Bitcoin Forum

I'm interested in learning how a private key/ public key pair can be created independent from internet access, and still correspond correctly while being safe from being figured out if someone else knows the public key.

What is actually going on with a key pair? How can there be an association between the two addresses without there being an equation to decipher the private key using the public key?

I'm posting this in the newbie forum because I don't know where else this question would be appropriate.

Thanks!

The best article I've read on the topic was written by Coding In My Sleep: http://codinginmysleep.com/bitcoin-cold-storage-in-plain-english/ (http://codinginmysleep.com/bitcoin-cold-storage-in-plain-english/)


To directly answer your question, offline webpages are a convenient way to generate a private/public key pair without a trace:

I recommend reading the whole article. Hope this helps.

I had the same question, thanks for the link

That's a good article. I didn't realize bitaddress.org doesn't need internet access to work. That's good to know. But I still can't quite wrap my mind around how a public/private pairing works.

Here's my question:

Suppose I am offline, with a computer that loaded bitaddress.org but have no access to the internet at all. I generate/print a public/private key pair. Then, on another computer, I send 1 BTC to the public address. At this point I have "loaded" my paper wallet correct? That 1 BTC is now in that public address.

My question is, where/how is that public address associated with my private key besides on the piece of paper I printed? How can me entering in the private key possibly grant me access to the public address if the associated key pair is created separate from the bitcoin network? (I obviously do not have a full grasp on how the blockchain/confirmation system works, but I do want to understand this concept)

The public key is derived from the private key. If you know the private key, you can figure out the public key, but not the other way around. If you have a private key, you can prove that you control the public key, and that is what allows you to spend the money at that address.

1. Throw a coin 256 times, to get the private key, one side represents 1, the other coin's side represents 0. This will give you highly random 256bit key in binary format. Example: 1000111100110100010100010100011011100100100010100000111110000010110011000010010 1111100111101010011011111011100110010011001001011101101011110000011101101100010 1001110011110110010001100111010110001010100000010000001001110111011111111101100 1000110000011000001

2. Turn this binary into hex format:
1000 = 8
1111 = F
0011 = 3
0100 = 4
and so on...
You get: 8F345146E48A0F82CC25F3D4DF73264BB5E0ED8A73D919D62A0409DDFF6460C1

3. Turn hex format into base58 format:
5JuMYZ24eYPvjdXNWdDDz4eA9MC3ekgwHMUwpK41J5ANd2t2LE1
Address: 1KxKa6tGYJNUgHLQbDiT9PXAJcYhm7PC76


There you have your mega secure coin randomized offline paper wallet Bitcoin key and address.

Thanks, nice explanation :)

And you can plug the address into blockexplorer (or blockinfo.org) to check the transaction history and balance ...

http://blockexplorer.com/address/1KxKa6tGYJNUgHLQbDiT9PXAJcYhm7PC76

You can save bitaddress.org to a file (or just download it from github), so your offline computer does not even need to be temporarily connected to the internet. Also a LiveCD linux boot disk is recommended so you do not leave any trace. Alternatively a VM like VirtualBox or VMWare can be used on your normal computer (though with a slightly greater risk of malware sniffing your keys).

Another useful toy is vanitygen, which does exactly the same job but lets you select the firstbits (see my sig for example). You can plug the generated private key address into the wallet details tab of bitaddress to get the full details of the key pair (eg public key address for signing).

Paper wallets are a bit trickier to use for spending as you need to import the private key into a wallet, one of the online ones is probably easiest to use. But be sure to send the entire balance to a new paper wallet after your transaction as your private key has now been exposed to the wallet provider (or a keylogger if you tediously typed it in) and will be at risk of theft. There is also the matter of "change" as some wallets (eg bitcoin_qt) send this to a NEW address within the wallet, not back to your original paper wallet. So if you don't know for sure how it works you may even lose all your bitcoin if you lose access to that wallet. I recommend you get familiar with the entire process first (using small amounts of coin that you can afford to lose) before committing your life savings  :-\

This is really the heart of cryptography - As demonstrated by rumbilita, the random input (step 1) is used as a basis for your private key (step 2) and this is used as a basis for the public key (step 3). There is a consistent method to produce the private key, which will consistently match to the public key. It is not possible for anyone else to reverse the method to produce the private key, so your private key alone is sufficient to grant access to the bitcoin wallet.

The only trap (as mentioned in the article) is if you don't use a unique input to produce the private key. Aside from that, there are very slim chances that another person could produce the same private/public key pair.


