Bitcoin Forum
December 06, 2016, 10:22:09 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Wallet encryption protocol  (Read 860 times)
ThePiachu
Sr. Member
****
Offline Offline

Activity: 442



View Profile WWW
January 19, 2012, 08:22:40 PM
 #1

Is there some step-by-step guide on how the official client encrypts the wallet? I'm trying to write an implementation of that in Go, but can't seem to find any concrete reference, asides
https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README
So lets see if I got this right...

I have a private key:
18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725

And a password:
Satoshi

Then I need a random master key (how long is it? Is it stored anywhere?)
??

I take a SHA-512 of the password
B85729C8DB06F82DDEDBF5B70B482D32C46A556562FE79AD8402820D52EB7D562463C021F23E33D 6274E60845C19D6DC298910537D8D3C1CB4DB08F88D2E8B21

Then I  perform OpenSSL's EVP_BytesToKey from the master key and the SHA in a dynamic number of rounds based on the speed of my computer (how do I calculate this?)

And what I get is the encrypted private key, right?

1HWbVLhxj7bhewhyapMZpyhqWAeAhJd51E
My Bitcoin Calculator:
http://tpbitcalc.appspot.com/
1481019729
Hero Member
*
Offline Offline

Posts: 1481019729

View Profile Personal Message (Offline)

Ignore
1481019729
Reply with quote  #2

1481019729
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hawkix
Hero Member
*****
Offline Offline

Activity: 517



View Profile WWW
January 20, 2012, 06:13:45 PM
 #2

Damn! That is my password. Why do you have to use just the same nice password as I do? Its not fair. And not secure.





(OK, was just joking).

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
Joric
Member
**
Offline Offline

Activity: 67


View Profile
January 25, 2012, 08:25:04 AM
 #3

relevant: https://bitcointalk.org/index.php?topic=34028.msg708668#msg708668

off: private key made from sha256("Satoshi Nakamoto") actually had a few coins on it, but it was swept recently.

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1036


View Profile WWW
January 25, 2012, 07:41:44 PM
 #4

Your passphrase is strengthened and converted to a 256-bit key and IV using OpenSSL's EVP routines, using SHA512.

The wallet contains an "mkey" record, which contains a 256-bit randomly generated master key, encrypted using AES-256-CBC using the above key and IV.

Key entries in the wallet ("ckey") are a mapping from the pubkey to the AES-256-CBC encrypted 32-byte EC secret, using the master key as key, and the hash of the pubkey as IV.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Joric
Member
**
Offline Offline

Activity: 67


View Profile
January 26, 2012, 01:26:14 AM
 #5

Your passphrase is strengthened and converted to a 256-bit key and IV using OpenSSL's EVP routines, using SHA512.

More specifically, it's 25000+ rounds of sha512 performed on "passphrase" + "salt", hence we get 64-byte hash.
Then I just use first 32 bytes as the AES key and 16 bytes after that as initialization vector.
Both number of rounds (nDerivIterations) and "salt" are stored unencrypted in the mkey record.
This is method 0 (nDerivationMethod, also stored in the mkey), other methods could have another implementation.

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!