Bitcoin Forum

You can receive some bitcoins without even installing the client.  You can also use this method to export some bitcoins into a file, without worrying about your backup file being altered later (after creation of new addresses in your wallet for instance).

Enter the following bash functions in your command line:



Then you generate and encrypt a new private ellyptic curve (replace grondilu by your GPG id):

openssl ecparam -genkey -name secp256k1 |
gpg -ae -r grondilu |
tee wallet.pem.asc

This saves and prints the encrypted private key:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQIOA9o1PxP9fpBoEAgAofklK3zqQTYAL4bFOTix3reoHlp1yFBEaJdvKVq6uQn0
i4xIkgKXs36Yp0w4qqtwvDx54nen811EcqLsaHRZgFNISnnk9x9XvJSyMGpZ7xM4
iu57yb8U3p0iY9gZDdjeokgFj1B6YYwpUKpmEPER3jL/Vm+x6mPlD3WKRSzILD2K
WGjxvhExfRU6JpIJsUm9tYGL2Rm6YipQvw1/hteYoOsaoBWM8F+8M2VXJ6i2brTp
AK5QVhatcsI0gtFnS3sUKnpSsebPhIbjd8qT8nSJnQ2K1TK7t97NNWejzs7pr2pI
kupcCBSty+dyRU94ZuIWv82cWwRgtWYhyqnmxrnuEwgAgNwBdtXQbDuIkzbR+S2x
bx5kbOM5KSIk1KItWu1lA+11/eUHuBSGGGLiFlepkJNQNrReiORilz1vp+9wFaGV
Ol/pMsd6bLeHYy+twQ8lQ27IXdJcjTfCQ8TDBbikKw1Xw4hFs9iIsICsGpXz9QXD
v2xFxigLEPJUEPJw03Tv/iKyTE9wMX1ASPYW48GYwUA1b/3KxA3KXW2zs6MiTHFE
BpTb0t8xBXo1u8J6NRzGTOl7Irr75fZSOOMNsjJNi4jMWXk/JeR9ktjuY9tda5he
9CpBTuVteVQ1UATATnpvcfVXYMmkXAe1umshZIO+u/5YFOg8CJgpQ8AhirCkVeEa
ZtLAVAEX+GsQJEqc6XiHmIUhvJQ06xXmmMZRzXx08MoKDpo+eb9+eteC/vS2/6GT
PhD+jbnVxjEnlFvdNT9oAYVEzUId0beSfNGSszMXl8zLdLfK1RrqIHLJe7eMxsVZ
1EB6ccqt3Sby8hWECG1pkwT30I4BGjV7iMrejEZEtbs4JSUTxLmieoVDTnyT9/CX
tNNBOQmHGNpX9Fan+01yqaWeHW9IDJF3hZPVPWU22BzPsYqmCuu+bAzqwqYYoanD
GRsHguwru7bwspN65e8wAgAUInSTNiaeod3V6qWAiD3e6K9rHIqzkgJRB+eWP1ql
db8hsVj4HoLjhq0Vfey0lYjPIJLRIFdbK/9EgTg4mz/nectoI0pL7g==
=P2mb
-----END PGP MESSAGE-----

To see the corresponding bitcoin address, just run:

gpg < wallet.pem.asc |
openssl ec -pubout |
publicKeyToAddress

This gives me this:

1QAVk6rZ8Tzj6665X3v1yPGfKwNHFjGV4y

And basically this is a bitcoin address where you can send the money you want to save.

I don't know yet how you can retrieve those bitcoins later.  But it doesn't really matter if you want to save it long term "burrying your bitcoins".  It surely is possible to retrieve them, though.

PS.  If you think this message is useful, you can send some cents to the above address ;)

Without having tested a method to import that private key into a Bitcoin implementation, you won't know whether you've made some subtle mistake in the first part, irreversibly donating sent money into the ether.

True.  I'm counting on you guys.

I dunno... I'm all for "do it yourself" but I think in this case I'd be more inclined to just have MyBitcoin or MtGox or something generate an address for me to use.  I'd be too afraid of messing something up, like jp_larocque mentioned.

Ok, let's give an incentive for people to test this.

