Bitcoin Forum

Bitgen is a command line tool for bitcoin addresses and transactions.

This is the project home page:
http://bitgen.org/

Bitgen can generate bitcoin addresses in different ways and supports generating postscript files with the generated addresses.
Bitgen can also do many other bitcoin related tasks, such as decoding bitcoin transactions and scripts.

Can you explain more the details about this project? Where the address come? It's mean from the wallet? How to manage the address?


~iki

In the easiest setup, the bitgen software can generate random numbers by using the /dev/random generator.

To use this method, just give the following command:
./bitgen random

This will give you ps-files with the private key and public address (as well as text files with the same information).

However, it is also possible to generate a random number manually, and give that to bitgen.
If you throw a 6-sided dice 100 times, this will give you 256 bits of entropy, which is used to calculate the private key.

Throwing a single dice 100 times is a bit tedious, but if you throw 10 dice 10 times, this is actually quickly done.

Why not letting /dev/random generate the random number then?

Subverting random number generation is a wet dream of espionage agencies.
/dev/random is probably generating good random numbers, but you never know....
The NSA may know some weakness in the default random number generator.

For large amounts of money, throwing the 10 dice yourself will make you sleep well at night.

The algorithm in bitgen for converting from a base-6 number to a base 2 number is very simple,
and the source code is provided so anyone can verify the calculation.

For example, the following bitgen command will generate a bitcoin private key from 100 dice throws:

./bitgen dice 5123512351523523525525252552531523515235123512531523512355525253566616166262661 662626626363663636363

This is a beautiful master piece but it seems it is not working on Linux yet, also how safe is the fund stored in the account.

The source is available to you, go and check :)

It's as strong as your entropy. If you decide to be lazy about rolling dice and enter the pattern 111111... for the dice rolls, not so secure. If you use your system's entropy pool, more so.

Also, compiling it works for me (with basic build environment). What distro/compiler are you using, nd what issues are you having?

Bitgen 0.5 has been released:

http://bitcoin-gen.org/

The new 0.5 release adds support for:
* Mnemonics
* Invoice generation
* Mini private key
* Hierarchical random address generation (for advanced users)
* Vanity addresses (Experimental support)

Though your explanations are beautiful but I still can not get how I can use this tool for bitcoin cold storage.

Do we need an Internet Connection to generate a new address?
Who knows it could be offline ;D

Bitgen generates a bitcoin address and the corresponding private key.
(The private key is given in various forms, WIF, QR-code, mnemonic etc.)

In the simplest case, use for example the following command:
 $ bitgen random

The key information is saved in postscript/pdf-files as well as txt files.

To use it for cold storage, simply send bitcoins to the public address, and keep the postscript files in several safe places,
possible printed out on paper.

When the bitcoins should be used after the cold storage period, a wallet can be used to redeem to funds with the private key.
Most wallets can be used for that purpose.

For example, in electrum use "Import private key".
In the "android bitcoin app", use "Sweep paper wallet".

Bitgen is similar to for example bitaddress.org, but is used from the command line instead of in a web browser.
This makes it easy to use from for example a raspberry pie, or outdated PC hardware.

Ideally, the computer used for cold storage key generation should never be connected to the internet
since that is a security risk.

Bitgen is completely offline, and should be used without any network connection.

Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.

The NSA definitely knows how to crack stuff like this...but would they really bother with users like us? We're small fries  ;D

I've just added this precious piece of software to my list here (if you don't mind):

https://bitcointalk.org/index.php?topic=1164163.0 (https://bitcointalk.org/index.php?topic=1164163.0)

Tens of features, very well done! Congratulations for the effort!

Do you have any Github/Gitlab repository for that?

If not, I suggest that you create one.

Keep up the good work.

Yes, it supports vanity addresses, but it is currently too slow be be very useful.
That will improve in future versions.


Thanks for adding the software there.

The comments regarding the brainwallet address generation are very valid.
It would be easy to use a sentence that is predictable and therefore results in low entropy.
Salt and KDF would certainly improve the security, should hopefully be included before version 1.0 is released.

Version 0.6 of the bitgen package has been released:

http://bitcoin-gen.org/

This version supports compressed public keys, although it still generates uncompressed by default.

The major new feature in this release is support for signature generation and verification.
This functionality is included in a separate command line application: bitsig.

Unlike bitgen, the bitsig application is stateful and stores a keychain in a local database.

