[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[pointbiz]

UPDATED!

Generate a Bitcoin address and corresponding private key with this all-in-one html page:
https://www.bitaddress.org/

Testnet Edition (for developers) add ?testnet=true to the end of the URL

To run the unit tests add ?unittests=true to the end of the URL
To run the async unit tests add ?asyncunittests=true to the end of the URL
To view the seed pool add ?showseedpool=true to the end of the URL

The bitaddress.org software is now available open source with an MIT License, the GitRepo is here:
https://github.com/pointbiz/bitaddress.org

Send Donations to: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN


NOTICE: DO NOT USE v0.1 to v0.4 they infrequently generate a bad address and/or private key. The issue is fixed in v0.5+
NOTICE: DO NOT USE v2.1 on the Vanity Wallet tab it incorrectly multiplies a public key with a private key and therefore displays an incorrect bitcoin address. The issue is fixed in v2.2+
NOTICE: DO NOT USE v2.9.7 translations file has a JavaScript error.

Tutorial:
Open the page, move your mouse around a bit and you will get a new address/private key combination.

Useful for:
1) The HTML file can be saved to disk and used in combination with an "offline" system to provide super security.
2) Generate an instant paper wallet by just printing the web page.
3) Generate address without having to install anything!

Please share any other uses you can think of....

I have provided a signed version of the hashes of the files:
http://www.bitaddress.org/ninja_bitaddress.org.txt - PGP Public Key
http://www.bitaddress.org/CHANGELOG.txt.asc - Signed Message
Key fingerprint = 527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A

Verifying the release:
1) get public key of author
2) import public key of author
3) get HTML from bitaddress.org
4) sha1 checksum of HTML
5) verify signed message from author
6) confirm sha1 in step 4 & 5 matches
NOTE: If the web page is saved as "web page complete" as opposed to "web page html only" the checksum will not match.

Code:

wget http://www.bitaddress.org/ninja_bitaddress.org.txt
gpg --import ninja_bitaddress.org.txt
wget http://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
sha1sum bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
wget -qO- http://www.bitaddress.org/pgpsignedmsg.txt | gpg -d

Code used from CryptoJS project, Tom Wu's JSBN (refactored), Stephan Thomas bitcoinjs-lib.

BOUNTY------->>>>>
0.1 BTC was transferred to this address generated by the bitaddress.org JavaScript software:
Bitcoin Address:
19ePdrxmtVCdRMZrJzCX3gf6fK6juu9yFa
http://blockexplorer.com/address/19ePdrxmtVCdRMZrJzCX3gf6fK6juu9yFa
Private Key Hex:
3BF44F939A73052E56FC1B946A080E30B46FFD49835FD59ACDAA5ACFB15D11D2
Private Key Base64:
O/RPk5pzBS5W/BuUaggOMLRv/UmDX9Wazapaz7FdEdI=
UPDATE: Bounty was collected.


