how to bury some bitcoins without even installing the client

[grondilu]

You can receive some bitcoins without even installing the client.  You can also use this method to export some bitcoins into a file, without worrying about your backup file being altered later (after creation of new addresses in your wallet for instance).

Enter the following bash functions in your command line:

Code:

#!/bin/bash
# 

base58=({1..9} {A..H} {J..N} {P..Z} {a..k} {m..z})
bitcoinregex="^[$(printf "%s" "${base58[@]}")]{34}$"

decodeBase58() {
    local s=$1
    for i in {0..57}
    do s="${s//${base58[i]}/ $i}"
    done
    dc <<< "16o0d${s// /+58*}+f" 
}

encodeBase58() {
    # 58 = 0x3A
    bc <<<"ibase=16; n=${1^^}; while(n>0) { n%3A ; n/=3A }" |
    tac |
    while read n
    do echo -n ${base58[n]}
    done
}

checksum() {
    xxd -p -r <<<"$1" |
    openssl dgst -sha256 -binary |
    openssl dgst -sha256 -binary |
    xxd -p -c 80 |
    head -c 8
}

checkBitcoinAddress() {
    if [[ "$1" =~ $bitcoinregex ]]
    then
        h=$(decodeBase58 "$1")
        checksum "00${h::${#h}-8}" |
        grep -qi "^${h: -8}$"
    else return 2
    fi
}

hash160() {
    openssl dgst -sha256 -binary |
    openssl dgst -rmd160 -binary |
    xxd -p -c 80
}

hash160ToAddress() {
    printf "%34s\n" "$(encodeBase58 "00$1$(checksum "00$1")")" |
    sed "y/ /1/"
}

publicKeyToAddress() {
    hash160ToAddress $(
    openssl ec -pubin -pubout -outform DER |
    tail -c 65 |
    hash160
    )
}

Then you generate and encrypt a new private ellyptic curve (replace grondilu by your GPG id):

openssl ecparam -genkey -name secp256k1 |
gpg -ae -r grondilu |
tee wallet.pem.asc

This saves and prints the encrypted private key:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQIOA9o1PxP9fpBoEAgAofklK3zqQTYAL4bFOTix3reoHlp1yFBEaJdvKVq6uQn0
i4xIkgKXs36Yp0w4qqtwvDx54nen811EcqLsaHRZgFNISnnk9x9XvJSyMGpZ7xM4
iu57yb8U3p0iY9gZDdjeokgFj1B6YYwpUKpmEPER3jL/Vm+x6mPlD3WKRSzILD2K
WGjxvhExfRU6JpIJsUm9tYGL2Rm6YipQvw1/hteYoOsaoBWM8F+8M2VXJ6i2brTp
AK5QVhatcsI0gtFnS3sUKnpSsebPhIbjd8qT8nSJnQ2K1TK7t97NNWejzs7pr2pI
kupcCBSty+dyRU94ZuIWv82cWwRgtWYhyqnmxrnuEwgAgNwBdtXQbDuIkzbR+S2x
bx5kbOM5KSIk1KItWu1lA+11/eUHuBSGGGLiFlepkJNQNrReiORilz1vp+9wFaGV
Ol/pMsd6bLeHYy+twQ8lQ27IXdJcjTfCQ8TDBbikKw1Xw4hFs9iIsICsGpXz9QXD
v2xFxigLEPJUEPJw03Tv/iKyTE9wMX1ASPYW48GYwUA1b/3KxA3KXW2zs6MiTHFE
BpTb0t8xBXo1u8J6NRzGTOl7Irr75fZSOOMNsjJNi4jMWXk/JeR9ktjuY9tda5he
9CpBTuVteVQ1UATATnpvcfVXYMmkXAe1umshZIO+u/5YFOg8CJgpQ8AhirCkVeEa
ZtLAVAEX+GsQJEqc6XiHmIUhvJQ06xXmmMZRzXx08MoKDpo+eb9+eteC/vS2/6GT
PhD+jbnVxjEnlFvdNT9oAYVEzUId0beSfNGSszMXl8zLdLfK1RrqIHLJe7eMxsVZ
1EB6ccqt3Sby8hWECG1pkwT30I4BGjV7iMrejEZEtbs4JSUTxLmieoVDTnyT9/CX
tNNBOQmHGNpX9Fan+01yqaWeHW9IDJF3hZPVPWU22BzPsYqmCuu+bAzqwqYYoanD
GRsHguwru7bwspN65e8wAgAUInSTNiaeod3V6qWAiD3e6K9rHIqzkgJRB+eWP1ql
db8hsVj4HoLjhq0Vfey0lYjPIJLRIFdbK/9EgTg4mz/nectoI0pL7g==
=P2mb
-----END PGP MESSAGE-----

To see the corresponding bitcoin address, just run:

gpg < wallet.pem.asc |
openssl ec -pubout |
publicKeyToAddress

This gives me this:

1QAVk6rZ8Tzj6665X3v1yPGfKwNHFjGV4y

And basically this is a bitcoin address where you can send the money you want to save.

