Redeeming a Casascius Bitcoin

[ibmike]

Looked all over the net and cant find the correct way to Redeem a Casascius bitcoin, any help would be appreciated.  Thanks 

[pooya87]

I hope you know that Casascius physical bitcoins are categorized as collectibles and they are not meant to be redeemed. Although it has complications but you may be better off selling the physical bitcoin itself. Look into the collectibles board: https://bitcointalk.org/index.php?board=217.0

But as for redeeming them, last I checked they were all using mini private key format[1] under the hood and Electrum is supporting importing of this type of keys directly into it[2]. It has the code for it[3].
You can sweep those keys into your existing Electrum wallet or you should be able to create a new wallet by directly importing the minikey into Electrum in the initial wallet creation dialog.

Don't forget to verify Electrum binaries when you download them[4].

[1] https://en.bitcoin.it/wiki/Mini_private_key_format
[2] https://electrum.org/
[3] https://github.com/spesmilo/electrum/blob/d2fa65b9aa1d5d8e3b0eadad547935396cb52ea1/electrum/bitcoin.py#L726
[4] https://bitcointalk.org/index.php?topic=5240594.0

[LoyceV]

To add to pooya87's reply: considering the value of those coins, you should keep the private key offline.

This isn't an exact step by step solution for mini private keys, but it should be enough to get you started:

Online:
Install Electrum on your PC.
Import your address to create a watch-only wallet.
Preview the transaction, Copy the unsigned transaction. Put it on a USB stick.

Offline and running without hard drive storage:
Get a Linux LIVE DVD. Use Knoppix or Tails for instance, or any other distribution that comes with Electrum pre-installed.
Unplug your internet cable. Close the curtains. Reboot your computer and start up from that DVD. Don't enter any wireless connection password. Keep it offline.
Start Electrum. Import your private key.
Copy your unsigned transaction from the USB stick, load it into Electrum.
CHECK the transaction in Electrum. Check the fees, check the amount, check all destination addresses (character by character).
If all is okay, sign the transaction. Copy it back to your USB stick.
Turn off the computer. That wipes the Live LINUX from memory and all traces are gone.

Online:
Use your normal online Electrum to (check again and) broadcast the transaction.

Bonus:
After moving all your Bitcoin, and once the transaction confirmed, check if you own Forkcoins.

[ibmike]

Well that sucks, so i got a worthless Bitcoin, nice very nice :/

[LoyceV]

Well that sucks, so i got a worthless Bitcoin, nice very nice :/

Is that the coin you were trying to sell (according to your post history)? Can you share more details, starting with: what makes you think it's worthless and how did you get the coin?

[apogio]

Well that sucks, so i got a worthless Bitcoin, nice very nice :/

Worthless?? If you didn't try to redeem it and found out that's already redeemed, then it's not worthless.
If you removed the private key's protection, then you should redeem it, because it won't be valuable as a collectible if the hologram is ripped.

[pooya87]

Well that sucks, so i got a worthless Bitcoin, nice very nice :/

Worthless?? If you didn't try to redeem it and found out that's already redeemed, then it's not worthless.
If you removed the private key's protection, then you should redeem it, because it won't be valuable as a collectible if the hologram is ripped.

If this is the physical bitcoin OP is talking about here as well, then the address is 1Age5hVJ and it still holds the 1 whole bitcoin in it without being touched. Meaning it still is worth almost $100,000.

[apogio]

If this is the physical bitcoin OP is talking about here as well, then the address is 1Age5hVJ and it still holds the 1 whole bitcoin in it without being touched. Meaning it still is worth almost $100,000.

Yeah good catch. Lovely coin isn't it? I am not into collectibles to be honest, but I like it.

It seems that the coin is intact, so there shouldn't be a problem selling  it. I would try a bit more to sell it, perhaps posting in other places as well. Redeeming would be my last option.

What makes me kinda sceptical though is this guy here: https://bitcointalk.org/index.php?topic=5524978.0; who seems to have a similar problem. Too much coincidence? or older forum members have seen things like this before?

[WanderingPhilospher]

If you do not want to use any of the apps or wallets that will import a "mini key", can't you just SHA256 the mini private key to get the full private key (convert to WIF if need be) that you can import into any wallet type?

[ObjectInSpace]

If you do not want to use any of the apps or wallets that will import a "mini key", can't you just SHA256 the mini private key to get the full private key (convert to WIF if need be) that you can import into any wallet type?

Converting to WIF is the difficult part.

I recently shared a simple tool that can be used to convert a minikey to WIF for importing into any wallet, including Bitcoin Core:

https://bitcointalk.org/index.php?topic=5564996.0

[pooya87]

Converting to WIF is the difficult part.

It's actually the most straight forward process. All you have to do is compute the SHA256 hash of the mini-key string and that's your key. Encoding it with Base-58 is easy too considering the algorithm itself is simple and there is already libraries for it in popular programming languages.

Here is the entire code you need for converting a minikey to a WIF, written in C# without needing any external libraries and with an example key for verifying its correctness:

Code:

Span<byte> key = SHA256.HashData(Encoding.UTF8.GetBytes("SzavMBLoXU6kDrqtUVmffv"));
Span<byte> data = new byte[32 + 1 + 4];
data[0] = 128;
key.CopyTo(data.Slice(1, 32));
Span<byte> cs = ((Span<byte>)SHA256.HashData(SHA256.HashData(data.Slice(0, 33)))).Slice(0, 4);
cs.CopyTo(data.Slice(33, 4));

ReadOnlySpan<char> chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".AsSpan();

BigInteger big = new(data, true, true);
StringBuilder result = new();
while (big > 0)
{
    big = BigInteger.DivRem(big, 58, out BigInteger remainder);
    result.Insert(0, chars[(int)remainder]);
}
string wif = result.ToString();

bool isCodeCorrect = "5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF" == wif;

[ObjectInSpace]

Converting to WIF is the difficult part.

