Bitcoin Forum

Bitcoin => Wallet software => Topic started by: hamdi on May 13, 2012, 06:27:43 PM

Title: how to generate a valid private-key + recv address in PHP?
Post by: hamdi on May 13, 2012, 06:27:43 PM

what´s the easiest way to generate a priv-key + recv-addr in php?

so i can make sites which accept bitcoin without running a daemon...

i want to do what bitaddress.org does in js, but in php.

don´t tell me to not keep private key on server... i will care about that...
i really want to do this in php, so please don´t give any arguments against my plan.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: lulzplzkthx on May 13, 2012, 06:31:29 PM

Are you putting out a bounty for this? :P

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: gweedo on May 13, 2012, 06:42:52 PM

https://github.com/mikegogulski/bitcoin-php/blob/master/src/bitcoin.inc#L567 (https://github.com/mikegogulski/bitcoin-php/blob/master/src/bitcoin.inc#L567)

this uses a bitcoind as a backend and just queries that to get a new address so that could be an answer

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: hamdi on May 13, 2012, 06:48:01 PM

"generate priv-key and recv-addr in pure php without a btc-daemon or any other external requirements"

bounty is 1 BTC to the first poster who posts a working php code here.

i know there is already some code around, but i just can´t find it.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: lulzplzkthx on May 13, 2012, 06:48:25 PM

Quote from: gweedo on May 13, 2012, 06:42:52 PM

I think hamdi's whole price is that he doesn't want to have to use bitcoind. And he doesn't have to. Now whether someone is going to write a script for him for free or not is the question.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: hamdi on May 13, 2012, 06:51:20 PM

read, i set a bounty of 1 btc

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: Stephen Gornick on May 30, 2012, 12:42:35 AM

Incidentally, a Python version here:

- http://bitcointalk.org/index.php?topic=84238

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: gweedo on May 30, 2012, 01:38:40 AM

http://bitcoin.stackexchange.com/questions/2289/php-script-to-create-private-key-public-address (http://bitcoin.stackexchange.com/questions/2289/php-script-to-create-private-key-public-address)

bitcoin address is in the sig :)

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: crazy_rabbit on August 29, 2012, 03:30:28 PM

How did this work out? I would be interested in seeing exactly how you did it in the end.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: hamdi on August 29, 2012, 11:59:56 PM

i use vanitygen in the back now

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: kjj on August 30, 2012, 05:55:47 AM

By the way, this is possible to do entirely in PHP, no calls to an external program. You need a PHP library for doing EC math (there is one, LGPL), the curve definition for secp256k1 (copies of SEC2 are available for free on the web) and a little code to glue it all together.

The nice part is that if you do it all internally, you can specify the private key rather than asking the program for one at random.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: 1541 on August 30, 2012, 07:23:35 AM

But there is no real "out of the box" PHP solution ready, right?
As most PHP based onlineshops (oscommerce, xtcommerce, zen-cart,...) run on a shared webspace, they would really benefit from a solution that does not rely on "bitcond" running as a service (or external server).

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: kjj on August 30, 2012, 11:28:32 AM

Quote from: 1541 on August 30, 2012, 07:23:35 AM

If you don't trust the host that runs your web store with your wallet, you really shouldn't trust it with the stuff that your wallet it made of either.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: hamdi on August 30, 2012, 02:04:46 PM

i now use vanitygen via exec(); from php.
i then present the enduser with the bitcoin-address where he can pay his money,
at the same time the private-key is sent to an off-site bitcoind to be imported there.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: kjj on August 30, 2012, 02:30:02 PM

Quote from: hamdi on August 30, 2012, 02:04:46 PM

You'd be better off generating the pair remotely, and pulling the address into the customer-facing server.

The stuff that you don't want stolen is being created in the place that you are worried about it being stolen from. That isn't a great idea, even if you delete it right away.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: scintill on August 31, 2012, 04:53:02 AM

For the challenge and to learn more about Bitcoin, I implemented this in pure PHP (bcmath extension required, but I think that's pretty standard. Edit: Goes much faster with GMP extension!) Please check it over yourself before using it! I checked several keypairs with Casascius' address utility and they look good, but I'm not an expert, and there aren't real solid tests of the code. Most of the work is by a pre-written ECC lib I found.

