[ANN] PHPCoinAddress - create public/private key pairs for Bitcoin, etc

[zamgo]

PHPCoinAddress is a PHP Object that creates public/private key pairs for Bitcoin and many other cryptocoins.

PHPCoinAddress is intended to be easy to integrate into other PHP projects.

More info: https://github.com/zamgo/PHPCoinAddress

This is a beta release, and the project is still under active development.  Be careful before using this in a production environment.

Example usage:

Code:

require_once 'PHPCoinAddress.php';
$coin = CoinAddress::bitcoin();  
print 'public (base58): ' . $coin['public'] . "\n";
print 'public (Hex)   : ' . $coin['public_hex'] . "\n";
print 'private (WIF)  : ' . $coin['private'] . "\n";
print 'private (Hex)  : ' . $coin['private_hex'] . "\n"; 

All bug reports, fixes, pull requests, comments and criticisms welcome.

[zamgo]

I'm gathering a Prefix list for as many cryptocoin variations as possible to include into PHPCoinAddress.  Please feel free to report errors on this list, or fix missing prefixes, or report OK tests, or to suggest new coins.   For new coins, please include the public and private prefixes in either Decimal or Hex, or just a pointer to a source code repository where the prefixes can be found.   I'll keep this post updated as new versions of PHPCoinAddress are released.

Code:

Version 0.2.0.pre
Key:
Pub Dec = Prefix for Public Key, Decimal
Pub Hex = Prefix for Public Key, Hexadecimal
Pub lead = leading character in Public Key
Priv Dec = Prefix for Private Key, Decimal 
Priv Hex = Prefix for Private Key, Hexadecimal
Priv lead = leading character in Private Key (Wallet Import Format)
PrvC lead = leading character in Private Key (Compressed Wallet Import Format)
test = Test results for importing PHPCoinAddress created keys into standard client
src = source code repository
Note: tests are for uncompressed keys

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
Coin          Dec   Hex   lead  Dec   Hex  lead lead  test  src
============  ====  ====  ==== ====  ====  ==== ====  ====  ====
BITCOIN          0  0x00  1     128  0x80   5   K,L   OK    https://github.com/bitcoin/bitcoin
BBQCOIN         85  0x05  3     213  0xD5   8   K,    -     https://github.com/overware/BBQCoin
BITBAR          25  0x19  B     153  0x99   6   K,    -     https://github.com/aLQ/bitbar
BYTECOIN        18  0x12  8     128  0x80   5   K,    -     https://github.com/bryan-mills/bytecoin
CHNCOIN         28  0x1C  C     156  0x9C   6   K,    -     https://github.com/CHNCoin/CHNCoin
DEVCOIN          0  0x00  1     128  0x80   5   K,L   -     http://sourceforge.net/projects/galacticmilieu/files/DeVCoin/
FAIRBRIX         -     -  -       -     -   -   -     -     https://github.com/coblee/Fairbrix
FEATHERCOIN     14  0x0E  6     142  0x8E   5   K,    -     https://github.com/FeatherCoin/FeatherCoin
FREICOIN         0  0x00  1     128  0x80   5   K,L   -     https://github.com/freicoin/freicoin
IXCOIN           -     -  -       -     -   -   -     -     https://github.com/ixcoin/ixcoin
JUNKCOIN        16  0x10  7     144  0x90   5   K,    OK    https://github.com/js2082/JKC
LITECOIN        48  0x30  L     176  0xB0   6   K,    OK    https://github.com/litecoin-project/litecoin
MINCOIN         50  0x32  M     178  0xB2   6   K,    -     https://github.com/SandyCohen/mincoin
NAMECOIN        52  0x34  M,N   180  0xB4   7   K,    -     https://github.com/namecoin/namecoin
NOVACOIN         8  0x08  4     136  0x88   5   K,    -     https://github.com/CryptoManiac/novacoin
ONECOIN        115  0x73  o     243  0xF3   9   K,    -     https://github.com/cre8r/onecoin
PPCOIN          55  0x37  P     183  0xB7   7   K,    OK    https://github.com/ppcoin/ppcoin
ROYALCOIN        -     -  -       -     -   -   -     -     http://sourceforge.net/projects/royalcoin/
SMALLCHANGE     62  0x3E  S     190  0xBE   7   K,    -     https://github.com/bfroemel/smallchange
TERRACOIN        0  0x00  1     128  0x80   5   K,L   -     https://github.com/terracoin/terracoin
YACOIN          77  0x4D  Y     205  0xCD   7   K,    -     https://github.com/pocopoco/yacoin