With this keychain it is possible to sign and verify both messages and files.
Bitsig currently support the Armory, InputsIo and Multibit message signature formats.

It also introduces a new file format for full file signatures. This makes is possible to use
bitsig instead of PGP for file signatures.

To create a new private key for signature generation, the same methods are possible as in bitgen.
The easiest method to generate a private key is the following
 $ bitsig random

This generates a random private key for you and stores it in the keychain.

To sign a message using the multibit format the following command can be used:

$ bitsig signMultibit "My message".

This will give an output similar to the following:


-----BEGIN BITCOIN SIGNED MESSAGE-----
My message
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h

G6XuhBvnDHKoYabdFdxT5ZwcSJQPCwy8D65EBC+sGdedQvhGrZ2V5R9LWSLfRrYws+zUi7hf6yi9Nkb36/Db92Q=
-----END BITCOIN SIGNATURE-----


To verify the message, use the following command (with the proper file name):
$ bitsig verifyMultibit B98F3492.multibit

This will print the following:
=====================
Verifying signature...
Verify OK for multibit file
Signature address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h
=====================

Importing public addresses is done with "bitsig import" for example:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob

Then a hash checksum has to be specified for security reasons:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob B374DD02

The bitgen package is now signed with my signature public key which is:

1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

The signatures are stored in "bitsig" files.
http://bitcoin-gen.org/bitgen_0.6.tar.gz.bitsig

In order to use the PGP-like functionality and verify the integrity of the archive,
the following command can be used:

$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

But even better is to store the address in the keychain for future use:

$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen
$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen 5981B032

When the address is stored, the address need not be specified:
$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig

This will give:
==============================
The signed file      : bitgen_0.6.tar.gz
The signature file   : bitgen_0.6.tar.gz.bitsig
Calculated address   : 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
No public address given, looking in keychain
Found the address in the keychain
Verifying signature....
Verify OK for address: 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
Address alias: bit22gen
==============================

This one has tons of features over vanitygen.

Nice to hear that. It's good to see that you worry about security.

BTW thanks for developing that dice feature to help improve random key generation. It's almost like Diceware (http://world.std.com/~reinhold/diceware.html) feature. It's very helpful!

Consider creating a Github/Gitlab repository for Bitgen.

With this, will there be any work on getting a vanity pool set up. We currently only have one option to choose from and new updated pool might get some attention

Here are example pdf files generated with bitgen:

http://bitcoin-gen.org/sample_private.pdf

http://bitcoin-gen.org/sample_share.pdf

Looks like something new and unique. Good job! ;)
But there are code issues. You have an error already in your first like of code.

Given from and to addresses along with the amount to send, can this tool create raw Tx ?

It does not handle transactions, but that may be added in the future.
Current development focus is bitcoin address handling and features related to that.

Bitgen 0.7 has been released:

http://bitcoin-gen.org/

The new release includes:

* Stdin input support
* Added signature formats
* Large file signature support
* Performance improvements
* ... and more

Previous versions took private key arguments on the command line,
and therefore this information might be stored in the shell history file.
To prevent this information leakage the new version supports
input from the application standard in rather than the shell command line.
This will prevent information to be stored by the shell.

In order to use stdin input, a minus sign (-) should be substituted for the private data,
for example:

$ bitgen dice -

This will read the dice data from stdin instead of the command line.

The new version supports signatures with some added signature formats.
It is also able to determine which format a given signature is.

The following examples shows how signatures can be done:

$ bitsig signAb64 "test" (Armory base64)
$ bitsig signAclear "test" (Armory clearsign)
$ bitsig signArmory "test" (Armory hex)
$ bitsig signInputsIo "test" (InputsIo)
$ bitsig signMultibit "test" (Multibit)
$ bitsig signRaw "test" (Bitcoin QT)

The verifyMessage command will identify the given format and verify the signature:

bitsig verifyMessage 9CE428D5.inputsio


Previous versions read files to sign into a memory buffer, which put a limit on
the size of the files that could be signed and verified.
This release reads the file as a stream and is therefore not limited the available memory.

The new release is also a bit quicker than previously.

Bitgen 0.8 has been released:

http://bitcoin-gen.org/

This release includes:

* KDF and salt for brainwallet
* low-s for signatures

The new release uses the Argon2 KDF, which won the Password Hashing Competition:

https://password-hashing.net/candidates.html
https://password-hashing.net/index.html

Argon2 is supposed to be an improved method compared to scrypt.