Here is a ec private key and the corresponding bitcoin address computed with the above function:

$ openssl  ecparam -genkey -name secp256k1 | tee wallet.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMoLCcQ0AfNIfnb9/LkeD+R9k64aNGB9b6BkR4zhFOxVoAcGBSuBBAAK
oUQDQgAEOwd8u4pEPeF9HioyVx4RaP/X49j7eU/iIQrbXExiILlvYn8Oo9R/ts3M
YxnBEBSgSY/CDUevx15/tTDTrEHo7w==
-----END EC PRIVATE KEY-----

$ openssl ec -pubout < wallet.pem | publicKeyToAddress
1BrM2hh9jcrms15EcarpwCG1iuEGEEKEqc

People can send bitcoins to this address to give an incentive to check that it is possible to retrieve the bitcoins.

Everybody can check out this address here:

http://blockexplorer.com/address/1BrM2hh9jcrms15EcarpwCG1iuEGEEKEqc

As an alternative, you can bury bitcoins by sending them to 1DiPumCD3XTMoEjR4nascMNSCeySoDa6tv

I don't know yet how you can retrieve those bitcoins later.  But it doesn't really matter if you want to save it long term "burrying your bitcoins".  It surely is possible to retrieve them, though.  Possible for me to retrieve them, anyway.  Not you.

it looks correct to me, having checked using an independent path in my own client code. i'd be confident i could spend coins sent to the address.

I would *not* do that. In a more general manner, store coins (long term) on a computer that has some sort of internet connection.

The more I think about it, the more I feel that the best is to print your private key and store it in a safe in switzerland (or multiple keys for the matter, a key collision is highly unlikely, but you better be safe than sorry)

grondilu's method is cleverly minimalist and ought to work well. i'm not sure how easy it would be for most people to spend the coins, but it's certainly technically possible.

unless there's something i've missed, i ought to be able to spend them immediately. i haven't tried it yet, on the thought that someone who cares more ought to be the one to risk capital in the endeavour. :-)

+1 this is a pretty sweet PoC

FTR grondilu is the man who started a full shell script implementation of the bitcoin client :D

This patch might work for the import
http://forum.bitcoin.org/index.php?topic=9046.0 (http://forum.bitcoin.org/index.php?topic=9046.0)

Flipping a bit your way.

thanks.  right back at you, hal!  :-)  (or, at least, i believe i've broadcast the transaction, but it hasn't shown up in the block chain yet. and i'm off to bed.)

i also love that grondilu's address happened to contain 'GEEK' near the end.

Hum... the transaction doesn't even appear in http://bitcoincharts.com/bitcoin/.

I suspect you failed.

This was meant as a bounty, right? Then I believe I claimed it. :-)

I first tried sipa's branch ( http://forum.bitcoin.org/index.php?topic=8091.0 ) to import the key, but couldn't make it work. Probably because I didn't arrange all the bits in the way sipa's format requires it. I should have looked at Hal's posting right away, because with the patch referenced there, it was fairly straightforward:

1) create file wallet.pem as listed in grondilu's post
2) run ./bitcoind importkey wallet.pem bountyaccount
3) restart bitcoind, passing the -rescan flag
4) check with ./bitcoin getbalance
5) move money somewhere to claim bounty

Congrats jav, I read the related posts and couldn't figure out the exact steps.

yeah, congrats, jav. i'm still not sure what i did wrong, as my code recognised the 'balance' from this key after processing the right block in the chain, so i'm confident that wasn't the problem. i suspect i actually messed up something mundane in sending the transaction.

in case it's helpful, a lightweight way to do this, without involving the c++ client, would be with mike's java client. it lets you construct key objects from the asn1 encoding, but a more manual way that might be easier for people unfamiliar with java would be simply to get the private key as a hex string with

   openssl ec -text

(on my version of openssl, at least, you could get the private key as a hex string in a single step with:

openssl ec -text -noout | head -5 | tail -3 | fmt -120 | sed 's/[: ]//g'

but that's just an ugly, dumb text-processing script.)

then, simply construct an ECKey using it and add it to your wallet:

   NetworkParameters params = NetworkParameters.prodNet();
   Wallet w = new Wallet(params);
   ECKey e = new ECKey(new BigInteger("the private key as output by openssl", 16));
   w.addKey(e);

finally, (re)download the block chain, which is of course very quick in the simplified client. (i didn't see the equivalent of a rescan in the java code, probably because there wasn't any need, but a future version could easily do it).

I would agree, but I don't have the technological knowledge to fully understand what each and every step here is doing.  Generating a key with the downloaded Bitcoin client and backing up the wallet is as far as I'll go towards "being my own bank"

Now if I had a small business, things would change.  As a personal user however, I have more trust in community-approved websites than my own technical proficiency. 