I don't know yet how you can retrieve those bitcoins later.  But it doesn't really matter if you want to save it long term "burrying your bitcoins".  It surely is possible to retrieve them, though.

PS.  If you think this message is useful, you can send some cents to the above address

[1714158155]

1714158155

[1714158155]

1714158155

[1714158155]

1714158155

[1714158155]

1714158155

[J.P. Larocque]

Without having tested a method to import that private key into a Bitcoin implementation, you won't know whether you've made some subtle mistake in the first part, irreversibly donating sent money into the ether.

[grondilu]

Without having tested a method to import that private key into a Bitcoin implementation, you won't know whether you've made some subtle mistake in the first part, irreversibly donating sent money into the ether.

True.  I'm counting on you guys.

[Ricochet]

I dunno... I'm all for "do it yourself" but I think in this case I'd be more inclined to just have MyBitcoin or MtGox or something generate an address for me to use.  I'd be too afraid of messing something up, like jp_larocque mentioned.

[grondilu]

Ok, let's give an incentive for people to test this.

Here is a ec private key and the corresponding bitcoin address computed with the above function:

$ openssl  ecparam -genkey -name secp256k1 | tee wallet.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMoLCcQ0AfNIfnb9/LkeD+R9k64aNGB9b6BkR4zhFOxVoAcGBSuBBAAK
oUQDQgAEOwd8u4pEPeF9HioyVx4RaP/X49j7eU/iIQrbXExiILlvYn8Oo9R/ts3M
YxnBEBSgSY/CDUevx15/tTDTrEHo7w==
-----END EC PRIVATE KEY-----

$ openssl ec -pubout < wallet.pem | publicKeyToAddress
1BrM2hh9jcrms15EcarpwCG1iuEGEEKEqc

People can send bitcoins to this address to give an incentive to check that it is possible to retrieve the bitcoins.

Everybody can check out this address here:

http://blockexplorer.com/address/1BrM2hh9jcrms15EcarpwCG1iuEGEEKEqc

[chiropteran]

As an alternative, you can bury bitcoins by sending them to 1DiPumCD3XTMoEjR4nascMNSCeySoDa6tv

I don't know yet how you can retrieve those bitcoins later.  But it doesn't really matter if you want to save it long term "burrying your bitcoins".  It surely is possible to retrieve them, though.  Possible for me to retrieve them, anyway.  Not you.

[unk]

it looks correct to me, having checked using an independent path in my own client code. i'd be confident i could spend coins sent to the address.

[davout]

I dunno... I'm all for "do it yourself" but I think in this case I'd be more inclined to just have MyBitcoin or MtGox or something generate an address for me to use.  I'd be too afraid of messing something up, like jp_larocque mentioned.

I would *not* do that. In a more general manner, store coins (long term) on a computer that has some sort of internet connection.

The more I think about it, the more I feel that the best is to print your private key and store it in a safe in switzerland (or multiple keys for the matter, a key collision is highly unlikely, but you better be safe than sorry)

[unk]

grondilu's method is cleverly minimalist and ought to work well. i'm not sure how easy it would be for most people to spend the coins, but it's certainly technically possible.

unless there's something i've missed, i ought to be able to spend them immediately. i haven't tried it yet, on the thought that someone who cares more ought to be the one to risk capital in the endeavour. :-)

[davout]

grondilu's method is cleverly minimalist and ought to work well. i'm not sure how easy it would be for most people to spend the coins, but it's certainly technically possible.

unless there's something i've missed, i ought to be able to spend them immediately. i haven't tried it yet, on the thought that someone who cares more ought to be the one to risk capital in the endeavour. :-)

+1 this is a pretty sweet PoC

FTR grondilu is the man who started a full shell script implementation of the bitcoin client

[Hal]

This patch might work for the import
http://forum.bitcoin.org/index.php?topic=9046.0

Flipping a bit your way.

[unk]

Flipping a bit your way.

thanks.  right back at you, hal!  :-)  (or, at least, i believe i've broadcast the transaction, but it hasn't shown up in the block chain yet. and i'm off to bed.)

i also love that grondilu's address happened to contain 'GEEK' near the end.

[grondilu]

Flipping a bit your way.

thanks.  right back at you, hal!  :-)  (or, at least, i believe i've broadcast the transaction, but it hasn't shown up in the block chain yet. and i'm off to bed.)

Hum... the transaction doesn't even appear in http://bitcoincharts.com/bitcoin/.

I suspect you failed.

