I made my own code to Create your own Bitcoin address (Python)

[Phobos_Quake]

WARNING: Use under your own risk, also, check the progress of this thread. Corrected code on the following posts.

So, i haven't found many places online that provides you a way to create your own address.
We have https://www.bitaddress.org (They also have an offline use method) But it doesn't create a bech32 address (Which provides cheaper fees) and i'm not sure they allow you to generate a seed-phrase.

One of the reason as to why i wanted full control on my Bitcoin keys creation is because is hard to verify that non-custodial wallets really don't know your private keys. You would need to use a packet sniffer like Wireshark at the moment that you use your seed phrase to access your wallet to see what packets are sent to the wallet provider, and even then, it's hard to know what information is shared to them.
Of course, you might have to interact with a wallet software the moment you want to withdraw your coins, but creating your own valid address can be useful as paper wallet till then.

Another problem i wanted to address is "Entropy". One of the reasons they warn you to not create your own address is because your entropy method might be weak and could be hacked.

Now, i'm no expert at Bitcoin nor Python, so one of the purposes of sharing my code is also to hear feedback on vulnerabilities or inefficiencies it might have.
To execute this code i used Spyder with anaconda interpreter (Downloaded needed libraries through anaconda)

1) Create your own entropy

import hashlib
import os

def generate_entropy_from_input(user_input):
    salt = os.urandom(16)  # Generate a random salt
    encoded_input = user_input.encode('utf-8')
    sha512_hash = hashlib.sha512(salt + encoded_input).digest()  # Use a stronger hashing algorithm
    entropy = sha512_hash[:16]  # Adjust the length of entropy as per your requirements
    return entropy.hex()

user_variable = "test" #Choose your input here for entropy #IMPORTANT: erase your input after running the program
entropy_code = generate_entropy_from_input(user_variable)
print("Entropy Code:", entropy_code)

On the line "user_variable = "test" #Choose your input here for entropy #IMPORTANT: erase your input after running the program"
We can erase test and input whatever we want in there, you can roll your face over your keyboard, type a book story in different languages,etc and make sure it makes no sense in the end so no one can guess your entropy.

On top of that, i added random salting so each time you run this code, the entropy result code will be different even if the entropy is the same (This is to safe guard in case someone ends up saving the code file with the last entropy input they have used)

Now, when we ran that code, it gave us a result in hex that we can use on the next step.

2) Create your own Bitcoin address

import hashlib
import bip32utils
from mnemonic import Mnemonic
import bech32
import base58

# Input your entropy code
entropy_code = ""  # IMPORTANT: After running the program, erase your code
# Convert the entropy code to bytes
entropy = bytes.fromhex(entropy_code)

# Generate a BIP39 mnemonic phrase
mnemonic = Mnemonic("english")
words = mnemonic.to_mnemonic(entropy)  # 12-word phrase

# Derive a seed from the mnemonic phrase
seed = mnemonic.to_seed(words)

# Derive a master key from the seed
master_key = hashlib.pbkdf2_hmac('sha512', seed, b'mnemonic', 2048)

# Derive the private key from the master key
private_key = master_key[:32]

# Convert private key to WIF format
extended_private_key = b'\x80' + private_key + b'\x01'
checksum = hashlib.sha256(hashlib.sha256(extended_private_key).digest()).digest()[:4]
wif_private_key = base58.b58encode(extended_private_key + checksum).decode()

# Hash the private key
hashed_private_key = hashlib.sha256(private_key).digest()

# Apply RIPEMD-160 hash
ripemd160_hash = hashlib.new('ripemd160')
ripemd160_hash.update(hashed_private_key)
hashed_ripemd160 = ripemd160_hash.digest()

# Add a version byte
version_byte = b'\x00'
extended_hashed_ripemd160 = version_byte + hashed_ripemd160

# Calculate the checksum
checksum = hashlib.sha256(hashlib.sha256(extended_hashed_ripemd160).digest()).digest()[:4]

# Append the checksum
address_bytes = extended_hashed_ripemd160 + checksum

# Determine the appropriate values for hrp, witver, and witprog based on the address type
hrp = "bc"  # Human-readable part for Bitcoin mainnet addresses
witver = 0  # Witness version (0 for Pay-to-Witness-Public-Key-Hash addresses)
witprog = hashed_ripemd160  # Use the hashed RIPEMD-160 instead of address_bytes

# Generate the Bech32 public key
bech32_public_key = bech32.encode(hrp, witver, hashed_ripemd160)

# Print the Bitcoin private key (WIF format), checksum, Bech32 address, and Bech32 public key
print("Bitcoin Private Key (WIF format):", wif_private_key)
print("Bitcoin Private Key (Hexadecimal):", private_key.hex())
print("Checksum:", checksum.hex())
print("BIP39 Mnemonic Phrase:", words)
print("Bech32 Public Key:", bech32_public_key)
print("If your public key ends with a P, try to generate a new one")

Here, all you need to change is the entropy code required at the start, which is the entropy code we got when we ran the first code.