An other interesting possibility would be to encrypt using a symmetric algorythm, and a passphrase that even you don't know.

The idea is that the bitcoins could be retrieved only after a very long time.  It can be useful for instance if you want to make sure your bitcoins doesn't disappear after your death, or if you want to prevent yourself from being tempted to sell early:



openssl  ecparam -genkey -name secp256k1 |
gpg -ac --passphrase $RANDOM$RANDOM$RANDOM |
tee wallet.pem.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

jA0EAwMCPX45Ddqs8uxgycAvE6r7wFVa/xH4U99ZBjmmf89yJUUhFcSGGD8ja2U8
r9HuLlTvBf0gvHADFjMH00C53U96oR206yKncSDFpbeK8Pdja3HR3AISlzVZbrsS
3c3jpNGPdDMpR16Mggv301i0UKAGJpNXckvG9LQO2xS3jzA/EF+SU3WAN80NxXn9
f9tdoQ7gR5/0HFwH6dxYlFnhEHJtZLMLI1wnompKFnpPKbhUxq2wod1MMfGaPEJC
6qrE3l59HGeGxbNSYmMu6eXayqGb5jmkZXi06nArUQIw2rw1Nzw2h7jmxz2LxMYn
95e9cYXdc9vPkP057TFB0BI=
=lr4W
-----END PGP MESSAGE-----

So you would have to bruteforce your wallet open ?

Well, yes.  I'm not sure it's a good idea, though.  Just saying one might consider this in some particular cases.

Also, it's quite important not to reveal how many bitcoins are buried this way, so that you are the only one who knows if it worth spending CPU to crack it.

PS.  On second thought, I think it is a perfectly valid idea.  The idea of "burying" is made of two things:  

1. finding a secret place where to hide something
2. dig a hole and put it there.


Part 1. can be done using steganography,  and part 2. can be emulated with a random unknown passphrase, requiring some CPU (as digging requires physical work).

I want to recreate this in PHP using the json-rpc calls.  It looks like everything that is needed is there, except the private key creation.  I'm not sure the ability to create an encrypted private key exists in the bitcoin-php classes.
Is it possible to recreate this step in php using the existing bitcoin-php classes?
http://code.gogulski.com/bitcoin-php/

grondilu:

would u please comment on the live CD technique being discussed?  it goes as follows:

1.  boot into Ubuntu Live CD
2.  download btc client with new wallet.
3.  copy receiving address and email it to yourself
4.  close client and copy wallet.dat from data directory directly to secure usb stick or cd rom
5.  delete wallet.dat from data directory.
6.  reload copied wallet.dat from usb stick or cd rom back into data directory and reopen client to verify it can be read properly.
7.  once verified, close client and Ubuntu, erasing entire process

i should add #6 is my variation on this theme.  i hope it makes sense in the sense of not leaving any fingerprints.

Wouldn't zipping the wallet file help with ensuring integrity, since zip has CRC error checking?  If the zip archive doesn't give an error when you open it, you can be sure that the wallet file is still intact.

Well, this seems much more complicated than executing my code, which is just a few bash scripts lines.  The longest part is the conversion of the public key into a bitcoin address, but it's not that long.

:D

you need to learn to think like an avg Joe.  my steps are actually pretty easy and logical from a newbs standpoint.  the bash lines for non Linux users are too foreign and incomprehensible and would scare a newb.

How about a bash script that (1) creates a key/address like we learned from the first post, (2) creates a completely empty wallet.dat, and (3) puts the key into that wallet.  Will it blend?

Cheers,

You need to appreciate the incredible elegance of grondilu's solution :)

A newb will just copy a wallet to a couple USB sticks. I guess newbs are not the intended audience for this thread.

you need to learn to think like an avg Joe.  my steps are actually pretty easy and logical from a newbs standpoint.  the bash lines for non Linux users are too foreign and incomprehensible and would scare a newb.
[/quote]

My script is not intended to avg Joe.  At all.  It is really designed to be used by linux nerds.

/me raises hand

even as a non Linuxer (?), i do appreciate your code and i wouldn't be hanging out here bothering you all except for the fact that there are very few quality threads anymore where i respect the guys on them anymore than you.  so i hope you don't mind if i throw in a newb type question in here every now and then since i learn quite a bit. :)

Bringing this thread back to life to say I've just put together a small ruby script that will :
 - take a PEM file such as the one shown by grondilu
 - process it to extract the bitcoin address
 - process it to extract the EC private key
 - format the private key so it can be imported directly with the "importprivkey" RPC call that should be part of the next versions of the bitcoin client
 - output a nice and fuzzy HTML file containing this data along with a couple of QR codes : (link to the address in the block explorer, private key, address)

The code : https://gist.github.com/1139599

The result looks like this : http://imageshack.us/f/835/capturedcran20110811144.png/

Now my dream can come true : store coins safely and super easily on paper :)

Cool!

