Bitcoin Forum
March 19, 2024, 04:13:16 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Deterministic Paper Wallet Generator & Bitcoin Utility for Windows (SOURCE)  (Read 11469 times)
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 04, 2011, 05:59:16 AM
 #21

whoa, downloaded your binary.  very cool.  you're right; now i'm worried its gonna run some kinda wallet stealer Wink

what do i do at this point?  just send some coin to one of my generated pub keys and save the private key?

Try it with a trivial amount to see if you can get the coins back into your wallet using the patched bitcoind.  Lobby MtGox, TradeHill, etc. and the developers to allow redemptions of private keys right in their websites/program, so it doesn't have to be so difficult for the average user.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
1710821596
Hero Member
*
Offline Offline

Posts: 1710821596

View Profile Personal Message (Offline)

Ignore
1710821596
Reply with quote  #2

1710821596
Report to moderator
1710821596
Hero Member
*
Offline Offline

Posts: 1710821596

View Profile Personal Message (Offline)

Ignore
1710821596
Reply with quote  #2

1710821596
Report to moderator
1710821596
Hero Member
*
Offline Offline

Posts: 1710821596

View Profile Personal Message (Offline)

Ignore
1710821596
Reply with quote  #2

1710821596
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710821596
Hero Member
*
Offline Offline

Posts: 1710821596

View Profile Personal Message (Offline)

Ignore
1710821596
Reply with quote  #2

1710821596
Report to moderator
1710821596
Hero Member
*
Offline Offline

Posts: 1710821596

View Profile Personal Message (Offline)

Ignore
1710821596
Reply with quote  #2

1710821596
Report to moderator
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 04, 2011, 06:10:48 AM
 #22

what exacly do the arrows do

The arrows convert one thing to the next.  For example, you can freely convert between hex private keys and WIF private keys.  But you can only go from private key to public key (not vice versa) which is why there is only one arrow.

i type some stuff into the 1st fied and push an arrow and it gives a .net error i guess you call it.

I fixed that and updated github.  (my binary will still crash if you enter an invalid WIF, I will update it when there are more significant changes to make)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 04, 2011, 12:52:53 PM
 #23

whoa, downloaded your binary.  very cool.  you're right; now i'm worried its gonna run some kinda wallet stealer Wink

what do i do at this point?  just send some coin to one of my generated pub keys and save the private key?

Try it with a trivial amount to see if you can get the coins back into your wallet using the patched bitcoind.  Lobby MtGox, TradeHill, etc. and the developers to allow redemptions of private keys right in their websites/program, so it doesn't have to be so difficult for the average user.
Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 04, 2011, 06:45:41 PM
 #24

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
August 05, 2011, 06:55:22 PM
 #25

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
August 05, 2011, 07:06:25 PM
 #26

I haven't read the source yet, but can we get some form of license for this, in case people want to fork and/or transcribe it into to other languages?

It would be cool if it were a license that is compatible with the official client so it can be added as a patch, or added to SafeBit or bitcoin-alt and so on.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 05, 2011, 10:10:49 PM
 #27

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
August 05, 2011, 10:14:49 PM
 #28

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

so the blockchain accepts any pub key presented to it that has the correctly signed bitcoin format?
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 05, 2011, 10:18:42 PM
 #29

Cass:  for max security i assume you'd want to only generate keys on a virgin computer thats never been connected to the internet?  how can i be assured that when i want to spend the coins from a certain key pair that the client will accept the private key?  also the pub key i assume has virtually no chance of colliding with another pub key?  how does the blockchain know of the pub key?   by sending coins to it?

i think the public key is a hash of the private key or something, so you can not realistically make a public key you want. the block chain does not need to know the public/private key. the key gets into the chain when coins get sent to it.

so the blockchain accepts any pub key presented to it that has the correctly signed bitcoin format?

you can send coins to a non existent public key if you want. but then nobody will be able to redeem them. collisions can happen, but it is extremely unlikely. and since its a hash, you can not go in reverse.

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 05, 2011, 10:46:05 PM
 #30

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

What can be simpler?
My guide clearly states what to do: "run './pywallet.py --web' then open 'http://localhost:8989' in your brower"
Then, wallet directory, wallet filename, version and format are autofilled, average joe just has to fill the key and clicks the button

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.
Absolutely, but in that case the key must be deleted from the wallet to avoid sending funds to it again

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.
Even with https, the browser history still contains the key. Maybe I wasn't clear though, I don't talk about navigation history, but form history
Moreover, average joe doesn't know and doesn't care what is https

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 05, 2011, 11:22:17 PM
 #31

Sending private keys via browsers? They are the most critical part of bitcoin it's just crazy
MITM attack, browser history, sniffers if not https, etc........

Just use pywallet, it's infinitely safer and its web interface makes it really simple to import a key

Pywallet is not simple for the average joe, as you know.  Arguably, the entire Bitcoin client is hardly simple for the average joe.  Paper wallets and the ability to redeem them on websites - AT THE TIME OF SPENDING - puts secure Bitcoins in the hands of average Joes and eliminates virtually all of the risk associated with hacking and online wallets.

