Bitcoin Forum
October 22, 2017, 05:38:53 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc  (Read 5404 times)
zamgo
Jr. Member
*
Offline Offline

Activity: 32


View Profile
May 09, 2013, 12:54:54 PM
 #1

PHPCoinAddress is a PHP Object that creates public/private key pairs for Bitcoin and many other cryptocoins.

PHPCoinAddress is intended to be easy to integrate into other PHP projects.

More info: https://github.com/zamgo/PHPCoinAddress

This is a beta release, and the project is still under active development.  Be careful before using this in a production environment.

Example usage:
Code:
require_once 'PHPCoinAddress.php';
$coin = CoinAddress::bitcoin();  
print 'public (base58): ' . $coin['public'] . "\n";
print 'public (Hex)   : ' . $coin['public_hex'] . "\n";
print 'private (WIF)  : ' . $coin['private'] . "\n";
print 'private (Hex)  : ' . $coin['private_hex'] . "\n";
All bug reports, fixes, pull requests, comments and criticisms welcome.
1508693933
Hero Member
*
Offline Offline

Posts: 1508693933

View Profile Personal Message (Offline)

Ignore
1508693933
Reply with quote  #2

1508693933
Report to moderator
1508693933
Hero Member
*
Offline Offline

Posts: 1508693933

View Profile Personal Message (Offline)

Ignore
1508693933
Reply with quote  #2

1508693933
Report to moderator
1508693933
Hero Member
*
Offline Offline

Posts: 1508693933

View Profile Personal Message (Offline)

Ignore
1508693933
Reply with quote  #2

1508693933
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508693933
Hero Member
*
Offline Offline

Posts: 1508693933

View Profile Personal Message (Offline)

Ignore
1508693933
Reply with quote  #2

1508693933
Report to moderator
zamgo
Jr. Member
*
Offline Offline

Activity: 32


View Profile
May 09, 2013, 12:56:59 PM
 #2

I'm gathering a Prefix list for as many cryptocoin variations as possible to include into PHPCoinAddress.  Please feel free to report errors on this list, or fix missing prefixes, or report OK tests, or to suggest new coins.   For new coins, please include the public and private prefixes in either Decimal or Hex, or just a pointer to a source code repository where the prefixes can be found.   I'll keep this post updated as new versions of PHPCoinAddress are released.
Code:
Version 0.2.0.pre
Key:
Pub Dec = Prefix for Public Key, Decimal
Pub Hex = Prefix for Public Key, Hexadecimal
Pub lead = leading character in Public Key
Priv Dec = Prefix for Private Key, Decimal
Priv Hex = Prefix for Private Key, Hexadecimal
Priv lead = leading character in Private Key (Wallet Import Format)
PrvC lead = leading character in Private Key (Compressed Wallet Import Format)
test = Test results for importing PHPCoinAddress created keys into standard client
src = source code repository
Note: tests are for uncompressed keys