Correct, at that point the bitcoin blockchain has recorded a transaction of 1 BTC to the public address. At any time in the future, you can submit another transaction to send that 1 BTC to another public address, and all that is required to authorize the transaction is your private key. That is why protecting your private key is imperative, if someone gets your private key the first thing they will do is send all the bitcoins out of your wallet to a public address they control.

You have not really "loaded" anything - there IS no connection with your private key or your wallet, yet. All that has happened is that the 1 BTC has been registered as "belonging" to that public key in the blockchain. This just tells everyone on the network that this money can't be reused until someone shows up with a private key that's able to generate the same public key. IOW, the money is now "locked" from further use.

And that's the deal. ANYONE who shows up with a private key matching that public key are now allowed to spend that money. However, you are the only person able to do that, because you generated the keys in the first place. The way the system works makes it mathematically very very difficult for anyone else to create a matching private key.

You may also want to check out http://en.wikipedia.org/wiki/Public-key_cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography).

Great explanation, thanks. :)

I think it's using cryptography + printer to save the keys...  :-\

Thanks so much for sharing; I've wondered about this for a while and the article from Perry looks great.

Best read in conjunction with the other posts here though! [:

is this really going to work? how do you get an offline address after having the private key?

Well you wouldn't do it by hand (like tossing a coin 256 times), though this would work and give you a valid private key.

You use bitaddress.org or vanitygen, which generates the random private key, does all the conversions and also (the step rumbitla left out), creates the address from the private key using some tricksy math.

Or if you did do all that coin tossing, just plug the hex value (64 hex characters) into the wallet details tab of bitaddress.org to do the conversions for you.

Paper wallets can be USB to

let's just say I don't trust bit address.org, do I have other alternatives except vanitygen?

OK, but it is fully opensource. Download it from the github https://github.com/pointbiz/bitaddress.org -as for getting the code audited, well I guess someone would have noticed anything seriously wrong by now, but it is a risk, as is the case with vanitygen or any other open source software. But the risk is much greater with proprietary software.

Anyway, no I don't know of any alternatives, but you could try asking on the development forum https://bitcointalk.org/index.php?board=6.0

You can take a random photo, and calculate the sha256 of that file.

For example this photo:

http://userserve-ak.last.fm/serve/_/5857252/Bier+legga.jpg

gives you a sha256 value of: 3FB87FD7F7BA0A99FE57BFEEE53ED702B960A4722C28911E9C0FBFF0F124ED43

convert to base58 format: 5JJMEwwis8xEE94RhAEYwL1C7NS2nBPjZSqpKBzZReKmvtqR5j8
which is your standard format private key.

calculate corresponding Bitcoin address: 1D3GRn91KXWwMkpCkzw7j1f286kk6SyRPW


DO NOT use photos you found on the internet like I did in this example, but choose a random photo taken with your digital camera. This gives you a highly random key if you do not trust bitaddress.org or vanitygen.

How did you calculate the corresponding Bitcoin Address?

Interesting process, never heard of that before.  Thanks.

OK, since rumbitla is offline and this has dropped off the front page, I will hazard this ...

Use bitadress.org (sorry) wallet details tab, or use the keyconv utility than comes with vanitygen. [EDIT] Just tried it, seems you also need a base58 converter (google it) before keyconv will accept it. I also came across brainwallet.org which is another offline key generator.

And and as a bonus, to caclulate the sha256 of the picture ... download it to your PC and google for a sha256 hash calculator (I used the one built into my hex editor HxD). But don't use a public picture, use one from your digital camera for example. Then you have a secret picture key that you can use to recreate your private key at will, cool  8)

Thanks for your feedback!

Generate the private key ("3FB87FD7F7BA0A99FE57BFEEE53ED702B960A4722C28911E9C0FBFF0F124ED43" in the example above), enter it into the "0 - Private ECDSA Key" field on this page: http://gobittest.appspot.com/Address, and click on send. The page will show you all the steps used to create the public key.

Thank you guys SO MUCH. This was what I didn't understand but after reading all of the responses I have a much better understanding. I'm going to refer back to this a lot.

Thanks, i will try it

Not to be picky on the security, but that site sends your keys over the network in plaintext (not even https), meaning not only do you have to trust the server but also every internet node along the way. Someone could specifically be sniffing that site, and all public addresses generated from it would be easy to recognizable on the blockchain if you tried to use them. That would potentially give an attacker instant access to your money. Then again I'm being paranoid :)