More information About Argon2:
https://www.cryptolux.org/images/0/0d/Argon2.pdf


To use the brainwallet function in bitgen, an email address should be specified as salt:

$ bitgen brainwallet bob123@gmail.com "ThIs is a sEnTeNcE with (10-5-2)*1+0-0 strrrrange WoRdS: Hyberfurtic, Megasilver and Filitelling, which will end Very vEry veRy verY VERY soon! Over and out. Bye bye. Still there? Good night gentlemen and ladiEs..."

The new release also uses low-s for signatures.

I got an error msg while trying to build v0.8 using make (Debian Wheezy).

Error msg is:

For your new brainwallet function you used "Argon2d", right?

"Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks."

On the other hand:

"Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks."

Source: Official Argon2.pdf (page 3).

Wouldn't using "Argon2i" be more suitable (safer) for your bitgen's brainwallet function?

Last but not least: you need to update the "brainwallet" info at "USING_BITGEN" file...

I have noticed the compile error for the "SSE2 instruction set" for some computers.
This seems to be related to the physical machine that is used.
Argon2 is optimized for the x86 architecture, and this is the cause of the compile error.

I have three Ubuntu 14.04 machines, and the two 64-bit machines compile the source without errors, one Intel and one AMD machine.

But the older 32 bit machine with an Intel Atom processor get the compile error.
I will fix this.


Yes, Bitgen is currently using Argon2d (and not Argon2i), but the choice was not an easy one.

The choice of the "d" version instead of "i" was motivated  since a dedicated machine without any internet connection should not have any side-channels for timing attacks(?)
For example, on a shared Linux-machine were several persons are logged in at the same time there will be possible to use side-channels when someone is changing a password.

I also interpret "being faster" as positive regarding ASIC-resistance.
If it is faster on a normal PC, it will perform better compared to a dedicated ASIC hardware.

The parameters for the "hardness" of the Argon2 function have been choose so it will take about 10 seconds to  perform the key derivation.

Here are the choosen parameters:

   const unsigned t_cost = 5;
   const unsigned m_cost = 100000;
   const unsigned thr = 8;


However, it is not too late to change if there is enough reason to do so.


I have to update the documentation, will be done in the next release.

The compile problem is now solved, there is a new version 0.8.1 ready for download.

The problem was simply that the compile flag "-msse2" was missing.
In the makefile the following was changed:

COMPILE=g++ -I. -c
was changed to
COMPILE=g++ -msse2 -I. -c

The documentation has also been updated in version 0.8.1.

Everything is running fine now.

Thanks for the fast fix.

Gonna test the new brainwallet feature...

As mentioned at his website:


P.s. I didn't test it on WIN though...

Bitgen 0.9 has been released:

http://bitcoin-gen.org/

The new release includes:

* Encryption support
* Shell redirection support
* Improved command line parsing
* New options for random address generation
* Changed key chain format

The new version supports public key encryption using the bitcoin elliptic curve.
A new binary bitcry performs public key encryption.

A new keypair can for example be created with the following command:
$ bitcry random

This will create a new key pair and store it is the local key chain.

The following command will display the existing keys:

$ bitcry list

This will display the existing public keys in pkif format, for example:

7TVa9PtYp9Pz6fVJ3iZaqFML9osFbMfk3AuksqcKBxbcHpQQ1z5

This is the public key that can be given to others.

To store a public key from someone else in the local key chain, an import should be performed.
In this case, the public key is stored for user "Bob":

$ bitcry import 7TVa9PtYp9Pz6fVJ3iZaqFML9osFbMfk3AuksqcKBxbcHpQQ1z5 Bob

In order to store the user public key, a checksum should also be given:

$ bitcry import 7TVa9PtYp9Pz6fVJ3iZaqFML9osFbMfk3AuksqcKBxbcHpQQ1z5 Bob 4AE89ED6

A file can be encrypted with the "encrypt" command and the user alias, "Bob" in this case:

$ bitcry encrypt message.txt Bob


Bitcry also supports the Electrum message encryption format.
This is performed with the "encryptElectrum" command:

$ bitcry encryptElectrum "My secret message" Bob

This will give the base64 encoded encryption string:
QklFMQOYP0oz+zsg6Ggz7Ty+Puq18dYuhKQdiABt9R+qt9wZmatoJsZFY3666lDfv7PYF+SnrgQUU8Dk+ckz4Uz+hJSA2z8V1GpuB+39RWK4PF2M/MNpRt+bWjqLp90FMNihBx8=


Note: The key chain format has changed compared to earlier versions.
Key chain entries from earlier versions needs to be imported to this version.
See the changelog file for details.

