Bitcoin Forum
April 19, 2014, 12:33:32 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 [All]
  Print  
Author Topic: Deterministic Paper Wallet Generator & Bitcoin Utility for Windows (SOURCE)  (Read 5594 times)
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 03, 2011, 10:55:05 PM
 #1

I have previously published a Casascius Bitcoin Utility... I have added a feature where you can generate your own paper wallets from a passphrase.  This is for Windows, GUI application, written in C#.

With all the crap going on with bitcoin banks, the ability for the average joe to safely obtain and use paper wallets and private keys on paper needs to become more advanced.  That includes the need to not trust anybody - including me as a provider of pre-printed ones.

https://github.com/casascius/Bitcoin-Address-Utility

Example Output:

Code:
Paper Bitcoin Wallet.  Keep private, do not lose, do not allow anyone to make a copy.
Anyone with the passphrase or private keys can steal your funds.

Passphrase was:
Sample passphrase that should not be used for any real Bitcoin money transactions.
Freely give out the Bitcoin address.  The private key after each address is the key needed to
unlock funds sent to the Bitcoin address.

Bitcoin Address #1: 1FiTppJDMta99NvhUEvHpyurCxezf18YMM
Private Key: 5JwH8jmznh4RbyMBYXMwzPL45pnr8FW9TtwunSKfTz1ibyao8Ym

Bitcoin Address #2: 1PECkacG9UQJTY1cg3ytCesWUpNn4ZjcHf
Private Key: 5JGH6VorHZ8T4xYfHfb2SigHW8nnypB71FyP24S2G7aa3WTtVmU

<snip>
Bitcoin Address #9: 13nraMSmZr3ZtYAnMw7HC1HRmvrvTeEc69
Private Key: 5JFThsWbCWuMzjfXR4z11BWBoYH4FBbZSYPeeFj8kgUZ9MeuYKA

Bitcoin Address #10: 14SSLvUepeGs3ozzBWRaQPxVvAa2FXqH7q
Private Key: 5Jk4Ck9oR1KjDDf7hmtnw9k3c3capBmM4Go9iA8Cnm8tELhjUp4


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1397910812
Hero Member
*
Offline Offline

Posts: 1397910812

View Profile Personal Message (Offline)

Ignore
1397910812
Reply with quote  #2

1397910812
Report to moderator
1397910812
Hero Member
*
Offline Offline

Posts: 1397910812

View Profile Personal Message (Offline)

Ignore
1397910812
Reply with quote  #2

1397910812
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397910812
Hero Member
*
Offline Offline

Posts: 1397910812

View Profile Personal Message (Offline)

Ignore
1397910812
Reply with quote  #2

1397910812
Report to moderator
1397910812
Hero Member
*
Offline Offline

Posts: 1397910812

View Profile Personal Message (Offline)

Ignore
1397910812
Reply with quote  #2

1397910812
Report to moderator
ffuentes
Member
**
Offline Offline

Activity: 70


Only a curious passer-by / FirstBits: 13zsc1


View Profile WWW

Ignore
August 03, 2011, 10:58:19 PM
 #2

Quote
We couldn't find a README for this repository, we strongly recommend adding one.

cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
August 03, 2011, 11:02:04 PM
 #3

the avg joe doesn't know how to download this from github let alone generate a keypair despite how easy you think this program is.
jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 03, 2011, 11:07:42 PM
 #4

See this for why it's not a good idea: https://bitcointalk.org/index.php?topic=33683.0
If you use that, use a HUGE passphrase

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 03, 2011, 11:17:55 PM
 #5

See this for why it's not a good idea: https://bitcointalk.org/index.php?topic=33683.0
If you use that, use a HUGE passphrase

It auto generates a huge passphrase by default. 80 characters.

The passphrase idea is such that I could sell a cheap arduino based gadget or similar that does the same thing, and this utility could be used as a reference implementation to confirm that the gadget produced key pairs according to the published algorithm.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
August 04, 2011, 12:20:04 AM
 #6

Scam!!!!!

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 02:32:24 AM
 #7

Update:  This can be compiled without needing any development tools installed.  All you need is the .NET Framework, which is almost certainly already on your machine if you run any recent version of Windows.