CHECKSUM HISTORY:
bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html
bitaddress.org-v3.2.3-SHA256-c9a0bb3ed50aa75a5ae9c606d81e3fd41a4ff686ad38ad5379e2402f481e79a4.html
bitaddress.org-v3.2.2-SHA256-f4d047c264a2b71946de319482a9365e56d8d7289dd85a352da3b1448b7647df.html
bitaddress.org-v3.2.1-SHA256-42c3bcb643c451689e5bd1499ed4b516be2da06d2fe3886b0dd15b8fc2525ecd.html
bitaddress.org-v3.2.1-SHA256-ca6a34d4ac6742dc8cebfbe0089e28392b6ee9b33b05eaa68c9e00b00e355f48.html
bitaddress.org-v3.2.0-SHA256-ad4fd171c647772aa76d0ce828731b01ca586596275d43a94008766b758e8736.html
bitaddress.org-v3.1.0-SHA256-c3d4d8da8fc6980435a520dff562b7f831b2f6037ec2d4dd6bf76c5321873303.html
bitaddress.org-v3.0.1-SHA256-24d2d7f047a9aa217bf69f3ef344c972c151b1e3f6a8aa86ceb9a3be62884bc0.html
bitaddress.org-v3.0.0-SHA256-4781574ca09c07f65d1966619f37a762aac6decd8732cacc85b2f2f972f82751.html
bitaddress.org-v2.9.11-SHA256-40376eddc790a63d9afcfb72c0a45002827da965f3bfe6ba8c330e697bf188b2.html
bitaddress.org-v2.9.10-SHA256-445e44cfd04c8f1ea8f732c3ae7277b0166fdb3e2109251c54e4b367983fe04d.html
bitaddress.org-v2.9.9-SHA256-90ddaf250f6302acb53945128e38225208af5a2fa7cfdf51519213e8b144a76d.html
bitaddress.org-v2.9.8-SHA256-2c5d16dbcde600147162172090d940fd9646981b7d751d9bddfc5ef383f89308.html
bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html
bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
bitaddress.org-v2.9.0-SHA1-6e9ae5c64d510b53fa39e36a3017d5342b838984.html
bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
bitaddress.org-v2.8.0-SHA1-87dcf19f02ee9fb9dd3a8c787bcf52eef944aa82.html
bitaddress.org-v2.7.2-SHA1-364542f1ccc5777c79aebb1692a6265cf3e42e7e.html
bitaddress.org-v2.7.1-SHA1-6dfa290d1a133fc444c5580e2a8f1f890d5edf17.html
bitaddress.org-v2.6.6-SHA1-0d68accca48df174b6b4f48544498f333dc6e33a.html
bitaddress.org-v2.6.5-SHA1-fa763c2bbc97e1b37bc6d3945647aed869ec8c18.html
bitaddress.org-v2.6.2-SHA1-4d98755d7e78caa4361228a2b11b0faa0f65e6de.html
bitaddress.org-v2.6.0-SHA1-4f1fea4620287f863473193b8d93a8f3877ba972.html
bitaddress.org-v2.5.1-SHA1-b7bda19c2327cc44a81b68a44926a9f8057ed681.html
bitaddress.org-v2.4-SHA1-1d5951f6a04dd5a287ac925da4e626870ee58d60.html
bitaddress.org-v2.3-SHA1-1d067dc4f3103622ca9de332c3c86fc57d76ec83.html
bitaddress.org-v2.2-SHA1-d414530eea984e9ebdd40dc27af9078cd73dc3b3.html
bitaddress.org-v2.0-SHA1-c0300a88d2de421106560185e4916f4eee6ed9df.html
bitaddress.org-v1.9-SHA1-a487b495d710d6f617d688e5f758e40c8b6c510e.html
bitaddress.org-v1.8-SHA1-97d52a44eeb261e2398e98e1eed2bd56b99c845a.html
bitaddress.org-v1.7-SHA1-46215e8a2f026b784f29ea86c00c866e634a22fa.html
bitaddress.org-v1.6-SHA1-162d1ff4fd1e09222cbaca6c282672ee6c195e1b.html
bitaddress.org-v1.5-SHA1-f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b.html
bitaddress.org-v1.4-SHA1-5c120c0860032e88a8fd81b802d6f53a5fc082bf.html
bitaddress.org-v1.3-SHA1-88d9a17e6d6286d7840043b6df9980e85f44b8c0.html
bitaddress.org-v1.2-SHA1-1770e5e8993cca823a2ad956e2aab5c291151692.html
bitaddress.org-v1.1-SHA1-969273be66ecf93d8bb3525edc1fa0cf3de228d2.html
bitaddress.org-v1.0-SHA1-8fc60a3ca4eb24c85c31b264e95a9298e41032c2.html
bitaddress.org-v0.9-SHA1-aa61ca480288e1bda00f1f042d60a057880a2321.html
bitaddress.org-v0.8-SHA1-47b989b8a33407df14d21dbd00fad653e0161d6c.html
bitaddress.org-v0.7-SHA1-34e344a0d229dc10c8f5c99ed6b6298e6fc5e39f.html
bitaddress.org-v0.6-SHA1-1cea2d8c437d49c550b9ec1cfc5d02ac85e8199e.html
bitaddress.org-v0.5-SHA1-7ea8d0e32c3583d369dc4079443e0d6e215ac216.html

Code signing key:

