Bitcoin Forum

Yes! We know very well that this is not the safest way for storing bitcoin and please refrain from state obvious things...
Anyway, I was wondering if there is any service/method/guide that allow to save private keys (password protected with bip38) in public in the web.
The following conditions must be satisfied
- this record should be indistructible - cannot be deleted
- this record has multiple copy/database
- accesible from "everywhere" online (no private servers/clouds etc)
- easy accessible
- public shared anyways still anon.
This can be stored safely in the OP_return of a tx (of course the tx must be memorized alongside the password).
Other idea? As ayone ever tried to save a private key online?

I'm not technically inclined, however I think you're first to discuss this AFAIK. But I feel like if this is not just for testing sake it will definitely not be a good idea because whatever has to do with the internet and saving private keys it's very much the opposite of each other, which means the risk of it getting compromised is very high.

I do want to believe you're just proposing this idea for testing knowledge, so I will ask if you try this out eventually wouldn't someone with high tech knowledge be able to brute force the private key? even with the way you proposed it under op_return.

Whatever is stored in OP_return is visible on the blockchain and everyone will have access to your private keys since it cannot be deleted, making it vulnerable to attack.

Private keys should be store offline for maximum security so that no one can have access to compromise your wallet. This is why offline storage is the best. Hardware wallets and electrum cold storage is the best way to keep your funds safe because the private keys are never connected to the internet. Online storage has many flaws than offline storage.

You forgot to read where he says "password protected with BIP38", you are not including the raw private key in the OP_return script but the encrypted version, and that means that even if your encrypted private key is exposed to the public, no one can decrypt it since only you know the password to encryption. OP_return can work, it satisfied the conditions above.

There is nothing like a second Bitcoin that can write a private key on the internet like Bitcoin. There is nothing on the internet that comes close to Bitcoin that is decentralised, easily accessible, and secured like Bitcoin except if you don't want to satisfy the above conditions.

If you are not concerned about the privacy risks of storing it on the internet as you mention, and since you require additional suggestions to the op-return, the only thing I can think of is to mount it in a QR image or upload the required data using the arweave permaweb.

Although as you rightly mention, the opreturn would be good.

That seems like a good idea honestly, other solution might be IPFS I guess?

But to achieve what you're looking for I think OP_return is already solid since it will be preserved forever as long as the blockchain exist.

Please read the first words of the topic...


I am not seeing privacy concern if a random address added a bip38 key... who are the owners? If the password is something 25+ more random characters where is the risk that could be exploited?
Anyway did you know some services or other way? Imagine that making tx would be really hard and with high cost... what other way you could use for this storage?

Well the only place online that meets all your requirements is the immutable bitcoin blockchain itself and considering that the entire encrypted result is 39 bytes (in raw bytes before encoded with base58) it fits perfectly inside an OP_RETURN output (80-byte standard limit).

But as we say, چرا عاقل کند کاری که باز آرد پشیمانی. Why not store it normally on a hard copy (piece of paper) so that nobody ever sees it, which is the ultimate layer of protection. Because when the world sees it, it removes that. Maybe your password wasn't as strong as you thought. Maybe there was an exploit in the algorithm that someone found and could easily break the encryption. Maybe years pass and breaking AES becomes possible before you realize and move your coins. All of these maybes can be avoided if nobody sees your encrypted key!

Also:
You'll have to also create a physical backup of that long random password, so why go through the trouble of online storage of the encrypted key?

Just like BitTorrent protocol, IPFS require at least 1 node/computer to store your data. I don't think anyone else interested to store such data (encrypted private key), so this approach force OP to run his own IPFS node.

I get your concern, Churchill. Mixing private keys with anything online is risky. Even for testing, it could open doors for someone tech-savvy to exploit it.

Why is it so hard for your to understand the meaning of word PRIVATE key?
This is not meant to be saved or shared with anyone online, and there is no reason for doing that, even if keys are encrypted.
With weak encryption and weak entropy keys are going to be instantly hacked and coins stolen.
There are services offering secure multisig setup, but that should be used only for advanced users.

Yes, dumb people did it many times, and they lost their coins every time.