Bitcoin Forum

*** EDIT:  Bounty has ended.  Program was written. ***
I give 100 BTC to whoever can make the following program :

The program takes a bitcoin address on command line.

If the bitcoin address is not one of in the user's wallet, then the program does nothing apart from returning an error code.

If the bitcoin address is one of the user's wallet, then the program ouputs the corresponding Private key in PEM format, so it can be used by openssl.

That's all.  100 BTC.

I don't really see how to get a public key from it's hash.

If the address is a hash of the true public key, how are transactions verified? The sender attaches the public key of all output addresses to the transaction?
If so, if an address has ever been used to send any coins, it should be possible to retrieve its public key from the chain...

Hum, right.  My bad.

Ahh I have to think this more thorously.

PS.  I've edited the original post in accordance.

Anyway there must be a way to get the public key, since after all the bitcoin program uses it to verify transactions.

But I confess I have to get a better understanding of the whole key signing process.

@grondilu,

You might want to add to your "specification" that you want free software... ;)

Absolutely, but that's a very serious limitation when dealing with addresses that are very often generated and then used only once.

But maybe that's acceptable depending on the use you want to make of such a feature.


Yes, look at a raw block with at least 2 txns in it at BBE, you'll find answers ;)

The public key is also shown on address pages if it has ever been used on the network.

(Don't scrape regular BBE pages, though. I'll add a page on /q if anyone actually needs it.)


Right. When you redeem a transaction sent to an address, you include the public key in the scriptSig. Then this is checked against both the hash and the signature.

Maybe something like import-export secret keys?

It would be convenient to keep piece of money outside of wallet.dat. Also this key output in the non ascii-armored  format can be printed into the barcode and cached on paper.

I actually only need an "export" feature.   I also don't think we need a special bitcoin header.  We can stick to the header openssl use.  I actually want to, for I want to use openssl with this key.

so the format should be :
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEII84GK/wX8stbmJWYL/WUM1nPAK1miIBDBeyNuo2vyf4oAcGBSuBBAAK
oUQDQgAE/yRZIKrOj4GBfLFtMYuocJ5QF1Tr9rWMh2ixCyfodDWRWTIU21v3ehDR
NJiAXHKwkhDqQ//i46NHoNUhjvx/lw==
-----END EC PRIVATE KEY-----

(I got this output from "openssl ecparam -out key.pem -name secp256k1 -genkey")

The  bitcoin address should be built from this file using an other program.

you're right

i think gavin's bitcointools can already extract keys from wallet?

It dumps out keys in abbreviated hex (I worry about naive users accidently publishing screen snapshots showing their full private keys).

Teaching bitcointools to dump out keys in OpenSSL ascii-armored format is a great idea.  It is just not high on my personal priority list right now.

Good.  I'm glad you're interested.  I'll wait.

I think I have what you want:

https://github.com/dirtyfilthy/bc_key

extracts private keys into PEM format. if this is satisfactory address for bounty is 12fEVjSwiBpLzGkgNyPNwjnHiqD3J2v96H

Ok just give me some time to analyse the code, because such a code reads my wallet so obviously I have to be carefull :)


PS.  Well, this looks perfectly fine, and I've tested it with success.

I kind of regret I put such a high price for a program that small, but I have only one word. 

Paiement is done :
13f9f65532c012ebcc5073fd670c9edc8c73ab449e5821150c0f4822c35ae33d

payment received, cheers! :)

Hum... I used your tool to extract the private key from one of my bitcoin address :


1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt

I obtained this public key (using conversion with "openssl ec -pubout -in privkey.pem") :

-----BEGIN PUBLIC KEY-----
MIH1MIGuBgcqhkjOPQIBMIGiAgEBMCwGByqGSM49AQECIQD/////////////////
///////////////////+///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb
/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIh
AP////////////////////66rtzmr0igO7/SXozQNkFBAgEBA0IABJJ6TBhmiWm4
Y1ACBVJVn0oyG9Ay5IzEZq8cPyrs1PERl963YQh5UrGOT0NodynfHswkz8bUpaJW
FsowR/l9wXc=
-----END PUBLIC KEY-----

(no, I won't paste the private key here :) )

Anyway, I need a tool to check that this public key (assuming it is not mine, it's just an exemple) is indeed the one of the bitcoin address 1Hy9dexzNzjvQYkYy6zKRVZMU8k2j5vuPt

For some reasons I can only do that in bash.

So I try this :




However I try, I never manage to confirm the initial bitcoin address.


What do I get wrong ?

One problem i can see with this is that when you base64 decode the PEM public key you're left with the key in DER format, but the key is stored in the wallet as a raw byte object, and it's this raw object that is hashed and turned into a bitcoin address, so the simply hashing the DER format key the same way isn't going to work unfortunately.

Isn't DER format the same as raw byte ?   Anyway I opened an other thread and Hal found out that the key has a "ASN.1 cruft" or something.  So I add to add a tail -c 64.

I have to read about this ASN thing.

Glad your problem got solved. Out of curiosity what are you planning to use the extracted key for?

I want to implement an exchange system where owners are identified by a bitcoin address.

So in order to transfer an asset to an other person, one just has to sign (with the bitcoin address key) the new bitcoin address.

The advantage is that if the asset is a bond or a shareholding, paiements of dividends or coupons can be done on the bitcoin address.

DER encoding is a form of ASN.1

I really wouldn't recommend trying to do this in bash. Most languages will make this easy ... but bash isn't one of them.