Code:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.13 (MingW32)

mQENBE5lizQBCADhDeJALMhaXOW6U5Lj1wyNyYwf5bh4kcP4m5pDrQCk3GzduMBh
NKsa21zgejhST74l7PRVNWJc7cLsdpQ7fCGUgbEBaApQ7+J1pSAClEdBCZ6wycgI
gAln86LmsmtsGnr77jPJEeeYI2FH6o5JEEYdc6Kji8Mkj1fNMqa8qrOFydazbvTm
EcuwtWsf+EFM1DwnaS2D0CU8Y4rB7wzaQkS/m+9yXqmhLgFI1B5mYyEhWz/YGcKs
ln93a/rLemHty54UWtpi1bn5F7alB/HnvNt65wHvXKnvi+/Teqft2jk4i0Uqd7QR
uFUBc/wTC9tJXwf83qOMOv8zqU8uJCryp4cjABEBAAG0HG5pbmphIDxuaW5qYUBi
aXRhZGRyZXNzLm9yZz6JAT4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheABQJV9gLjBQkQ9njvAAoJEIdJe5Fjl09a6eMH/j0TIX/fQzvWhVOFNdS3rKeG
7xJ90QvlgzSwXig/lCtf2/wO216bgDwY0yZCIcvsjusneXbjSIqJ1eXIZE06B3yP
6Xmlc6GU8vu5XJvqf27axAGoghy0Y7Wag2FlgPbKJPSapqIj3O4JV/fwKH/Wmua/
J36XVW3+0G3Hx4vB15v1w4WX56ttDXo5vCMcCPn8zh5+MA2+HK1ts/SMvhG9pWuk
TCTPka3hawIQOOawoAty/zQIDma3XHjAUM4oErTLlgux7LwNl+H772GIfvy4ltj3
/LhZBDIe6NB0JArb4NqvICIZ5pDUr4Zp6QccZO6jL3KXomo6c9DPkeXMz1gpx1u0
InBvaW50Yml6IDxwb2ludGJpekBiaXRhZGRyZXNzLm9yZz6JAT4EEwECACgFAlX2
Bc0CGwMFCRD2eO8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIdJe5Fjl09a
2CMH/iUwNXr9NP9brt93+E2YpH1zGqgnOoYVGz72WTUD+v0WP5/LN2qVMec8nqXb
dzwQI6ERQlEkgahynzaxZw44U5AKfpvxI8AFD4mOuB4aAMJxt5k5a9O1AgegJAX6
Ev04mIXGhNisq3oLIVkbhCR8IS43B6mWUYyBcICWec/gkxh/EJh3BuavlmDZBkp8
/5K/oBg6Un80jCWP1h87Fxv8dWClcF8wROaSnoFDKPsbpPNEudgxUkAycbcByy0o
v62d1X5GNFrr432EMZpTO5Up6vCA/B8K7cCS7qYsLbvo5WglYpscoDWozUld5ga1
qeZdjDI8u5qDnGKgI3ZkT5sV/WC5AQ0ETmWLNAEIAN1eqRI6ltxWZhR3EaWIca1/
p3PrV/BqY0CpWufjr/ZWjufN+QSVgICrVF/CjYxxZeo0tZ48m3qzIfr3MYIMW2+Y
Rno1p/uMbf43oqOiQy7o30u8rhLgWc3nmKFyE8I1iRToqcGM2+YxQ80zp8TvjFQW
zvMClFHS+JAa+n7Z5RwerTQPf3j4spo4oZGrxxu8UWT4qxR8BRzs6q4BSkuehzxT
TgYhxSOrKqZLKVQ/kVfUZaCy29WqV9LxnQXLFrqZeHccocp+Hd01xyCybGgynJfg
O2Oz52RXRHDEPv0hjR+b419O7QOiqGI7TQ7fcaIBUByIn84fodOnddak9XYwd1MA
EQEAAYkBHwQYAQIACQIbDAUCVfYGGwAKCRCHSXuRY5dPWsk6B/0XNmalHNn175fJ
DeFTTmZ0BAEj3izjYb4NWExutcF4AcJjqEU+oSaY7QrZoV6YBpeJ8YXVigK9EOf8
4eaQONk/ZT5yjYYn6IrFmL0SL+O2HKOxFNogv2yyLYJJXFvUcSSBZGQrNK2pbhbc
Y/r6XXpgKl/JqazvVGGl3j38t7KzTMDkmhtkL+EzX9GiaXx0tF7ZPI2JfcizotuF
ONiWDc5ferDBJaFPMYb9ElcxC5knnfkM0ti5SH3vUw1qCT6+vKB4PG7W4V1MpoMx
ZHAcHt6uj5cE2IfHO4aPRU1BnqB6lRK2ob0c8/o7d0dWwvciQhH+NrRQThqlGf8E
sjLBqm5u
=9YLe
-----END PGP PUBLIC KEY BLOCK-----

[pointbiz]

Please post if you collect the bounty. Thanks.