Bitgen 0.10 has been released:

http://bitcoin-gen.org/

The new release includes Litecoin support and EC arithmethic operations.

Litecoin addresses are generated with the new "bitgen-ltc" binary, for example:

$ bitgen-ltc random

Nice to see LTC as an option for this great tool

I suggest that you change this topic's title to "Bitgen - bitcoin & litecoin tool for addresses, signatures and encryption"

Nice project. Did some have a chance to review the source code ?

There are people that have looked at the code, and I have also got code improvements sent to me.

But a deeper review of critical parts would be good before 1.0 is released.

I have some ideas of perhaps creating an independent library for the core functionality.
That would make it easier to focus on the important parts and not less important command line parsing etc.
The amount of core code is rather small.

(Tread title now also includes litecoin.)

Very nice, this is good tool for making BTC address in hardware wallet, even Multiwallet is supported  ;)

Bitgen 0.11 has been released:

http://bitcoin-gen.org/

The new release includes:

* Performance improvements
* Support for bitcoin testnet and some other currencies

Work is in progress to prepare for a release of version 1.0.

Nice to see support for altcoins.

Keep up the good work.

Bitgen 0.12 has been released:

http://bitcoin-gen.org/

The release includes Windows support in addition to refactoring changes and improvements to the software tests.

No Windows binary is included (yet) since it is easy to build for Windows,
and to encourage building from source.

It is possible to build for Windows both on Linux and Windows, using Linux is actually easier than Windows.

On Linux the mingw-w64 cross compiler is used for the build.
On Windows MSYS2 is used.

Bitgen 0.13 has been released:

http://bitgen.org/

This release has moved parts of the codebase into the library bitlib:
http://bitgen.org/bitlib

The bitlib library currently includes functionality for address and private key handling,
more functionality will be included in later releases.

Also, the big integer implementation used by bitlib is released as a separate library
that provides support for fixed length signed big integers:

http://bigintctl.org/

This release also includes support for storing private key and address information
in a folder structure to make it easier to manage multiple addresses.
The command line argument "folder" should be added to use this feature, for example:

$ bitgen random folder

Windows binaries are now provided for direct download.
However, it is recommended that binaries are built from source instead
of using the existing exe-files.

On Linux it is very easy to build windows binaries.

Bitgen 0.14 has been released:

http://bitgen.org/

The new release includes the following new features:

* Added support for transaction/script decode
* Added support for saving transactions/scripts
* Added support for executing transactions

As en example this transaction is used:
https://blockchain.info/tx/dd62dd9ce8d3a4484c23c904996194b0241690e2b11b02313647a68c1186b48d

In order to get the raw transaction data, "?format=hex" is added to the blockchain.info url:
https://blockchain.info/tx/dd62dd9ce8d3a4484c23c904996194b0241690e2b11b02313647a68c1186b48d?format=hex

To save the transaction in the bitgen format, the command "savetrans" is used with the hex string as a parameter on the command line:

$ bitgen savetrans 0200000001bbac9a005478c48888ecd95f9ce3dfd7e395ddcab61535ebed8dbfcbc8749d1500000 0006a47304402201304595735c8ab411e33df908eacbd1b27f600284a7d4bb772127ce324ee7788 022018af3831efc2f238938e2e1c77001937206b3bed2f6de264ab324f44ce23dbe80121036b5aa 4d546569bfd314235eda77235efe80c47b1666951ae009733512d8a3328feffffff02a0782d0000 0000001976a914311fbc254b0756e9407107139d413a5a5863024a88acf0689c00000000001976a 914c4f19c920b6112caa86b74462b0ff39d81ec30bc88ac20040700
(There should be no spaces or newlines in the hex data)

This will save the file transaction file "btc_DD62DD9CE8D3A4484C23C904996194B0241690E2B11B02313647A68C1186B48D.trans"
The file name will include the transaction hash.

Now this file can be used when decoding the transaction. The raw hex string can also be used, but it is easier to first save the transaction in a file when working with it.