Thumps up to grondilu and to davout (the master of this new "bury on liars" technology)

I ran this on my Windows 7 machine and its works fine until the last step:

$ gpg < wallet.pem.asc |
> openssl ec -pubout |
> publicKeyToAddress

You need a passphrase to unlock the secret key for
user: "Boussac (nickname on bitcoin forum)"
2048-bit RSA key, ID 26B8AF92, created 2011-07-02

read EC key
read EC key
bash: xxd: command not found
gpg: encrypted with 2048-bit RSA key, ID 26B8AF92, created 2011-07-02
      "Boussac (nickname on bitcoin forum)"
writing EC key
writing EC key
bash: xxd: command not found
bash: xxd: command not found
bash: bc: command not found
1111111111111111111111111111111111

I like the simplicity of this bitcoin address but I suspect something fishy with the "command not found" warnings.
Any idea how to get these xxd and bc working ???

It's not a windows script.  xxd and bc aren't installed on windows by default - try it on a unix box.

I got that part right: I am running Cygwin. But I must be missing one or two packages: which ones ?

You need bc and dc.  They should be available on Cygwin (which is a great project by the way).  Check out the "maths" section.

You also need xxd.  I don't know if it's available on Cygwin but it should.  It's a small programm anyway, so in worst case you can just compile it.

PS.  Après vérif bc et dc sont dispo dans le paquet "bc": http://cygwin.com/cgi-bin2/package-cat.cgi?file=bc%2Fbc-1.06-2&grep=dc

Pour xxd je ne l'ai pas trouvé donc je pense que tu dois le compiler ou faire un truc équivalent avec un autre filtre.

Thanks!

 I fixed the bc issue.
Now xxd seems like a problem (it's even listed as malware on some sites??). If there is a reliable download for the source I would happily compile it..

Oh, my bad.   It seems that xxd goes with the Vim editor.  I had no clue.

It might be tedious to get the vim source and extract only the xxd part.  You may not want to install Vim if you are not a vi adept, though.

I guess I should rewrite this script with a more standard hex dumper, such as 'hexdump' or 'od'.

Grondilu , good work!

A bash script, that can do this, this will help everyone understand what is happening here!

To JPL who said
>  Without having tested a method to import that private key into a Bitcoin implementation, you won't know whether you've made some subtle mistake in the first part, irreversibly donating sent money into the ether.

Its easy to test, test with a tiny tiny sum, say 0.01 BTC : if it works, you have tested it! If not perhaps you sent 0.01 btc into the aether! 

That would be greatly appreciated by all average joe's running on windows: I will try it on win 7..

Instead of xxd, I guess it is possible to use perl oneliners:


Perl is usually easy to install on systems where bash is installed.

Watch for the last lines of these two functions:  they are actually different (H8 instead of H*), as the checksum function only needs the four first bytes.


THIS HAS NOT BEEN TESTED MUCH.   Please test it thorously before actually using it.

Thaks for this new installment: it works beautifully as per the transcript below (only the last lines).
I have not yet tested the "spending" end though (sending coins to the address below importing the private key and spending).
Meanwhile if anyone can send me a dime (0.10 BTC) ::)

$ gpg < wallet.pem.asc |
> openssl ec -pubout |
> publicKeyToAddress

You need a passphrase to unlock the secret key for
user: "Boussac"
read EC key
2048-bit RSA key, ID 26B8AF92, created 2011-07-02

read EC key
gpg: encrypted with 2048-bit RSA key, ID 26B8AF92, created 2011-07-02
      "Boussac"
writing EC key
writing EC key
1E1wr4xtgWDVsuqUR42rDi8J5U1nhKYnKa

Unless I'm missing something, it seems to me that simply doing
would be sufficient in this case, since openssl outputs in hex by default.

Nice script by the way. I may make use of it to implement an idea that I've had for a while.

It doesn't with my version of openssl (1.0.0d).   Also, don't forget you need to get only the first 4 bytes on checksum.


Thanks.  What would be very cool would be a script that creates a transaction to an other address, using raw block downloaded from blockexplorer.com and an IP found on IRC.