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
Coin          Dec   Hex   lead  Dec   Hex  lead lead  test  src
============  ====  ====  ==== ====  ====  ==== ====  ====  ====
BITCOIN          0  0x00  1     128  0x80   5   K,L   OK    https://github.com/bitcoin/bitcoin
BBQCOIN         85  0x05  3     213  0xD5   8   K,    -     https://github.com/overware/BBQCoin
BITBAR          25  0x19  B     153  0x99   6   K,    -     https://github.com/aLQ/bitbar
BYTECOIN        18  0x12  8     128  0x80   5   K,    -     https://github.com/bryan-mills/bytecoin
CHNCOIN         28  0x1C  C     156  0x9C   6   K,    -     https://github.com/CHNCoin/CHNCoin
DEVCOIN          0  0x00  1     128  0x80   5   K,L   -     http://sourceforge.net/projects/galacticmilieu/files/DeVCoin/
FAIRBRIX         -     -  -       -     -   -   -     -     https://github.com/coblee/Fairbrix
FEATHERCOIN     14  0x0E  6     142  0x8E   5   K,    -     https://github.com/FeatherCoin/FeatherCoin
FREICOIN         0  0x00  1     128  0x80   5   K,L   -     https://github.com/freicoin/freicoin
IXCOIN           -     -  -       -     -   -   -     -     https://github.com/ixcoin/ixcoin
JUNKCOIN        16  0x10  7     144  0x90   5   K,    OK    https://github.com/js2082/JKC
LITECOIN        48  0x30  L     176  0xB0   6   K,    OK    https://github.com/litecoin-project/litecoin
MINCOIN         50  0x32  M     178  0xB2   6   K,    -     https://github.com/SandyCohen/mincoin
NAMECOIN        52  0x34  M,N   180  0xB4   7   K,    -     https://github.com/namecoin/namecoin
NOVACOIN         8  0x08  4     136  0x88   5   K,    -     https://github.com/CryptoManiac/novacoin
ONECOIN        115  0x73  o     243  0xF3   9   K,    -     https://github.com/cre8r/onecoin
PPCOIN          55  0x37  P     183  0xB7   7   K,    OK    https://github.com/ppcoin/ppcoin
ROYALCOIN        -     -  -       -     -   -   -     -     http://sourceforge.net/projects/royalcoin/
SMALLCHANGE     62  0x3E  S     190  0xBE   7   K,    -     https://github.com/bfroemel/smallchange
TERRACOIN        0  0x00  1     128  0x80   5   K,L   -     https://github.com/terracoin/terracoin
YACOIN          77  0x4D  Y     205  0xCD   7   K,    -     https://github.com/pocopoco/yacoin

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
TESNET Coin   Dec   Hex   lead  Dec   Hex  lead lead  test
============  ====  ====  ==== ====  ====  ==== ====  ====
BITCOIN-T      111  0x6F  m,n   239  0xEF   9   -     OK(uncompressed only)
BBQCOIN-T       25  0x19        153  0x99   -   -     -
BITBAR-T       115  0x73        243  0xF3   -   -     -
FAIRBRIX-T       -     -  -       -     -   -   -     -
IXCOIN-T         -     -  -       -     -   -   -     -
NAMECOIN-T       -     -  -       -     -   -   -     -
ROYALCOIN-T      -     -  -       -     -   -   -     -

TESTNET Coins using BITCOIN TESTNET prefixes:
BYTECOIN, CHNCOIN, DEVCOIN, FEATHERCOIN, FREICOIN, JUNKCOIN, LITECOIN
MINCOIN, NOVACOIN, ONECOIN, PPCOIN, TERRACOIN, SMALLCHANGE, YACOIN
QueenB
Member
**
Offline Offline

Activity: 70



View Profile
May 26, 2013, 07:08:36 PM
 #3

How about the one for Digital Coin/WorldCoin?

DGC: https://github.com/baritus/digitalcoinSource

WDC: https://github.com/worldcoinproject/Worldcoin

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
June 22, 2013, 06:05:52 PM
 #4

Awesome stuff you have here! You should include some cryptocoin donation addresses on the readme file and on the OP, ya know? Wink

flibbr
Sr. Member
****
Offline Offline

Activity: 263


Bitcoins ftw !


View Profile WWW
September 04, 2013, 08:29:51 PM
 #5

Hi Zamgo,

I pulled the very most recent version from github today and tried it (with and without set_reuse_keys)..
Example of some output;


Code:
Bitcoin Testnet [ prefix_public: 0x6F  prefix_private: 0xEF ]
uncompressed:
public (base58): 18cKSQUENVAamZBHCM7adXo7raavMc9zWg
public (Hex)   : 041360aea36e161965984f9332413a9353ce9e244fc33704ebccf1097770019d7638f874d5b747e14f5a221fe438216dbbc1c52ab690364e79633c28d84b4eff7f
private (WIF)  : 129rzaXdtABjx31F3c4xACUzymGFdT8LiiNgSBBB1daLqAeRYSb
private (Hex)  : 97d177032c27658e5e659e133dce589117f29b9bcdf267d0cd6cbe04ea77f015
compressed:
public (base58): 1Fx5ytvYodNfeLAZeniDwMgBFfyRRfCSJG
public (Hex)   : 031360aea36e161965984f9332413a9353ce9e244fc33704ebccf1097770019d76
private (WIF)  : 1667f8zDnoYQZur4zVnSTbgauYNKZtKQ37ch47uuBnSAXPoTxmua
private (Hex)  : 97d177032c27658e5e659e133dce589117f29b9bcdf267d0cd6cbe04ea77f015