When you install the .NET Framework, there should be a compiler at C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe  (Framework instead of Framework64 if you're using 32-bit Windows)

Here is the command line to compile from source.  Put all the .cs files from github in the same directory, along with BouncyCastle.crypto.dll.  Run this from the command line.  It will create bitcoinutility.exe.

C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe /out:bitcoinutility.exe Bitcoin.cs Form1.cs Form1.designer.cs Program.cs Walletgen.cs Walletgen.Designer.cs /R:BouncyCastle.Crypto.dll


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
nhodges
Sr. Member
****
Offline Offline

Activity: 308

Firstbits: 1nurih


View Profile WWW

Ignore
August 04, 2011, 02:40:48 AM
 #8

Scam!!!!!

Please point out what line in the source code causes you to truly believe this statement.

ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 04, 2011, 03:03:14 AM
 #9

THANK YOU!!!!!!!!

i am just so happy i almost have tears  Cry

bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
August 04, 2011, 03:06:05 AM
 #10

Scam!!!!!

Please point out what line in the source code causes you to truly believe this statement.

Your kidding right?

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 04, 2011, 03:10:21 AM
 #11

Scam!!!!!

Please point out what line in the source code causes you to truly believe this statement.

Your kidding right?

its obviously satire of the current events with UABB and mybitcoin.

edit: also could you provide bins as well, most people will never go through the trouble to compile this.

ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 04, 2011, 03:20:06 AM
 #12

some problems

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\form>cd..

C:\Users>cd..

C:\>cd keys

C:\keys>C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe /out:bitcoinutility.ex
e Bitcoin.cs Form1.cs Form1.designer.cs Program.cs Walletgen.cs Walletgen.Design
er.cs /R:BouncyCastle.Crypto.dll
Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.5420
for Microsoft (R) .NET Framework version 3.5
Copyright (C) Microsoft Corporation. All rights reserved.

Bitcoin.cs(81,17): warning CS0162: Unreachable code detected
Bitcoin.cs(90,21): warning CS0162: Unreachable code detected
Bitcoin.cs(109,17): warning CS0162: Unreachable code detected
Bitcoin.cs(120,17): warning CS0162: Unreachable code detected
Bitcoin.cs(129,21): warning CS0162: Unreachable code detected

C:\keys>

when i run the program it seems to work okay until i push generate wallet

casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 03:30:08 AM
 #13

some problems

...
when i run the program it seems to work okay until i push generate wallet

It's throwing a fit over not having a resource file compiled in.  I am looking up what else needs to be on the command line for that to happen.

EDIT: I have pushed a new commit to remove the dependency on the resource file.  The resource file only had one text string I just moved into the code instead.  The csc.exe compiler may not be able to handle resource files without installing other tools.  Update source and try again.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
August 04, 2011, 04:09:26 AM
 #14

some problems

...
when i run the program it seems to work okay until i push generate wallet

It's throwing a fit over not having a resource file compiled in.  I am looking up what else needs to be on the command line for that to happen.

EDIT: I have pushed a new commit to remove the dependency on the resource file.  The resource file only had one text string I just moved into the code instead.  The csc.exe compiler may not be able to handle resource files without installing other tools.  Update source and try again.

casascius:  don't take me wrong.  i've read your previous threads and puzzles and i think you're an awesome coder who's doing great things for the community. its just that non tech GUI users like me can't utilize complicated command line scripts like you're writing.  its really too bad b/c i love the outcomes of what you're doing.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 04, 2011, 04:15:15 AM
 #15

Code:
C:\keys>C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe /out:bitcoinutility.ex
e Bitcoin.cs Form1.cs Form1.designer.cs Program.cs Walletgen.cs Walletgen.Design
er.cs /R:BouncyCastle.Crypto.dll
Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.5420
for Microsoft (R) .NET Framework version 3.5
Copyright (C) Microsoft Corporation. All rights reserved.