Anyway, the code, with a demo embedded, is at https://gist.github.com/3549107 (https://gist.github.com/3549107). ~~It is a little slow right now but could be sped up by using GMP instead of bcmath.~~ I don't know if anyone still cares or if the bounty has been claimed, but it'd be nice to have. :)

If there's interest, let me know, and I will extend and/or test it better.

Edit: Cleaned up the code and made it use GMP if possible, as it is much much faster. Also found ways to use the ECC lib's helper functions more, so there is less code.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: payb.tc on August 31, 2012, 04:56:39 AM

thanks, i care, and look forward to reviewing your work.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: BCB on October 12, 2012, 06:49:14 PM

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: kjj on October 12, 2012, 07:07:42 PM

Quote from: BCB on October 12, 2012, 06:49:14 PM

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Your best bet is probably to fopen /dev/random and read 32 bytes from it. Be warned that /dev/random will stall until it comes up with enough entropy to complete your request. Check /proc/sys/kernel/random/entropy_avail first, or use /dev/urandom (unsafe).

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: scintill on October 14, 2012, 05:38:54 AM

Quote from: kjj on October 12, 2012, 07:07:42 PM

Quote from: BCB on October 12, 2012, 06:49:14 PM

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Yeah, that sounds good to me. I didn't know about that proc file, that's cool.

Glad it's working for you, BCB.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: kjj on October 14, 2012, 05:44:29 AM

Someone asked in a PM, so I wrote an example.

Code:

<?php
$bits_desired=256;
$bytes_desired=ceil($bits_desired/8);
echo "Asking for ".$bits_desired." bits of random (".$bytes_desired." bytes)\n";
if(TRUE==($fp_ent=fopen("/proc/sys/kernel/random/entropy_avail","r"))){
 $ent=trim(fgets($fp_ent));
 echo "Entropy available: ".$ent."\n";
 if($ent>$bits_desired){
  if(TRUE==($fp_rand=fopen("/dev/random","r"))){
   $r=fread($fp_rand,$bytes_desired);
   echo bin2hex($r)."\n";
  }else echo "Failed to open /dev/random.\n";
 }else echo "Not enough bits available.\n";
}else echo "Unable to get status of entropy pool.\n";
?>

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: BCB on October 14, 2012, 05:58:21 AM

I've been testing importing and extracting and paying key and all seems to be working fine.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: Richy_T on November 25, 2013, 06:58:15 PM

This code generates a mini-key if anyone's interested. I was looking for the next step, priv->pub key when I ran across this thread. It needs tidying of course and I just remembered I'm using the non-crypto rand() so that will need to be fixed too. Maybe I should just delete it :D

Edit: OK, fixed to use /dev/urandom. Use /dev/random if you'd prefer.

Code:

<?php
  #Below is full list of available characters.
  #"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
  $fp=fopen("/dev/urandom","r") or die;
  $available_chars="23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz";
  do{
    $minikey='S';
    for($i=0;$i<29;$i++){
      while(($c=ord(fgetc($fp)))>=strlen($available_chars));
      $minikey.=substr($available_chars,$c,1);
    }
    $check=hash('sha256',$minikey . '?') . "\n";
  }while(substr($check,0,2)!='00');
  fclose($fp);
  $priv=hash('sha256',$minikey);
  print "Minikey: $minikey\n";
  print "Privkey: $priv\n";
?>

Note that I deliberately exclude "1' and 'o' but you may add them back in if needed.

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: Richy_T on November 26, 2013, 03:14:21 PM

Quote from: scintill on August 31, 2012, 04:53:02 AM

This disappeared (link no good). Anyone have a copy anywhere?

Title: Re: how to generate a valid private-key + recv address in PHP?
Post by: scintill on November 30, 2013, 02:00:28 AM

Quote from: Richy_T on November 26, 2013, 03:14:21 PM

This disappeared (link no good). Anyone have a copy anywhere?

I removed it, for being embarrassed about its weak key generation (http://sourceforge.net/mailarchive/message.php?msg_id=31568894) (!), and not wanting to enable people to unwittingly generate weak keys. Also, someone has made a more flexible fork called PHPCoinAddress (https://github.com/zamgo/PHPCoinAddress), but I would recommend at least applying my patch here (https://github.com/zamgo/PHPCoinAddress/pull/1), in addition to ideally studying secure key generation for your configuration/platform (at least if you are doing something high-risk/high-value in production.) Feedback on my pull requests to PHPCoinAddress is welcome. Thanks.