To decode the transaction the following command is used:
$ bitgen decodetrans btc_DD62DD9CE8D3A4484C23C904996194B0241690E2B11B02313647A68C1186B48D.trans

This will give the following output:
Inputs: 1 Outputs: 2

14LTgYzjP9wbPVArV4WYheJW79RbUCEaAG 159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB at 0

15Uk8PAvJPJwnzsMrVsfmpUDRSMF2NK8g5         2980000 satoshi = 0.02980000      btc
1JxLt4uK8Vbeod3VyXr5P7KPCC93Xh9BLs        10250480 satoshi = 0.10250480      btc

It is also possible to add the argument "verbose" at the end of the command line to get extended information:

Transaction data----------------------
Version   : 2
Locktime  : 459808 (block height)
Inputs: 1 Outputs: 2

--Input index 0
IHash  : 159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB at 0
Address: 14LTgYzjP9wbPVArV4WYheJW79RbUCEaAG
Type   : P2PKH input
Seq    : FFFFFFFE
IScript: 47304402201304595735C8AB411E33DF908EACBD1B27F600284A7D4BB772127CE324EE778802201 8AF3831EFC2F238938E2E1C77001937206B3BED2F6DE264AB324F44CE23DBE80121036B5AA4D546 569BFD314235EDA77235EFE80C47B1666951AE009733512D8A3328
Decoded script: DATA(304402201304595735C8AB411E33DF908EACBD1B27F600284A7D4BB772127CE324EE7788022018A F3831EFC2F238938E2E1C77001937206B3BED2F6DE264AB324F44CE23DBE801) DATA(036B5AA4D546569BFD314235EDA77235EFE80C47B1666951AE009733512D8A3328)

--Output index 0
OScript: 76A914311FBC254B0756E9407107139D413A5A5863024A88AC
Decoded script: OP_DUP OP_HASH160 DATA(311FBC254B0756E9407107139D413A5A5863024A) OP_EQUALVERIFY OP_CHECKSIG
Script type: P2PKH output
 15Uk8PAvJPJwnzsMrVsfmpUDRSMF2NK8g5         2980000 satoshi = 0.02980000      btc
--Output index 1
OScript: 76A914C4F19C920B6112CAA86B74462B0FF39D81EC30BC88AC
Decoded script: OP_DUP OP_HASH160 DATA(C4F19C920B6112CAA86B74462B0FF39D81EC30BC) OP_EQUALVERIFY OP_CHECKSIG
Script type: P2PKH output
 1JxLt4uK8Vbeod3VyXr5P7KPCC93Xh9BLs        10250480 satoshi = 0.10250480      btc

It is also possible to "run" a transaction in order to verify if the scripts succeed, this is done with the "runtrans" command.
In order to run a transaction, the transaction(s) it depends on needs to be stored in file(s).
If the files are not found, an error is returned.

This command:
$ bitgen runtrans btc_DD62DD9CE8D3A4484C23C904996194B0241690E2B11B02313647A68C1186B48D.trans

Will give the following result:
InputHash: 159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB Index: 0
Could not find locking transaction file, skipping verification for this input

Transaction FAILED

The specified transaction is missing, but it can be found using blockchain.info and the specified transaction hash:
https://blockchain.info/tx/159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB?format=hex

When this transaction has been saved as "btc_159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB.trans" the "runtrans" command is successful:

$ bitgen runtrans btc_DD62DD9CE8D3A4484C23C904996194B0241690E2B11B02313647A68C1186B48D.trans

InputHash: 159D74C8CBBF8DEDEB3515B6CADD95E3D7DFE39C5FD9EC8888C47854009AACBB Index: 0
Got script from file
InAmount: 0.13235000
Unlock succeeded for script

Transaction OK, all inputs OK

Total in amount : 0.13235000
Total out amount: 0.13230480
Miner fee       : 0.00004520

This will run the script and verify that it executes without errors.

Bitgen 0.15 has been released:

http://bitgen.org/

The new release includes support for creating transactions.

Transactions are created with the command "transaction", followed by a list of inputs,
then the keyword "out", and finally a list of outputs.

Four items should be given for each input, normally the following:
1. Input transaction hash
2. Input transaction index
3. Private key in WIF format
4. The amount stored in this input, used for fee calculation.