Bitcoin.cs(81,17): warning CS0162: Unreachable code detected
Bitcoin.cs(90,21): warning CS0162: Unreachable code detected
Bitcoin.cs(109,17): warning CS0162: Unreachable code detected
Bitcoin.cs(120,17): warning CS0162: Unreachable code detected
Bitcoin.cs(129,21): warning CS0162: Unreachable code detected

C:\keys>

i think its working

i push generate wallet and it seems to work.

casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 04:32:03 AM
 #16

casascius:  don't take me wrong.  i've read your previous threads and puzzles and i think you're an awesome coder who's doing great things for the community. its just that non tech GUI users like me can't utilize complicated command line scripts like you're writing.  its really too bad b/c i love the outcomes of what you're doing.

I could compile it and give binaries but then I run the risk of people saying don't trust it because they can't verify it.  And for good reason.  They would point out that if I were a scammer I could just put a trojan in the binaries and rip you guys off, and with all the ripoffs lately, how can you blame them?  I suppose one thing that sets me apart is I give out my real name and address, but the doubters will be the first to chime in that it could be "fake".

As you recognize, there's a gap between secure, convenient, and cheap.  If you trust me, I sell paper bitcoin wallets in the mail.  That's convenient and cheap, and only insecure to the extent that you're trusting me to not rip you off, otherwise they bulletproof.

If I were to write this program to run on a gadget I could sell you that printed your addresses on a roll of paper, then it'd be secure and convenient, but not cheap.

And of course, compiling these programs is secure and cheap (free), but not convenient.

The closer these three points of the triangle come together, the sooner Bitcoin will take off into the stratosphere.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 04, 2011, 04:39:41 AM
 #17

build in some sort of way to generate an actual wallet.dat file. it would probably be easier than trying to edit in an existing wallet.dat. and would probably be safer. also what does WIF mean and what exacly do the arrows do, i type some stuff into the 1st fied and push an arrow and it gives a .net error i guess you call it. otherwise people would just use vanitygen, it makes thousands of addresses a second.

casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 04:40:30 AM
 #18

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have uploaded a binary I compiled myself to:

http://166.70.147.8/btc/btcaddress.zip

The sha256 hash of the zip file is:
cc515992ca7bcc0a1c42e1527ebdf496ba26338805fe237e7371eaed2c20cf44
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJOOiKeAAoJEFou6PHxF1oje6MIALTPd0R0PopSO7DU7YU7MO1z
bQYEo2B9rsA8Qd3oL4UZ0mcSKOGcb7nyqgd6w7xHO6VcB2cBWT3L3QQRqjJP8p+p
4hwsvRxnvFAm1mlp0ecCc1YMxg0VDIZjCbeB97gGGAe0hh+YU79c2v62u2bIkw0O
nV1cZYJATiohLJXMZCegn1D5bMUYz6EsKGsLDFPNKw5TyMHBYw/lthRGsNKEKKuJ
1P2o7K+mOE7ZbE7+OFip8wazxGaTq4+TW3DxAfRxRXl/9kRnTeaKaMoqElVp5aCk
J8ksq1yYQIwa/+EaO30GxDwp19ZHY8Uz+jBJocPV/hY1itIYVVbXKn6et1QGeck=
=trrV
-----END PGP SIGNATURE-----

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 04:43:01 AM
 #19

build in some sort of way to generate an actual wallet.dat file. it would probably be easier than trying to edit in an existing wallet.dat. and would probably be safer. also what does WIF mean and what exacly do the arrows do, i type some stuff into the 1st fied and push an arrow and it gives a .net error i guess you call it. otherwise people would just use vanitygen, it makes thousands of addresses a second.

Yeah I just don't know how to do that.  Not familiar with working with the Berkeley DB.  And I have heard there's multiple versions of this file format - not sure how much that matters.  I have been using a patched bitcoind I downloaded from BitBills.com to re-import private keys.

WIF = Wallet Import Format = the private key made into a 51-character base58 string that starts with a 5 and contains a checksum to guard against typos.  The format required by the utility from BitBills.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
August 04, 2011, 05:55:07 AM
 #20

whoa, downloaded your binary.  very cool.  you're right; now i'm worried its gonna run some kinda wallet stealer Wink

what do i do at this point?  just send some coin to one of my generated pub keys and save the private key?
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 05:59:16 AM
 #21

whoa, downloaded your binary.  very cool.  you're right; now i'm worried its gonna run some kinda wallet stealer Wink

what do i do at this point?  just send some coin to one of my generated pub keys and save the private key?