What can be simpler?
My guide clearly states what to do: "run './pywallet.py --web' then open 'http://localhost:8989' in your brower"
Then, wallet directory, wallet filename, version and format are autofilled, average joe just has to fill the key and clicks the button

A private key is not much different from a Mt.Gox Redeemable Code, it's just that it holds real bitcoins that no one can steal.  The holder of the private key is the holder of the coins, not Mt.Gox or anybody else.

When a private key is entered via browser into a website, it becomes instantly used and invalidated.  The correct action for a website that accepts a private key as a deposit method would be to simply send the entire balance to a different address under its control (possibly using a completely separate instance of bitcoind just for this purpose), and wait for confirmations just like any other external inbound transaction.  So even if a private key could be found in "browser history", it wouldn't matter much.  It would have no money on it.
Absolutely, but in that case the key must be deleted from the wallet to avoid sending funds to it again

MITM attack, browser history, sniffers are all moot for websites that properly implement https.  I am unaware of anybody with plans (or the lack of common sense) to implement a web-based private key redemption utility without offering https.
Even with https, the browser history still contains the key. Maybe I wasn't clear though, I don't talk about navigation history, but form history
Moreover, average joe doesn't know and doesn't care what is https

How mature is pywallet? how likely is it that it just looses coins. or should you only import the keys for immediate spending.

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 05, 2011, 11:39:24 PM
 #32

How mature is pywallet? how likely is it that it just looses coins. or should you only import the keys for immediate spending.
It was created about one month ago
It never broke any wallet afaik, but backups are of course recommended

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 05, 2011, 11:57:58 PM
 #33

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 06, 2011, 12:48:03 AM
 #34

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think
Pywallet needs the twisted python package to work: http://twistedmatrix.com/trac/
Also you don't need to use the datadir flag, everything will be asked in the web interface

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 06, 2011, 01:06:57 AM
 #35

i cant get the pywallet to run

Code:
@echo off
pywallet.py --datadir="C:\Users\****\Desktop\pywallet\wallet" --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
ImportError: No module named twisted.internet
Press any key to continue . . .

also i am using 2.7.2 i think
Pywallet needs the twisted python package to work: http://twistedmatrix.com/trac/
Also you don't need to use the datadir flag, everything will be asked in the web interface

should probably slap that in the wiki or readme or somthing.

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 06, 2011, 01:12:42 AM
 #36

should probably slap that in the wiki or readme or somthing.
I wrote it in the pywallet thread but you're right I'm adding that right now

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 06, 2011, 01:20:17 AM
Last edit: August 06, 2011, 01:34:17 AM by ctoon6
 #37

some more issues, im running windows 7 x64 if that matters

Code:
@echo off
pywallet.py --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
  File "C:\Python27\lib\site-packages\twisted\internet\reactor.py", line 37, in
<module>
    from twisted.internet import selectreactor
  File "C:\Python27\lib\site-packages\twisted\internet\selectreactor.py", line 1
7, in <module>
    from zope.interface import implements
ImportError: No module named zope.interface
Press any key to continue . . .

i had a derp, on the page is says required, how do i put it in.

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 06, 2011, 01:39:44 AM
 #38

some more issues, im running windows 7 x64 if that matters

Code:
@echo off
pywallet.py --web
pause

Code:
Traceback (most recent call last):
  File "C:\Users\****\Desktop\pywallet\pywallet.py", line 22, in <module>
    from twisted.internet import reactor
  File "C:\Python27\lib\site-packages\twisted\internet\reactor.py", line 37, in
<module>
    from twisted.internet import selectreactor
  File "C:\Python27\lib\site-packages\twisted\internet\selectreactor.py", line 1
7, in <module>
    from zope.interface import implements
ImportError: No module named zope.interface
Press any key to continue . . .

i had a derp, on the page is says required, how do i put it in.
Well I don't know actually...
The download page shows "Zope.Interface (required)" just under the Twisted package itself, did you install it?
If that works it's unbelievable it isn't automatically included in the Twisted package...

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251



View Profile
August 06, 2011, 01:52:03 AM
 #39

i got it working, since i was running 64 bit i had to go through like 2 work arounds.

if you run x64
use the 2.7 msi package here http://twistedmatrix.com/trac/wiki/Downloads

then go here and grab ez_setup.py

run that shit and go to C:\Python27\Scripts, if you have easy_install.exe your good to go for the next step

download zone.interface here http://twistedmatrix.com/trac/wiki/Downloads#Windows

now run easy_install.exe zope.interface-3.6.4-py2.7-win-amd64.egg you need proper paths too of course

if your pywallet.py dont work then, idk what to say

jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1233


May Bitcoin be touched by his Noodly Appendage


View Profile
August 06, 2011, 02:12:07 AM
 #40

What a pain... I'm glad it finally works
I'll add these instructions for other Win7 users, thanks!

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!