For example, an input may look like the following:
192696c9166c15727204839e462de5684c47276bd9e48f5976ce6b60fe912451 0 L2VwsTTtJPLRkddkMcaqiYi6mLy6S7qF26cVbis6VS6gpSG3YRjK 0.520

One or more inputs can be specified.

Each output is given by two items:
1. Destination address
2. Amount

For example:
1JFj6tUTATKqs5LXzmZsvgY2B3TnzMGmZH 0.519

Any number of outputs can be specified.


For example, this command will generate a transaction:

$ bitgen transaction 192696c9166c15727204839e462de5684c47276bd9e48f5976ce6b60fe912451 0 L2VwsTTtJPLRkddkMcaqiYi6mLy6S7qF26cVbis6VS6gpSG3YRjK 0.520 out 1JFj6tUTATKqs5LXzmZsvgY2B3TnzMGmZH 0.519

This will give the following output:

============= Num inputs: 1
Tx  : 192696C9166C15727204839E462DE5684C47276BD9E48F5976CE6B60FE912451 at 0 (P2PKH output)
Addr: 1BXi4NozT14Pg8WZ2Z4bCkd9wkopq3mAak Amount : 0.52000000 btc

============= Num outputs: 1
Addr: 1JFj6tUTATKqs5LXzmZsvgY2B3TnzMGmZH Amount : 0.51900000 btc

                                      Miner fee : 0.00100000 btc


Transaction: 0100000001512491FE606BCE76598FE4D96B27474C68E52D469E83047272156C16C996261900000 0006B483045022100D4BA3967D41E1698CD8578066EC94AA53F45E30F188A47CEBA13F28F6F2435 6602207D9B0FCA9B8D8571E067BE9635EA0943B16B2E68A29C699DAD39C4C21D86B345012103BF1 2ABFAF61FF4A3DC16B16D76E484008E277219FAA2AD6046EAD62E133E5959FFFFFFFF0160EE1703 000000001976A914BD431B3A4D6C597C77D90DB441421BFC144B4B2D88AC00000000

Transaction size   : 192
Fee per byte       : 520 satoshi/byte
Hash of transaction: ED34DF6F8DFD1907444274B4DDBD2EC68826929D1608E1A564709FF9AF5A3040

Saved file: btc_ED34DF6F8DFD1907444274B4DDBD2EC68826929D1608E1A564709FF9AF5A3040.trans

Very good update this one!

Keep up the good development...

Bitgen 0.16 has been released:

http://bitgen.org/

This release includes support for mnemonics to extended addresses for HD wallets (BIP 32).
Random mnemonics are created by bitgen, and the corresponding xprv/xpub addresses are calculated and displayed.

Here is an example of a mnemonic generated by bitgen:

Private part:
http://bitgen.org/mnemonic_sample_private.pdf

Public part:
http://bitgen.org/mnemonic_sample_share.pdf

The supported randomness functions are "random", "dice", "hash" and "hex".
Also an existing mnemonic can be specified.

To generate a 24 word random mnemonic the following command is used:

$ bitgen genMnemonic random

It is possible to create mnemonics with fewer than 24 words. The values 12, 15, 18, 21 and 24 are supported.
If so, the number of words should be specified directly after the "genMnemonic" command, for example:

$ bitgen genMnemonic 15 random

However, 24 word mnemonics are recommended since fewer words reduces the strength of the random data.

If "dice", "hash" or "hex" generation is used the corresponding random data should be given.
For example, the following command will generate a mnemonic from hash data:

$ bitgen genMnemonic hash hJhKHUiisdfiosduoiuueuUUIDUoiudfiosnNMMMDDFSSDFiuUDFIDSFUoiFUiodfOIUoiuqoiuqoiu auiodsodifusdofiuIUIOUOIUDSFoiusdfiouIUFDSfs7dfsd8f7sdfkjsdfsdjfhj3242h34kjsadf kjhsdkjHJKJKJFskjdhfskjdhhsdfhghqhqhqiaibbxvvzzaajassiusadasiduasidfusujhYYUYhJ jsi

If an existing mnemonic is used, the "mnemonic" generation type can be used to calculate the corresponding xprv/xpub addresses.
For example:

$ bitgen genMnemonic mnemonic "tortoise wool skate ribbon tragic noise disorder napkin gossip slice improve vapor"

In the ps/pdf files the lower right QR code is the mnemonic.
The lower left QR code is the corresponding xprv address.
The top left QR code is the xpub corresponding to the xprv.
The top right QR code is the derived address for the derivation path "m/44H/0H/0H".