Try it with a trivial amount to see if you can get the coins back into your wallet using the patched bitcoind.  Lobby MtGox, TradeHill, etc. and the developers to allow redemptions of private keys right in their websites/program, so it doesn't have to be so difficult for the average user.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 06:10:48 AM
 #22

what exacly do the arrows do

The arrows convert one thing to the next.  For example, you can freely convert between hex private keys and WIF private keys.  But you can only go from private key to public key (not vice versa) which is why there is only one arrow.

i type some stuff into the 1st fied and push an arrow and it gives a .net error i guess you call it.

I fixed that and updated github.  (my binary will still crash if you enter an invalid WIF, I will update it when there are more significant changes to make)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 04, 2011, 12:52:53 PM
 #23

whoa, downloaded your binary.  very cool.  you're right; now i'm worried its gonna run some kinda wallet stealer Wink

what do i do at this point?  just send some coin to one of my generated pub keys and save the private key?

Try it with a trivial amount to see if you can get the coins back into your wallet using the patched bitcoind.  Lobby MtGox, TradeHill, etc. and the developers to allow redemptions of private keys right in their websites/program, so it doesn't have to be so difficult for the average user.
Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
August 04, 2011, 06:45:41 PM
 #24

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
August 05, 2011, 06:55:22 PM
 #25

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW

Ignore
August 05, 2011, 07:06:25 PM
 #26

I haven't read the source yet, but can we get some form of license for this, in case people want to fork and/or transcribe it into to other languages?

It would be cool if it were a license that is compatible with the official client so it can be added as a patch, or added to SafeBit or bitcoin-alt and so on.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 05, 2011, 10:10:49 PM
 #27

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
August 05, 2011, 10:14:49 PM
 #28

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

so the blockchain accepts any pub key presented to it that has the correctly signed bitcoin format?
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 05, 2011, 10:18:42 PM
 #29

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

so the blockchain accepts any pub key presented to it that has the correctly signed bitcoin format?

you can send coins to a non existent public key if you want. but then nobody will be able to redeem them. collisions can happen, but it is extremely unlikely. and since its a hash, you can not go in reverse.

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 05, 2011, 10:46:05 PM
 #30

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

What can be simpler?
My guide clearly states what to do: "run './pywallet.py --web' then open 'http://localhost:8989' in your brower"
Then, wallet directory, wallet filename, version and format are autofilled, average joe just has to fill the key and clicks the button

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.
Absolutely, but in that case the key must be deleted from the wallet to avoid sending funds to it again

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.
Even with https, the browser history still contains the key. Maybe I wasn't clear though, I don't talk about navigation history, but form history
Moreover, average joe doesn't know and doesn't care what is https

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 05, 2011, 11:22:17 PM
 #31

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

What can be simpler?
My guide clearly states what to do: "run './pywallet.py --web' then open 'http://localhost:8989' in your brower"
Then, wallet directory, wallet filename, version and format are autofilled, average joe just has to fill the key and clicks the button

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.
Absolutely, but in that case the key must be deleted from the wallet to avoid sending funds to it again

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.
Even with https, the browser history still contains the key. Maybe I wasn't clear though, I don't talk about navigation history, but form history
Moreover, average joe doesn't know and doesn't care what is https

How mature is pywallet? how likely is it that it just looses coins. or should you only import the keys for immediate spending.

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 05, 2011, 11:39:24 PM
 #32

How mature is pywallet? how likely is it that it just looses coins. or should you only import the keys for immediate spending.
It was created about one month ago
It never broke any wallet afaik, but backups are of course recommended

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 05, 2011, 11:57:58 PM
 #33

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 06, 2011, 12:48:03 AM
 #34

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think
Pywallet needs the twisted python package to work: http://twistedmatrix.com/trac/
Also you don't need to use the datadir flag, everything will be asked in the web interface

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 06, 2011, 01:06:57 AM
 #35

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think
Pywallet needs the twisted python package to work: http://twistedmatrix.com/trac/
Also you don't need to use the datadir flag, everything will be asked in the web interface

should probably slap that in the wiki or readme or somthing.