Your seed phrase will be generated from the words pool of "BIP39" which is the standard used for many wallets out there. I was tempted to create seed phrase with numbers and other languages, since that would make them less common, but some wallets require to import a seed phrase that uses BIP39

You can see what the results will be by checking all the "Print" output at the end.
Remember you might need to download the libraries onto your pc first. And this code should be ran with your Internet off

I hope this can be useful to someone and don't hesitate to tell me if my code has some issues or vulnerabilities

And, can you show me a modification to my code to create a Taproot address?

[pooya87]

One of the reason as to why i wanted full control on my Bitcoin keys creation is because is hard to verify that non-custodial wallets really don't know your private keys. You would need to use a packet sniffer like Wireshark at the moment that you use your seed phrase to access your wallet to see what packets are sent to the wallet provider, and even then, it's hard to know what information is shared to them.

As long as the wallet software you are using is 100% open source, you don't need complicated ways, you can just take a look at its source code to see what it is doing in the background like what data is being sent out to other nodes/servers.
For example you could have just gone though Electrum's source code which happens to be in python to see what it does.

Another problem i wanted to address is "Entropy". One of the reasons they warn you to not create your own address is because your entropy method might be weak and could be hacked.

Same as above.

i'm no expert at Bitcoin nor Python
And, can you show me a modification to my code to create a Taproot address?

Well you need to have a good understanding of both Bitcoin and python to be able to write something like that. In any case read my comment here to see how its being done
https://bitcointalk.org/index.php?topic=5461279.msg62621270#msg62621270

[Phobos_Quake]

I have found an error with my code. The seed phrase had no connection with the private key, which it would make it impossible to restore it with the seed phrase it printed.
An AI search helped me detect it.

"Incorrect Derivation of the Master Key:
In BIP32, the master key is derived from the seed using HMAC-SHA512 with a specific key (b"Bitcoin seed"), not hashlib.pbkdf2_hmac as you are using.
Your code uses hashlib.pbkdf2_hmac to derive the master key, which is not part of the BIP32 standard.

Private Key Derivation:

The private key is not directly derived from the master key. Instead, BIP32 defines a hierarchical deterministic (HD) wallet structure where private keys are derived from the master key using child key derivation (CKD) functions.

Bech32 Address Generation:

The Bech32 address generation in your code is not following the correct derivation path. For a valid Bech32 address, you need to derive the public key from the private key and then hash it using SHA256 and RIPEMD-160 before encoding it into Bech32 format."

Here is the corrected code:

import hashlib
from mnemonic import Mnemonic
from bip32utils import BIP32Key
import bech32

# Input your entropy code
entropy_code = ""  # IMPORTANT: After running the program, erase your code
# Convert the entropy code to bytes
entropy = bytes.fromhex(entropy_code)

# Generate a BIP39 mnemonic phrase
mnemonic = Mnemonic("english")
words = mnemonic.to_mnemonic(entropy)  # 12-word phrase

# Derive a seed from the mnemonic phrase
seed = mnemonic.to_seed(words)

# Derive the master key from the seed using BIP32
bip32_master_key = BIP32Key.fromEntropy(seed)

# Get the private key (hexadecimal) from the master key
private_key = bip32_master_key.PrivateKey()

# Convert private key to WIF format
wif_private_key = bip32_master_key.WalletImportFormat()

# Derive the public key
public_key = bip32_master_key.PublicKey()

# Hash the public key to generate the Bech32 address
hashed_public_key = hashlib.new('ripemd160', hashlib.sha256(public_key).digest()).digest()

# Generate the Bech32 address
hrp = "bc"  # Human-readable part for Bitcoin mainnet addresses
witver = 0  # Witness version (0 for Pay-to-Witness-Public-Key-Hash addresses)
bech32_address = bech32.encode(hrp, witver, hashed_public_key)

# Print the Bitcoin private key (WIF format), mnemonic phrase, and Bech32 address
print("Bitcoin Private Key (WIF format):", wif_private_key)
print("Bitcoin Private Key (Hexadecimal):", private_key.hex())
print("BIP39 Mnemonic Phrase:", words)
print("Bech32 Address:", bech32_address)

[apogio]

Good effort, but you should, at least, take pooya87's response into consideration.
The coding aspect is perfect for research and you can gain significant knowledge implementing stuff like that.
But for real usage, I strongly suggest using well established open-source projects.
And I am a person who develops a lot, just for fun, but when it comes to real money, I only use thoroughly tested software.