The derivation path "m/44H/0H/0H" can for example be used with electrum to create a watching only wallet for the addresses corresponding to the mnemonic.

The txt files that are created includes the same information in text form.

Bitgen 0.17 has been released:

http://bitgen.org/

This release includes support for split wallets using one-time-pads.

When using split keys, the private key is split in two (or more) parts that all needs to be used in order
to recreate the secret key. The parts by themself do not give information about the private key.

When a split key is created, several 256-bit random numbers are generated instead of just one.
Then the final private key is created by doing bitwise XOR on the parts.

For example, if the following parts are randomly generated:
DBD2CECBBBA5D7D3FAFFB573B59E43A92C50D3135DE89A91614322A36D14ECC0
42EDDF6112DC308EFEAFEB4A8907AF4164FBF1C4DF5A32DEF55AD90DEB96D006

The bitwise XOR of these parts gives the following private key:
993F11AAA979E75D04505E393C99ECE848AB22D782B2A84F9419FBAE86823CC6

More than two parts can be used, in that case N random numbers are generated,
and the private key is the XOR of all N random numbers.

The parts can for example be stored in separate places. If one part should be stolen,
the private key is still safe since all parts are needed to recreate the private key.
With N parts (N-1) parts are not enough to recreate the private key.

To use split wallet with one-time-pad in bitgen, the otpgen command is used, for example:

$ bitgen otpgen 2 random

This will generate two random parts ("pads"), here is an example:
http://bitgen.org/split_wallet_example_private_pad1.pdf
http://bitgen.org/split_wallet_example_private_pad2.pdf

To create the private key the otp command is used with the pads as arguments,

$ bitgen otp DBD2CECBBBA5D7D3FAFFB573B59E43A92C50D3135DE89A91614322A36D14ECC0 42EDDF6112DC308EFEAFEB4A8907AF4164FBF1C4DF5A32DEF55AD90DEB96D006

This will give the private key, for example:
http://bitgen.org/split_wallet_example_private.pdf

To create random numbers, the methods "random", "dice", "hash" and "hex" can be used.

For example when using "hash", the following command can be used:
$ bitgen otpgen 2 hash sdfsdfsdfsdflkjsdlkfjsdlkfjsiusdyfisudyfsiduyfiusdyfiusdyfiudsyfiusdyfiusydfiuy sdifuydsiufysdiufysdiufysdiufysdiuyfisudyfisudyfiusdyfiudsyfiudsyfiudsyfiusdfyu syasuauuuauuasdiasudyasiudyaiusydasoidasdasidiasdiasodiasodiasodiasodi

More about one-time-pads:
https://en.wikipedia.org/wiki/One-time_pad

Bitgen 0.18 has been released:

http://bitgen.org/

This release includes support for electrum seed generation.

Here is an example:
http://bitgen.org/electrum_btc_example_private.pdf

To generate an electrum seed, use the command "electrum" followed by the generation method, for example:

$ bitgen electrum random

This will generate a 24 word seed using random data from "/dev/random"

Other possible generation methods are "hash", "mnemonic", "hex", "dice" and "brain".

For example, the following command will generate a 24 word seed from 100 dice values:

$ bitgen electrum dice 6123623123652635162356516316213666166253162356253654545162456125213612536523615 236512631532131236616

The default seed size is 24 words, but this can be changed by adding "words" followed by the desired number.
The following command will generate a 18 word seed:

$ bitgen electrum random words 18

Possible values are 12, 15, 18, 21 and 24.

An optional "account name" can be specified by using "name", for example:

$ bitgen electrum random name "My test"

Hello there @bit22gen

How are you doing? Long time no talk...

You still around? Are you still coding for this project of yours sometimes?

Revisiting your project here made me think about what we discussed years ago about using different versions of Argon2 KDF algo.

I ended stepping on this project that also uses Argon2. It's a similar project that already did something like Warp Wallet (although they used the Argon2i version):

https://github.com/patcito/mindwallet (https://github.com/patcito/mindwallet)

Just to clarify (from the famous Wikipedia):


So maybe replacing the implemented Argon2d (used by bitgen) by Argon2id should be a reasonable decision in order to improve (even more) the security for brainwallets created by this tool.

What do you think about it?