[nmat]

Bookmarked it. Thank you very much I claimed the bounty, but I will offer half of it (0.05) here:

Bitcoin Address:
1DcTht9y5VhSCGMe7XmbTZBGHM79oAGVjm
Private Key Hex:
1F386E4824A902731159EC25CB5EEFE3DBD83601CCA6A3C40E7565679D134C7A
Private Key Base64:
HzhuSCSpAnMRWewly17v49vYNgHMpqPEDnVlZ50TTHo=

[pointbiz]

nmat, thanks.

[casascius]

Excellent achievement.  Somebody needed to do this.  It wouldn't run in IE9 btw but runs fine in other browsers.

Instead of base64 you should provide the Wallet Import Format, which is how it is used on Bitbills and the format natively used by the "importprivkey" command of bitcoind (available by sipa's patch, and will likely become part of the release).

Wallet Import Format is: you construct it exactly the same as a bitcoin address in base58, but use the header byte 0x80 at the beginning instead of 0x01.  And of course your payload is 32 bytes instead of 20.  You do the SHA256 checksum exactly the same way.  The resulting string should always start with the character '5'.

Also a suggestion: recommend that the user disconnect themselves from the internet, print their "paper wallet", and close their browser before reconnecting.  That way they can confirm they're airgapped.  You'd need a button to generate a new address instead of having them refresh in this case.

[pointbiz]

Excellent achievement.  Somebody needed to do this.  It wouldn't run in IE9 btw but runs fine in other browsers.

Instead of base64 you should provide the Wallet Import Format, which is how it is used on Bitbills and the format natively used by the "importprivkey" command of bitcoind (available by sipa's patch, and will likely become part of the release).

Wallet Import Format is: you construct it exactly the same as a bitcoin address in base58, but use the header byte 0x80 at the beginning instead of 0x01.  And of course your payload is 32 bytes instead of 20.  You do the SHA256 checksum exactly the same way.  The resulting string should always start with the character '5'.

Also a suggestion: recommend that the user disconnect themselves from the internet, print their "paper wallet", and close their browser before reconnecting.  That way they can confirm they're airgapped.  You'd need a button to generate a new address instead of having them refresh in this case.

Thank you for the algorithm, I was going to dig it from some C# code you posted and port.

Looks like it defaults to quirks mode in IE9, I'll fix that in V0.2 as well as add the WIF.

[Joric]

Bookmarked it. Thank you very much I claimed the bounty, but I will offer half of it (0.05) here:

Bitcoin Address:
1DcTht9y5VhSCGMe7XmbTZBGHM79oAGVjm
Private Key Hex:
1F386E4824A902731159EC25CB5EEFE3DBD83601CCA6A3C40E7565679D134C7A
Private Key Base64:
HzhuSCSpAnMRWewly17v49vYNgHMpqPEDnVlZ50TTHo=

Many thanks! I promise I'll spend them for good and decent causes.

[pointbiz]

V0.2

-Updated the logo
-Added New Address and Print buttons
-Added doctype so IE9 renders in standards mode
-Added Array.prototype.map for IE7/8 compatibility
-Known bug: Bitcoin.Base58.encode is not working properly in IE7

[pointbiz]

V0.3

-Removed Private Key Base64
-Added Private Key Wallet Import Format

[nhodges]

V0.3
http://www.bitaddress.org/bitaddress.org-v0.3-SHA1-bd94e796811d852f9db69e82adea9a9c48daf183.html

-Removed Private Key Base64
-Added Private Key Wallet Import Format

Sweet, it's nearing perfect utilitarian function!

[nibor]

Great!

Just need to add the QR Codes for them all and is perfect!

https://github.com/jeromeetienne/jquery-qrcode#readme

[casascius]

Very nice!

If you make it so you can click a button and see 10 addresses instead of 1 (or however many might fit on a piece of paper), then now you have a working Paper Wallet generator.  Though a paper wallet with 1 address is still just as safe and useful.

Also you might want to have something help produce entropy.  It looks like there is a "sr.seedtime" you can be calling that will take entropy from the timing of events.  If various objects called this onmouseover and onmouseout, the user could be adding entropy just by hovering towards the buttons.  EDIT: I just noticed you added it to the body tag.

Thanks for producing this.  I sent you a 10 BTC donation to your firstbits.

