**256)

def validwif(wifpriv):
 return numtowif(wiftonum(wifpriv))==wifpriv

print numtowif(0x0C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D)
print hex(wiftonum('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ'))
print validwif('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ')
print validwif('5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTK')

I used this as a reference for the algorithms. This code is also in Python 2.5.
Again, you're welcome to use this code anyway you want, but use at your own risk !

Very nice, again!

[laSeek]

Paste it up as a public gist on github & share the link - it should then be visible to devs generally looking via google/github & via the forum.

Nice work!

[moneygames]

This is very helpful, thanks! I am in the process of using this to recover some coins.

[JompinDox]

Although this is an old thread, I felt it was appropriate to give a warning about the above script, as it has a bug that produces wrong results for some keys.

I will post more details and a fix when I have some free time.
Meanwhile, you guys can try to find it as an exercise...
Some technical knowledge of bitcoin is required.

[RedGolpe]

Extremely helpful.

To follow JompinDox's suggestion, just add

Code:

m=0
while pubkey6[0+m:2+m]=='00':
  pubnumlist.append(0);
  m=m+2;

before

Code:

address=''

[Stemby]

It seems to be a little bit out of date, because it uses an old version of python-ecdsa (before secp521r1 implementation). I will try to get an updated and simplified version.

Thank you!

[tpksarathy]

How to run this script in python?? is there any need of additional script ?? HELP me...