[alexeyneu]

all this is plain wrong stuff

first of all bip32key is eth thing
https://pypi.org/project/bip32key/

second
this 'master private key' is not supposed to be in wif format. it's root key of hd wallet where key in wif is single wallet key. And if you derive address (single wallet address) from this key it'll be completely unrelated to this hd wallet root key belongs to. hd root key itself is 78 bytes long, not 32. most of the time you can trunk it to 32 yeah but you have no guarantee you'll get original key back.

It's fked up project .

[Phobos_Quake]

BIP32 is applicable to both Bitcoin and Ethereum: BIP32 is a standard for hierarchical deterministic (HD) key generation and is used in both Bitcoin and Ethereum, among other cryptocurrencies.

Bech32 is used for SegWit addresses. If you're generating a Legacy or P2SH address, you'll need to use Base58Check encoding instead.

Correcting the code.

import hashlib
from mnemonic import Mnemonic
from bip32utils import BIP32Key, BIP32_HARDEN
import bech32

# Input your entropy code
entropy_code = "e531b2d5f61c22579bade7bc41e6a13e"  # IMPORTANT: After running the program, erase your code

# Check if the entropy code is valid (16 bytes or 32 hex characters)
if len(entropy_code) != 32 or not entropy_code.isalnum():
    raise ValueError("Invalid entropy code. Ensure it is a 32-character hexadecimal string.")

# Convert the entropy code to bytes
entropy = bytes.fromhex(entropy_code)

# Generate a BIP39 mnemonic phrase
mnemonic = Mnemonic("english")
words = mnemonic.to_mnemonic(entropy)  # 12-word phrase

# Derive a seed from the mnemonic phrase
seed = mnemonic.to_seed(words)

# Derive the master key from the seed using BIP32
bip32_master_key = BIP32Key.fromEntropy(entropy)  # Corrected method name

# Print the HD root key (extended key)
hd_root_key = bip32_master_key.ExtendedKey()  # Use ExtendedKey() instead of Serialize()
print("HD Root Key (Extended Key):", hd_root_key)

# Derive a single wallet key from the master key (e.g., m/44'/0'/0'/0/0)
derived_key = bip32_master_key.ChildKey(44 + BIP32_HARDEN).ChildKey(0 + BIP32_HARDEN).ChildKey(0 + BIP32_HARDEN).ChildKey(0).ChildKey(0)

# Get the private key (hexadecimal) from the derived key
private_key = derived_key.PrivateKey()

# Convert private key to WIF format
def private_key_to_wif(private_key, compressed=True):
    # Add version byte (0x80 for mainnet)
    versioned_key = b'\x80' + private_key
    if compressed:
        versioned_key += b'\x01'  # Append 0x01 for compressed keys

    # Calculate the checksum
    checksum = hashlib.sha256(hashlib.sha256(versioned_key).digest()).digest()[:4]

    # Create the final byte string
    final_key = versioned_key + checksum

    # Convert to Base58
    alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    num = int.from_bytes(final_key, 'big')
    wif = ''
    while num > 0:
        num, rem = divmod(num, 58)
        wif = alphabet[rem] + wif
    return wif

# Get the WIF private key
wif_private_key = private_key_to_wif(private_key)

# Derive the public key
public_key = derived_key.PublicKey()

# Hash the public key to generate the Bech32 address
hashed_public_key = hashlib.new('ripemd160', hashlib.sha256(public_key).digest()).digest()

# Generate the Bech32 address
hrp = "bc"  # Human-readable part for Bitcoin mainnet addresses
witver = 0  # Witness version (0 for Pay-to-Witness-Public-Key-Hash addresses)
bech32_address = bech32.encode(hrp, witver, hashed_public_key)

# Print the Bitcoin private key (WIF format), mnemonic phrase, and Bech32 address
print("Bitcoin Private Key (WIF format):", wif_private_key)
print("Bitcoin Private Key (Hexadecimal):", private_key.hex())
print("BIP39 Mnemonic Phrase:", words)
print("Bech32 Address:", bech32_address)

output:
HD Root Key (Extended Key): xprv9s21ZrQH143K2iWCf6km9a3mJ1vnFhe6DmJT8h9d7FoVzmTnpK1owZZoK9SVj8ppnv4drno77CL RDjFrXCwnpDHdmthpLmjQBqz1SX89BZv
Bitcoin Private Key (WIF format): KwqbXPC6yAPDfQQUUXJbA9csN9mQU9hKyhNG71jSwAxU2VqmKtef
Bitcoin Private Key (Hexadecimal): 1275eff28bafa4211a98812cba059d764caef67af1d51288e6d9ddb8dd6aae4e
BIP39 Mnemonic Phrase: topple mirror rely umbrella season cloth huge rude rough august portion laptop
Bech32 Address: bc1q4tyxydpv08refa2r64vdga32muznfwh7mmpx9l

------------

Do you like the code now better?