It's actually the most straight forward process. All you have to do is...

We disagree on what is straightforward. I think that writing or even compiling (correct!) code is probably beyond the scope of most people who want to redeem a physical bitcoin.

As an example, the above C# code computes the WIF for a compressed public key, but Casascius used the uncompressed one (WIF key starts with 5, specifically 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF in this case). This is why it's also important to generate the corresponding address, and verify that, too.

[pooya87]

Converting to WIF is the difficult part.

It's actually the most straight forward process. All you have to do is...

We disagree on what is straightforward. I think that writing or even compiling (correct!) code is probably beyond the scope of most people who want to redeem a physical bitcoin.

As an example, the above C# code computes the WIF for a compressed public key, but Casascius used the uncompressed one (WIF key starts with 5, specifically 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF in this case). This is why it's also important to generate the corresponding address, and verify that, too.

That's a good point (fixed that) but the point of the code I provided was to show how little work is done to go from a mini key string to a [full] WIF string. Technically all you need to do is the first line (SHA256.HashData()) and then you just feed the 32 bytes to any bitcoin library that accepts it as bytes or hex, and it will do the rest for you.

BTW I also skipped input verification for simplicity (you ought to add a '?' to the beginning and compute SHA256 hash, and the first byte of it has to be zero).

[ObjectInSpace]

Converting to WIF is the difficult part.

It's actually the most straight forward process. All you have to do is...

We disagree on what is straightforward. I think that writing or even compiling (correct!) code is probably beyond the scope of most people who want to redeem a physical bitcoin.

As an example, the above C# code computes the WIF for a compressed public key, but Casascius used the uncompressed one (WIF key starts with 5, specifically 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF in this case). This is why it's also important to generate the corresponding address, and verify that, too.

Fixed that... Technically all you need to do is... and then you... BTW I also skipped input verification...

It's funny how it keeps getting more complicated 😏

the point of the code I provided was to show how little work is done to go from a mini key string to a [full] WIF string.

Yes, I understand that. And I also wrote the code to do it, as provided in the link to the tool I shared above. But my point is that although most people can probably run sha256sum on the command line, so is relatively trivial, computing a WIF is a bitcoin-specific task that requires writing code. Writing code is a bug-prone process that's difficult to get right. Most people that find themselves in possession of a Casascius coin might not know how to write code, and even the ones that can write code should not need to. This is why I shared the tool above, to give such people another option.

[LoyceV]

It's funny how it keeps getting more complicated 😏

It's much easier to run Bitaddress.org from an offline Linux Live DVD to convert the mini-private-key to WIF.

[ObjectInSpace]

It's funny how it keeps getting more complicated 😏

It's much easier to run Bitaddress.org from an offline Linux Live DVD to convert the mini-private-key to WIF.

Yes, that is true. It will also generate QR codes for the public/private keys, which is pretty nice.

But, it must be run in a browser, and is quite a complex piece of software with 1000s of lines of code.

In my case I wanted a simple, self-contained tool I can verify myself that does just one thing well. That's why I wrote Minikey.

[Cricktor]

But, it must be run in a browser, and is quite a complex piece of software with 1000s of lines of code.

In my case I wanted a simple, self-contained tool I can verify myself that does just one thing well. That's why I wrote Minikey.

The code of bitaddress.org is known for quite some time and has "some reputation". You can download the code for offline usage, you can (and should!) verify its checksum and I for myself have briefly checked what the code does and couldn't find any funky things.

With your tiny tool, I can't and won't skip verification. I'll have to look at the code and verify, it doesn't do anything nasty. Then I'd have to compile it myself, because why should I trust an executable that you compiled?

Unless you offer a tool chain that allows reproducible builds and some people with "reputation" have verified your binary is exactly what's built from the open source code. I'd likely prefer to verify the correct build myself which would requires a well documented build process and tool chain for unfamiliar program languages.

Interpreted (or on-the-fly compiled) program languages have some advantages for small tools that don't need a lot of code to get the job done. You see (and hopefully understand) the code and it's easy to execute for small tasks.

[ObjectInSpace]

With your tiny tool, I can't and won't skip verification. I'll have to look at the code and verify, it doesn't do anything nasty. Then I'd have to compile it myself, because why should I trust an executable that you compiled?

Unless you offer a tool chain that allows reproducible builds and some people with "reputation" have verified your binary is exactly what's built from the open source code. I'd likely prefer to verify the correct build myself which would requires a well documented build process and tool chain for unfamiliar program languages.

Interpreted (or on-the-fly compiled) program languages have some advantages for small tools that don't need a lot of code to get the job done. You see (and hopefully understand) the code and it's easy to execute for small tasks.

This tool is 100 lines of code and can be run in the REPL (on-the-fly). There is no distributed binary, it's source-only.

It's really just the minimal code needed to take a minikey, and output the address and private key.

[Cricktor]

This tool is 100 lines of code and can be run in the REPL (on-the-fly). There is no distributed binary, it's source-only.

I wasn't very familiar with what you used to implement your tool, took me some diggin', so maybe I missed that part that your tool doesn't need to be compiled.

I had a look at your code to inspect it if there's anything scetchy (don't trust, verify!) before I decided to give you merits in your ANN thread for your Minikey tool.

Thanks for your contribution.