[pointbiz]

nhodges, thanks for the post on the BTCNN:
http://www.btcnn.com/2011/09/bit-address-makes-offline-wallets-easy.html

nibor, thanks for the link. I know the QR code would be useful for the public key. Is it also useful to have it for the private key?
I'll dig into that jQuery QR plugin code. I'm trying to avoid having to use jQuery (because it has XMLHttpRequest in it) and it's a lot of extra JavaScript for people to review.

[casascius]

nhodges, thanks for the post on the BTCNN:
http://www.btcnn.com/2011/09/bit-address-makes-offline-wallets-easy.html

nibor, thanks for the link. I know the QR code would be useful for the public key. Is it also useful to have it for the private key?
I'll dig into that jQuery QR plugin code. I'm trying to avoid having to use jQuery (because it has XMLHttpRequest in it) and it's a lot of extra JavaScript for people to review.

You probably could formulate a QR code in javascript.  There's a lightweight C library out there that's very simple, and given a string, returns an array of integers - one per pixel - to say what needs to be white and black.  This could be converted to javascript.  I would strongly favor avoiding jQuery, or any included or linked files whatsoever for that matter.  Ideally one should be able to just save the single .html file to disk and generate fresh bitcoin addresses with it.

That said, even if you do this, if the QR code turns out to be bulky you ought to offer both versions, so the person who wants to review the code but who isn't interested in QR codes has less to review.

[pointbiz]

Very nice!

If you make it so you can click a button and see 10 addresses instead of 1 (or however many might fit on a piece of paper), then now you have a working Paper Wallet generator.  Though a paper wallet with 1 address is still just as safe and useful.

Also you might want to have something help produce entropy.  It looks like there is a "sr.seedtime" you can be calling that will take entropy from the timing of events.  If various objects called this onmouseover and onmouseout, the user could be adding entropy just by hovering towards the buttons.  EDIT: I just noticed you added it to the body tag.

Thanks for producing this.  I sent you a 10 BTC donation to your firstbits.

Thanks SO much for the donation Adds a lot of excitement to the fun for me!

I noticed there is some extra space left to fill for an 8.5x11 inch print out. I'm thinking about your two suggestions... the instructions and/or more than 1 address generated.

[casascius]

Thanks SO much for the donation Adds a lot of excitement to the fun for me!

I noticed there is some extra space left to fill for an 8.5x11 inch print out. I'm thinking about your two suggestions... the instructions and/or more than 1 address generated.

You're welcome.  You are doing good work.

If you tag the instructions with a CSS style marked with "@media screen" and "@media print" (see http://www.w3.org/TR/CSS2/media.html), you can control what appears on screen versus what's printed.  So that way the printout can omit the instructions, fit within a single page, giving just the addresses and (ideally) a space for the user to write notes next to each address to record what he used it for.

[pointbiz]

You probably could formulate a QR code in javascript.  There's a lightweight C library out there that's very simple, and given a string, returns an array of integers - one per pixel - to say what needs to be white and black.  This could be converted to javascript.  I would strongly favor avoiding jQuery, or any included or linked files whatsoever for that matter.  Ideally one should be able to just save the single .html file to disk and generate fresh bitcoin addresses with it.

That said, even if you do this, if the QR code turns out to be bulky you ought to offer both versions, so the person who wants to review the code but who isn't interested in QR codes has less to review.

The intention of the site is to always provide a single .html file. So there will never be externally included/linked files. I also will not include any minified JavaScript. jQuery could be embedded like the other JavaScript but it would be a huge bulk, so I'll be investigating doing the QR code without the jQuery dependency.

Good idea regarding the media types.

Cheers.

[casascius]

I also will not include any minified JavaScript.

excellent policy, the thorough commenting makes the code much easier to review.

[Elwar]

I like it if it is what I think it is...

how would one go about using this?

[Stephen Gornick]

Is it still possible that there could be a keylogger performing screenshots even when not even connected to the Internet (but will upload the screenshots once the connection is re-established?)

To use this even more securely would it not make sense to boot to a LiveOS (e.g., LinuxCoin, or Ubuntu even) that is not connected to the internet even and then load the page from the usb flash drive, for instance?
 - http://en.bitcoin.it/wiki/LinuxCoin

And secondly, just to make sure I'm current on this -- there is no way for these to be redeemed without first downloading a patch for bitcoind that will allow importing of the key?