I then tried importing these using the bitcoin importprivkey function with no luck, example;

Code:
user@ubuntu1:~$ ./bitcoind importprivkey "129rzaXdtABjx31F3c4xACUzymGFdT8LiiNgSBBB1daLqAeRYSb" "phpcoinaddress"
user@ubuntu1:~$ ./bitcoind importprivkey "1667f8zDnoYQZur4zVnSTbgauYNKZtKQ37ch47uuBnSAXPoTxmua" "phpcoinaddress"

error: {"code":-5,"message":"Invalid private key"}

I then tried validating the address also, with no luck;

Code:
user@ubuntu1:~$ ./bitcoind validateaddress 18cKSQUENVAamZBHCM7adXo7raavMc9zWg
user@ubuntu1:~$ ./bitcoind validateaddress 1Fx5ytvYodNfeLAZeniDwMgBFfyRRfCSJG

{
    "isvalid" : false
}

So I'm just wondering, am I doing something wrong here (using test.php from lasted github pull) or am I missing some essential libs (no php warnings / errors when running the script).

Any help most appreciated.


--

After more testing, I can conclude that:

The script was fails to produce valid addresses using PHP 5.2.4 with no GMP installed.

on my other machine,

Running PHP 5.5.3 with (--with-gmp) GMP 5.0.2 - valid addresses & private keys were generated
Running PHP 5.5.3 without GMP - valid addresses & private keys were generated

I love bitcoins - everything about them.
Visit the Flibbr website - follow on twitter: @flibbr - or say hello on Facebook
nahtnam
Legendary
*
Offline Offline

Activity: 1050


nahtnam.com


View Profile WWW
December 14, 2013, 12:38:52 AM
 #6

Wow this is really great! It would be really useful if someone could port it to Ruby on Rails!

Abdussamad
Legendary
*
Offline Offline

Activity: 1526



View Profile WWW
December 14, 2013, 02:03:45 AM
 #7

The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Quote
Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html

nahtnam
Legendary
*
Offline Offline

Activity: 1050


nahtnam.com


View Profile WWW
December 14, 2013, 02:10:00 AM
 #8

The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:
for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Quote
Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.
http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html


What would be the best way to fix it?

Abdussamad
Legendary
*
Offline Offline

Activity: 1526



View Profile WWW
December 14, 2013, 02:25:51 AM
 #9

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

nahtnam
Legendary
*
Offline Offline

Activity: 1050


nahtnam.com


View Profile WWW
December 14, 2013, 02:28:55 AM
 #10

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

Abdussamad
Legendary
*
Offline Offline

Activity: 1526



View Profile WWW
December 14, 2013, 02:33:47 AM
 #11

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

nahtnam
Legendary
*
Offline Offline

Activity: 1050


nahtnam.com


View Profile WWW
December 14, 2013, 02:34:37 AM
 #12

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

Abdussamad
Legendary
*
Offline Offline

Activity: 1526



View Profile WWW
December 14, 2013, 02:44:36 AM
 #13

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. No wait it does. But still hasn't been included in master branch.

nahtnam
Legendary
*
Offline Offline

Activity: 1050


nahtnam.com


View Profile WWW
December 14, 2013, 02:45:22 AM
 #14

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. You can see that here:

https://github.com/zamgo/PHPCoinAddress/blob/master/PHPCoinAddress.php#L240

Oh ok. Thank you.

FuzzyBear
Legendary
*
Offline Offline

Activity: 882



View Profile WWW
November 20, 2014, 03:00:21 AM
 #15

I assume the original dev has abandoned this project with no response to the pull requests from Abdussamad to the security issue found.

I have forked the original project and pulled in the recommended changes and am hosting it here :

http://phpcoinaddress.peercointalk.org/


Github repo: https://github.com/FuzzyBearBTC/PHPCoinAddress
Donate to the development of this project on Peer4commit: http://peer4commit.com/projects/139

any requests please PM me, if the project takes off seriously again I will start an official thread

Fuzzybear

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!