|
Title: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: unclemantis on July 09, 2012, 06:01:14 AM The subject says it all. I want to be able to print an encrypted wallet using bitaddress.org or similar service to store in multiple places.
Little help. Thanks! Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: Foxpup on July 09, 2012, 06:34:18 AM Unfortunately, there aren't any simple ways of doing it, so I'll give you the semi-complicated way. :) You can use GPG to encrypt wallet seeds/private keys in a printable and manually-enterable format. The command line is the easiest way to do it, for example to encrypt the private key 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF:
Code: echo "5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF" | gpg -ac --cipher-algo AES256 Code: -----BEGIN PGP MESSAGE----- To decrypt it, enter it into a text editor (there's no error-correction, so don't make any mistakes), save it as a plain text file, then run the command: Code: gpg -d filename.txt Code: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF You might want to test the last step just to make sure you've done everything right. ;) Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: Stephen Gornick on July 09, 2012, 08:27:01 AM Using the Wallet Details tab, you can enter a passphrase that is used to create the private key and public address.
And voila, that gives you a public address that can be used for receiving funds. Then, with the passphrase, you have the ability to recreate the private key at any time. - http://bitcointalk.org/index.php?topic=43496.msg751496#msg751496 Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: fivemileshigh on July 09, 2012, 08:54:58 AM You can also save the bitaddress output file as a pdf, then store on an encrypted truecrypt volume, as an alternative. I hope this is good enough for your aims.
Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: unclemantis on July 09, 2012, 03:17:49 PM Using the Wallet Details tab, you can enter a passphrase that is used to create the private key and public address. And voila, that gives you a public address that can be used for receiving funds. Then, with the passphrase, you have the ability to recreate the private key at any time. - http://bitcointalk.org/index.php?topic=43496.msg751496#msg751496 Great idea but this only gives me one key pair and if I print this out and store in a safe deposit box or elsewhere it is still in plain text. I am looking for a paper backup solution but this is a nice idea. Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: TangibleCryptography on July 09, 2012, 03:51:52 PM There is no off the shelf software that I know of but most programming languages have crypto libraries. Using GPG is clunky because it is intended for asynchronous encryption. It can be used but if you lose the key then you lose the coins. You could print the key and store it with the cipher text but then your security becomes only the passphrase.
I would use AES. Take a bulk wallet from bitcoin address. Code: 1,"1P51sZbG4LNQP5Qq8VPKjexzStcTL29uJK","5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep" Split the output into list of private keys and public keys. Store the public key as plaintext. Code: 1,1P51sZbG4LNQP5Qq8VPKjexzStcTL29uJK Encrypt the private keys using AES. Code: 1,5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep for example encrypted with "this is my password there are many like it this is mine" the output is: Code: U2FsdGVkX19/9w7Eu8JcYRKadE02TuYxG9CA3V3aEjLwTr/Gi7h8p9Iwk3Z7yjYG I would then include information and instructions on the page and print multiple copies. Example: Code: 10 bitcoin private keys. You can test the above example using this site. http://www.everpassword.com/aes-encryptor WARNING: Don't use this site to encrypt any real secrets. I have no idea the security of it. You may be handing the site operator a plaintext list of your keys. Personally I would enhance the above concept to use PBKDF2 for producing the decryption key. This would provide brute-force resistance. If the wallet is very large I would also use PBKDF2 produce a key which encrypt a random 256 bit number that is actual key for the rest of the wallet. The example above encrypts all the keys a single block of text. A better solution might be to encrypt each key seperately and include the public key. Then you can selectively decrypt one key as needed. Essentially the method used by bitcoin wallet except on paper. That might be an interesting enhancement to pywallet. If you do encrypt your paper wallet remember the algorithm, key generation method, salt, and other technical details ARE NOT SECRETS. Include plain English instructions maybe even source code to ensure it can be decrypted later. Good encryption doesn't work on obscurity it works based on mathematical theories that certain operations are cost prohibitive without the secret. The only thing missing from your encrypted paper wallet should be the passphrase. It is a common misconception that encryption should be sneaky (like just including a paper with nothing but cipher text) and that adds security. The only thing that adds it the likelihood that at some point in the future you never will figure out how to decrypt it even WITH the passphrase. Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: foo on July 09, 2012, 05:21:23 PM Using GPG is clunky because it is intended for asynchronous encryption. It can be used but if you lose the key then you lose the coins. You could print the key and store it with the cipher text but then your security becomes only the passphrase. Uh, no. gpg -c does symmetric encryption. It does not use a private key. I would use AES. gpg -ac --cipher-algo aes Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: DeathAndTaxes on July 09, 2012, 05:27:43 PM Uh, no. gpg -c does symmetric encryption. It does not use a private key. gpg -ac --cipher-algo aes +1 I learned something new today. I have only ever used GPG for asymmetric. I knew it used AES behind the scenes because asymmetric is so slow. Generate a one time symmetric key use the symmetric key to encrypt the payload. Then encrypt the symmetric key using the public key(s). I just never knew that functionality was exposed to the user. So yeah gpg using would work fine. Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: unclemantis on July 10, 2012, 01:27:36 AM Code: -----BEGIN PGP MESSAGE----- I got the above by placing the private key list into a file named plain.txt Code: 1,5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep I then encoded it by running cat plaintext.txt | gpg -ac --cipher-algo aes > encrypted.txt To decrypt back to the original plain text I typed this gpg -d encrypted.txt > decrypted.txt and PRESTO! I would then print out the encrypted.txt file using an OCR type style and store it everywhere right? Of course include the directions. So... Did I do good? =) Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: casascius on July 10, 2012, 01:31:56 AM You can also save the bitaddress output file as a pdf, then store on an encrypted truecrypt volume, as an alternative. I hope this is good enough for your aims. That or how about just a password-protected PDF? That has the benefit of being completely usable by a layperson given only the file and the password. This also uses AES under the hood. Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: TangibleCryptography on July 10, 2012, 01:33:41 AM sounds good to me. Nice touch printing it in an ocr font.
Someone likely could build in some nice enhancements like per address encryption, making QR codes of the encrypted strings, key hardening (bcrypt, PBKDF2) to make brute force attack more difficult, etc. However you got the basics down. I can't think of any weaknesses in that approach (assuming the passphrase is long enough and can't be dictionary attacked). Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: TangibleCryptography on July 10, 2012, 01:34:51 AM That or how about just a password-protected PDF? That has the benefit of being completely usable by a layperson given only the file and the password. This also uses AES under the hood. I think his intent was non-digital storage. How do you print and recover a password protected pdf. I mean if your goal is just to keep a digital copy you don't need pdf just backup the encrypted wallet.dat. :) Title: Re: How Do I Encrypt a Paper Wallet from bitaddress.org? Post by: unclemantis on July 10, 2012, 03:38:20 AM Would be nice of the developer of bitaddress.org could read this post and incorporate encryption into his next release!
|