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 06, 2011, 01:12:42 AM
 #36

should probably slap that in the wiki or readme or somthing.
I wrote it in the pywallet thread but you're right I'm adding that right now

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 06, 2011, 01:20:17 AM
 #37

some more issues, im running windows 7 x64 if that matters

Code:
@echo off
pywallet.py --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
  File "C:\Python27\lib\site-packages\twisted\internet\reactor.py", line 37, in
<module>
    from twisted.internet import selectreactor
  File "C:\Python27\lib\site-packages\twisted\internet\selectreactor.py", line 1
7, in <module>
    from zope.interface import implements
ImportError: No module named zope.interface
Press any key to continue . . .

i had a derp, on the page is says required, how do i put it in.

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 06, 2011, 01:39:44 AM
 #38

some more issues, im running windows 7 x64 if that matters

Code:
@echo off
pywallet.py --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
  File "C:\Python27\lib\site-packages\twisted\internet\reactor.py", line 37, in
<module>
    from twisted.internet import selectreactor
  File "C:\Python27\lib\site-packages\twisted\internet\selectreactor.py", line 1
7, in <module>
    from zope.interface import implements
ImportError: No module named zope.interface
Press any key to continue . . .

i had a derp, on the page is says required, how do i put it in.
Well I don't know actually...
The download page shows "Zope.Interface (required)" just under the Twisted package itself, did you install it?
If that works it's unbelievable it isn't automatically included in the Twisted package...

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 06, 2011, 01:52:03 AM
 #39

i got it working, since i was running 64 bit i had to go through like 2 work arounds.

if you run x64
use the 2.7 msi package here http://twistedmatrix.com/trac/wiki/Downloads

then go here and grab ez_setup.py

run that shit and go to C:\Python27\Scripts, if you have easy_install.exe your good to go for the next step

download zone.interface here http://twistedmatrix.com/trac/wiki/Downloads#Windows

now run easy_install.exe zope.interface-3.6.4-py2.7-win-amd64.egg you need proper paths too of course

if your pywallet.py dont work then, idk what to say

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 06, 2011, 02:12:07 AM
 #40

What a pain... I'm glad it finally works
I'll add these instructions for other Win7 users, thanks!

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
August 06, 2011, 02:15:53 AM
 #41

What a pain... I'm glad it finally works
I'll add these instructions for other Win7 users, thanks!

would it be legal to package it all up into an archive and set up all the scripts?

jackjack
Hero Member
*****
Offline Offline

Activity: 504


May Bitcoin be touched by his Noodly Appendage


View Profile

Ignore
August 08, 2011, 12:03:13 AM
 #42

What a pain... I'm glad it finally works
I'll add these instructions for other Win7 users, thanks!

would it be legal to package it all up into an archive and set up all the scripts?
I think so, good idea

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
TeaRex
Member
**
Offline Offline

Activity: 78


View Profile

Ignore
August 08, 2011, 01:33:56 AM
 #43

Or you could just send people here, less of a hassle than dealing with python eggs and stuff:

http://www.lfd.uci.edu/~gohlke/pythonlibs/

*Image Removed*
I'm not asking for donations, but if you think YOUR post is deserving a donation FROM me, send me a message.
osmosis
Sr. Member
****
Offline Offline

Activity: 309


The ultimate liberation is a choiceless awareness.


View Profile

Ignore
October 14, 2011, 07:18:07 AM
 #44


A Mini Private Key Generator included with Bitcoin Wallet could be really useful. Then as long as I have my android phone on me, I could pay anyone in bitcoins even if they dont have a phone to receive them with. I could just use the app to generate a code, and write it down for them on a piece of paper. Upon generation of the code, Bitcoin Wallet would deposit the coins specified into that address.  Bitcoin Wallet could keep track of the address so I can see when the coins are actually withdrawn from the address.  A companion website to teach people how to claim their bitcoins using the code would be helpful too to write down for them next to their code.
Pages: 1 2 3 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!