              Pub   Pub   Pub  Priv  Priv  Priv PrvC
TESNET Coin   Dec   Hex   lead  Dec   Hex  lead lead  test
============  ====  ====  ==== ====  ====  ==== ====  ==== 
BITCOIN-T      111  0x6F  m,n   239  0xEF   9   -     OK(uncompressed only)
BBQCOIN-T       25  0x19        153  0x99   -   -     -
BITBAR-T       115  0x73        243  0xF3   -   -     -
FAIRBRIX-T       -     -  -       -     -   -   -     -
IXCOIN-T         -     -  -       -     -   -   -     -
NAMECOIN-T       -     -  -       -     -   -   -     -
ROYALCOIN-T      -     -  -       -     -   -   -     -

TESTNET Coins using BITCOIN TESTNET prefixes:
BYTECOIN, CHNCOIN, DEVCOIN, FEATHERCOIN, FREICOIN, JUNKCOIN, LITECOIN
MINCOIN, NOVACOIN, ONECOIN, PPCOIN, TERRACOIN, SMALLCHANGE, YACOIN

[QueenB]

How about the one for Digital Coin/WorldCoin?

DGC: https://github.com/baritus/digitalcoinSource

WDC: https://github.com/worldcoinproject/Worldcoin

[Raoul Duke]

Awesome stuff you have here! You should include some cryptocoin donation addresses on the readme file and on the OP, ya know?

[nahtnam]

Wow this is really great! It would be really useful if someone could port it to Ruby on Rails!

[Abdussamad]

The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:

for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html

[nahtnam]

The private keys generated by this script are not safe. You can see on line 240 of phpcoinaddress.php that mt_rand is used to generate the private key. That function is not safe for cryptographic use:

Code:

for ($i = 0; $i < 32; $i++) { $privBin .= chr(mt_rand(0, $i ? 0xff : 0xfe)); }

Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

http://php.net/mt_Rand

This is the same problem that was found in bitfreak's shopping cart script:

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03064.html

What would be the best way to fix it?

[Abdussamad]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

[nahtnam]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

[Abdussamad]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

[nahtnam]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

[Abdussamad]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. No wait it does. But still hasn't been included in master branch.

[nahtnam]

Looks like this has already been reported:

https://github.com/zamgo/PHPCoinAddress/pull/1

So if I download it now, it would be much safer?

No the use of mt_rand continues which is why I too encountered it. Wait for the developer to respond.

Oh. I thought on the ticket it said that it removed all instances of mt_rand.

That's a pull request by another forum member. He's requesting zamgo to incorporate this change in his script. And BTW that pull request does not address the use of mt_rand that I've reported above. You can see that here:

https://github.com/zamgo/PHPCoinAddress/blob/master/PHPCoinAddress.php#L240

Oh ok. Thank you.

[FuzzyBear]

I assume the original dev has abandoned this project with no response to the pull requests from Abdussamad to the security issue found.

I have forked the original project and pulled in the recommended changes and am hosting it here :

http://phpcoinaddress.peercointalk.org/


Github repo: https://github.com/FuzzyBearBTC/PHPCoinAddress
Donate to the development of this project on Peer4commit: http://peer4commit.com/projects/139

any requests please PM me, if the project takes off seriously again I will start an official thread

Fuzzybear