[jav]

This was meant as a bounty, right? Then I believe I claimed it. :-)

I first tried sipa's branch ( http://forum.bitcoin.org/index.php?topic=8091.0 ) to import the key, but couldn't make it work. Probably because I didn't arrange all the bits in the way sipa's format requires it. I should have looked at Hal's posting right away, because with the patch referenced there, it was fairly straightforward:

1) create file wallet.pem as listed in grondilu's post
2) run ./bitcoind importkey wallet.pem bountyaccount
3) restart bitcoind, passing the -rescan flag
4) check with ./bitcoin getbalance
5) move money somewhere to claim bounty

[Bit_Happy]

Congrats jav, I read the related posts and couldn't figure out the exact steps.

[unk]

yeah, congrats, jav. i'm still not sure what i did wrong, as my code recognised the 'balance' from this key after processing the right block in the chain, so i'm confident that wasn't the problem. i suspect i actually messed up something mundane in sending the transaction.

in case it's helpful, a lightweight way to do this, without involving the c++ client, would be with mike's java client. it lets you construct key objects from the asn1 encoding, but a more manual way that might be easier for people unfamiliar with java would be simply to get the private key as a hex string with

   openssl ec -text

(on my version of openssl, at least, you could get the private key as a hex string in a single step with:

openssl ec -text -noout | head -5 | tail -3 | fmt -120 | sed 's/[: ]//g'

but that's just an ugly, dumb text-processing script.)

then, simply construct an ECKey using it and add it to your wallet:

   NetworkParameters params = NetworkParameters.prodNet();
   Wallet w = new Wallet(params);
   ECKey e = new ECKey(new BigInteger("the private key as output by openssl", 16));
   w.addKey(e);

finally, (re)download the block chain, which is of course very quick in the simplified client. (i didn't see the equivalent of a rescan in the java code, probably because there wasn't any need, but a future version could easily do it).

[Ricochet]

I dunno... I'm all for "do it yourself" but I think in this case I'd be more inclined to just have MyBitcoin or MtGox or something generate an address for me to use.  I'd be too afraid of messing something up, like jp_larocque mentioned.

I would *not* do that. In a more general manner, store coins (long term) on a computer that has some sort of internet connection.

The more I think about it, the more I feel that the best is to print your private key and store it in a safe in switzerland (or multiple keys for the matter, a key collision is highly unlikely, but you better be safe than sorry)

I would agree, but I don't have the technological knowledge to fully understand what each and every step here is doing.  Generating a key with the downloaded Bitcoin client and backing up the wallet is as far as I'll go towards "being my own bank"

Now if I had a small business, things would change.  As a personal user however, I have more trust in community-approved websites than my own technical proficiency. 

[grondilu]

An other interesting possibility would be to encrypt using a symmetric algorythm, and a passphrase that even you don't know.

The idea is that the bitcoins could be retrieved only after a very long time.  It can be useful for instance if you want to make sure your bitcoins doesn't disappear after your death, or if you want to prevent yourself from being tempted to sell early:



openssl  ecparam -genkey -name secp256k1 |
gpg -ac --passphrase $RANDOM$RANDOM$RANDOM |
tee wallet.pem.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

jA0EAwMCPX45Ddqs8uxgycAvE6r7wFVa/xH4U99ZBjmmf89yJUUhFcSGGD8ja2U8
r9HuLlTvBf0gvHADFjMH00C53U96oR206yKncSDFpbeK8Pdja3HR3AISlzVZbrsS
3c3jpNGPdDMpR16Mggv301i0UKAGJpNXckvG9LQO2xS3jzA/EF+SU3WAN80NxXn9
f9tdoQ7gR5/0HFwH6dxYlFnhEHJtZLMLI1wnompKFnpPKbhUxq2wod1MMfGaPEJC
6qrE3l59HGeGxbNSYmMu6eXayqGb5jmkZXi06nArUQIw2rw1Nzw2h7jmxz2LxMYn
95e9cYXdc9vPkP057TFB0BI=
=lr4W
-----END PGP MESSAGE-----

[davout]

An other interesting possibility would be to encrypt using a symmetric algorythm, and a passphrase that even you don't know.

The idea is that the bitcoins could be retrieved only after a very long time.  It can be useful for instance if you want to make sure your bitcoins doesn't disappear after your death, or if you want to prevent yourself from being tempted to sell early:

So you would have to bruteforce your wallet open ?

[grondilu]

An other interesting possibility would be to encrypt using a symmetric algorythm, and a passphrase that even you don't know.

The idea is that the bitcoins could be retrieved only after a very long time.  It can be useful for instance if you want to make sure your bitcoins doesn't disappear after your death, or if you want to prevent yourself from being tempted to sell early:

So you would have to bruteforce your wallet open ?

Well, yes.  I'm not sure it's a good idea, though.  Just saying one might consider this in some particular cases.

Also, it's quite important not to reveal how many bitcoins are buried this way, so that you are the only one who knows if it worth spending CPU to crack it.

PS.  On second thought, I think it is a perfectly valid idea.  The idea of "burying" is made of two things:  

1. finding a secret place where to hide something
2. dig a hole and put it there.


Part 1. can be done using steganography,  and part 2. can be emulated with a random unknown passphrase, requiring some CPU (as digging requires physical work).