[apogio]

I have found an error with my code. The seed phrase had no connection with the private key, which it would make it impossible to restore it with the seed phrase it printed.
An AI search helped me detect it.

...

So you 've posted some code which, if used by someone, would lead to them losing their money.
You clearly state that you want to learn, so please, at the top of the original post, write a warning. Something like "educational purposes only". Just to make sure that anyone won't be lazy enough to skip your intro and go straight to your code and use it.

[alexeyneu]

results of this base58 will be plain wrong ofc

missed one line.

[Saint-loup]

I have found an error with my code. The seed phrase had no connection with the private key, which it would make it impossible to restore it with the seed phrase it printed.
An AI search helped me detect it.

You should edit urgently your first post, it's not safe at all for users to leave code with such behavior on the forum. You should always test critical code before publishing it publicly. You don't need any AI tool for that.

Besides that, it could be interesting if it works properly now but on which device can we execute this script? Do you know if some calculators(especially not connected ones) are able to execute that in 2024? Or with some minor changes at least? I guess some libraries you use are not included in Python standard distributions.

[Pablo-wood]

Nice work mate but a few point to mention
First :
Handling private keys and seed phrases in plaintext is inherently risky. You stand at a very high risk if an attacker gets hold of your system.

user_variable = "test"

Using user_variable for entropy is highly risky. Assuming a user provides a weak or predictable input?. Despite introducing randomness via salting understanding the strength of the entropy greatly relies on the quality of the user input

Lastly using RIPEMD-160 hash of the private key for the witness program is risky. This can lead to an invalid address or one that cannot be recovered .

It is best to use a proper public key derived from the private key when creating the witness program.

[pooya87]

Lastly using RIPEMD-160 hash of the private key for the witness program is risky. This can lead to an invalid address or one that cannot be recovered .

It is best to use a proper public key derived from the private key when creating the witness program.

It is not just risky, it is impossible since there won't be any way to spend those coins. The hash must be computed from the public key. The code OP posted in first post was wrong, they fixed it in the last comment:

Code:

hashed_public_key = hashlib.new('ripemd160', hashlib.sha256(public_key).digest()).digest()
~
bech32_address = bech32.encode(hrp, witver, hashed_public_key)

[Saint-loup]

Nice work mate but a few point to mention
First :
Handling private keys and seed phrases in plaintext is inherently risky. You stand at a very high risk if an attacker gets hold of your system.

What do you mean by that? How could he do otherwise? All wallets display in their GUI, in the console or even in plain text files sometimes, the private keys and the HD seed of the wallet if you request it. You think it should be encoded with a scheme or even encrypted with a key or a password ? But how and where the user could decypher it safely then?

user_variable = "test"

Using user_variable for entropy is highly risky. Assuming a user provides a weak or predictable input?. Despite introducing randomness via salting understanding the strength of the entropy greatly relies on the quality of the user input
[...]

He just shifts this responsibility onto the user, taking it on. An explicit warning message would certainly be more cautious, but if you don't trust or don't want to trust reliability of some libraries or environnement behaviors on all equipments and hardware configurations, it's simpler and safer to delegate the burden of this task and its responsibility directly to the user IMO. He sould be informed of what this implies though.

[ABCbits]

Nice work mate but a few point to mention
First :
Handling private keys and seed phrases in plaintext is inherently risky. You stand at a very high risk if an attacker gets hold of your system.

What do you mean by that? How could he do otherwise? All wallets display in their GUI, in the console or even in plain text files sometimes, the private keys and the HD seed of the wallet if you request it. You think it should be encoded with a scheme or even encrypted with a key or a password ? But how and where the user could decypher it safely then?

It's not that complex. The script could ask user to input the variable value when running the program and enter password before storing encrypted key on disk.

user_variable = "test"

Using user_variable for entropy is highly risky. Assuming a user provides a weak or predictable input?. Despite introducing randomness via salting understanding the strength of the entropy greatly relies on the quality of the user input
[...]

He just shifts this responsibility onto the user, taking it on. An explicit warning message would certainly be more cautious, but if you don't trust or don't want to trust reliability of some libraries or environnement behaviors on all equipments and hardware configurations, it's simpler and safer to delegate the burden of this task and its responsibility directly to the user IMO. He sould be informed of what this implies though.