I have an older version (0.9.8). It also has a -hex option for most commands so "openssl dgst -hashalgo -hex" should work. And yes, I forgot about the 4 bytes. It's just that perl gives me skin rash.
I'm not sure I understand what you mean. Sounds weird.

Just to clarify, are you suggesting to include the desired spending tx directly in a raw block and start mining it (to avoid the need to import the private key in a wallet) ?
The script would have the destination address and raw block as arguments ? what is this ip address business ?

"how to bury bitcoins"
you could, you know, buy some bitbills, and literally bury them!! or put in a safe or whatever. crack open 5 years later, be rich

My idea is to use bitcoinexplorer to extract the information that is necessary to write the transaction (block number, hash root and so on).


Well, just the destination address, and the origin address.   The raw block would be fetched from blockexplorer.


We would need at least one IP of a running full client if we want to publish the transaction.  And IPs are published on irc.

well, I forgot to mention that my version of openssl prints an annoying "(stdin)= xxxxxxx" with the hex option.  I could use a sed 's/^.*= //' but that would be fugly.


See my previous message.

I don't think it should do that. The output is supposed to be usable. Are you using a development version?
I'm not sure I understand what you mean. Sounds weird.
So basically you want to make a light bash bitcoin client.
Problem is, the protocol for publishing transactions is quite complex and binary I think. And you would be relying on blockexplorer, which doesn't sound too good to me.
I like bash hackishness but within limits.

Also, if you're interested, here's the project I was talking about: https://bitcointalk.org/index.php?topic=39548.0

Yes, that's the idea.


Binary is not an issue but complexity is indeed.   I'll keep looking at such a solution from times to times, as I would like to make a few bitcoin related websites with CGI I can't/don't want to have a full client on an open webserver.


« Another is to generate a "false" bitcoin address formed from the hash and to send a small amount of bitcoins to it (e.g. one satoshi). This is the method implemented in my script. »

This has been discussed on the forum, by Satoshi himself.  Indeed you can use the hash160ToPublicKey in order to achieve that.  You basically just need to compute a rmd160 of the data you want to timestamp, and send a small BTC amount to the corresponding bitcoin address.  The money will be lost forever, though.

What's the easiest way to spend this address (created thanks to Grondilu and davout contributions on my Win 7 machine):
1Q82Ur6bYsBmXRdb8QJDzPSxaTZyymD1ZB

using the private key formatted using Davout ruby script ?
http://www.microbitcoin.fr/QRCodes.png

You can import it directly in the client using the "importprivkey" command, however, this command is not yet part of the official client, you need to compile sipa's fork to get it (https://github.com/sipa/bitcoin.git, showwallet branch) it will rescan the chain, and the coins should be spendable from there.

Here are a few ideas for using these holes.  I love this bitcoin stuff!

1) escrow
2) speeding up txns

Escrow:

Make the address and put the money in the hole.  The other person can see its in the hole by looking at the block explorer.  A new escrow tool could be made to allow for creating and sending to the hole and allow peeking into the hole.  So the Seller can see its in the hole but can't take it.  Maybe they could each contribute half of a key (or use two keys) to allow making a safe hole which neither can empty.  They have to cooperate to finish the txn and release the money to the correct recipient, so its not perfect.  Maybe a few more clever idea would fix that.


Speeding up txns:

Put a chunk of money in the hole and wait for it to be confirmed.  Then the txn can proceed with the speed of delivering the keys.  Instead of sending bitcoins you would send the keys and that's fast.  If there is too much money in the hole, the extra can be reclaimed by the buyer before he ships the keys without waiting for confirmations.  Something like that maybe. 

To my knowledge, the bitcoin protocol specs already make provisions for contracts (dual signature transactions): no need to split keys or specify some other mecanism until the bitcoin contracts are tested.
Gavin's ClearCoin makes use of bitcoin contracts.

Some interesting developments of this thread can be found on this one (https://bitcointalk.org/index.php?topic=23081.0).

Thanks for the link.

With the new version (http://github.com/grondilu/bitcoin-bash-tools) there is a command called new-bitcoin-key that returns a brand new key in WIF, along with its bitcoin address and its public point.  All in YAML (http://en.wikipedia.org/wiki/YAML):


There is also a function called vanityFromPublicPoint that allows searching for a vanity address from a public point:


This allows people to sell vanity addresses!  (see https://bitcointalk.org/index.php?topic=83749.0)