Average user wouldn't run OP script in first place.

[AlphaNode]

I have this code:

# pip install mnemonic bip32
from mnemonic import Mnemonic
from bip32 import BIP32

def generar_semilla_y_bip32():
    mnemo = Mnemonic("english")
    mnemonic_words = mnemo.generate(strength=192)
    print("Frase mnemónica generada (18 palabras):")
    print(mnemonic_words)
    seed = mnemo.to_seed(mnemonic_words)
    bip32 = BIP32.from_seed(seed)
    root_key = bip32.get_xpriv_from_path("m")
    print("\nBIP32 Root Key generada a partir de la frase mnemónica:")
    print(root_key)

def obtener_bip32_desde_semilla():
    mnemo = Mnemonic("english")
    mnemonic_words = input("Introduce tu frase mnemónica: ")
    seed = mnemo.to_seed(mnemonic_words)
    bip32 = BIP32.from_seed(seed)
    root_key = bip32.get_xpriv_from_path("m")
    print("\nBIP32 Root Key generada a partir de la frase mnemónica:")
    print(root_key)

def main():
    print("Elige una opción:")
    print("1. Crear nueva semilla")
    print("2. Ya tengo una semilla (dame la BIP32 Root Key)")
    opcion = input("Introduce el número de la opción que quieres: ")

    if opcion == "1":
        generar_semilla_y_bip32()
    elif opcion == "2":
        obtener_bip32_desde_semilla()
    else:
        print("Opción no válida")

if __name__ == "__main__":
    main()

It creates a 18 words seed phrase, and shows its BIP32 Root Key. With this, you can use the seed words in Electrum (or any BIP39 compatible wallet) and with the BIP32 Root Key you can import the same wallet in Bitcoin core (using importdescriptors command).

If you already have one seed phrase, it returns just the BIP32 Root Key.

In case you want to mantain a wallet for spendings with Electurm in your mobile, and just watch-only in Bitcoin core, you can use de importdescriptors with the xpub instead of the BIP32 Root Key (extracting the public descriptors with listdescriptors first).

[Phobos_Quake]

Nice work mate but a few point to mention
First :
Handling private keys and seed phrases in plaintext is inherently risky. You stand at a very high risk if an attacker gets hold of your system.

user_variable = "test"

Using user_variable for entropy is highly risky. Assuming a user provides a weak or predictable input?. Despite introducing randomness via salting understanding the strength of the entropy greatly relies on the quality of the user input

Yes, first, i stated at the fist post to turn off the internet on the system before running the code.
And i know that if the user chooses a weak entropy it runs risk of the private key getting cracked. That's why i also stated the entropy should be a large text, mix languages, roll your face over the keyboard, all together.

I have this code:

It creates a 18 words seed phrase, and shows its BIP32 Root Key. With this, you can use the seed words in Electrum (or any BIP39 compatible wallet) and with the BIP32 Root Key you can import the same wallet in Bitcoin core (using importdescriptors command).

If you already have one seed phrase, it returns just the BIP32 Root Key.

It looks fine, but gotta be careful that you are trusting a third-party for the entropy and you will have to use the output of that code on wallets that actually support it, like Electrum. Not all wallets support other than 12 or 24 words. Or other limits.

[iceland2k14]

For my own testing i use in python .....

Code:

import secp256k1 as ice
m = ice.create_valid_mnemonics(256)
print('[C p2pkh]',ice.mnem_to_address(m, 0, True, "m/44'/0'/0'/0/0"))
print('[U p2pkh]',ice.mnem_to_address(m, 0, False, "m/44'/0'/0'/0/0"))
print('[p2sh]',ice.mnem_to_address(m, 1, True, "m/49'/0'/0'/0/0"))
print('[bech32 p2wpkh]',ice.mnem_to_address(m, 2, True, "m/84'/0'/0'/0/0"))

The output is

Code:

'century list caught vault antique athlete talk else bullet evil warfare claim crawl loan utility midnight hip impact abandon quit elephant hollow mean wreck'
[C p2pkh] 1M1vEoBHoCN1gb5vcydnMZTYvhGL5w8sLe
[U p2pkh] 144fbBAdHtDmAEMafFzYrEsmSoUYB4GfGF
[p2sh] 3FbsWhkjig8zKf1kSYt8xgruTURH8BSW6A
[bech32 p2wpkh] bc1q4hzd8rslc3z4j00q0amw03zxjl5p88lu5mes7z

[Mirseko]

I followed your link to the bitaddress website, I was pleased with this find, the key generation is going great, thank you.