Bitcoin Forum
December 03, 2022, 11:37:10 AM *
News: Reminder: do not keep your money in online accounts
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Wallet encryption protocol  (Read 1064 times)
ThePiachu (OP)
Sr. Member
****
Offline Offline

Activity: 444
Merit: 265



View Profile WWW
January 19, 2012, 08:22:40 PM
 #1

Is there some step-by-step guide on how the official client encrypts the wallet? I'm trying to write an implementation of that in Go, but can't seem to find any concrete reference, asides
https://github.com/bitcoin/bitcoin/blob/6b8a5ab622e5c9386c872036646bf94da983b190/doc/README
So lets see if I got this right...

I have a private key:
18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725

And a password:
Satoshi

Then I need a random master key (how long is it? Is it stored anywhere?)
??

I take a SHA-512 of the password
B85729C8DB06F82DDEDBF5B70B482D32C46A556562FE79AD8402820D52EB7D562463C021F23E33D 6274E60845C19D6DC298910537D8D3C1CB4DB08F88D2E8B21

Then I  perform OpenSSL's EVP_BytesToKey from the master key and the SHA in a dynamic number of rounds based on the speed of my computer (how do I calculate this?)

And what I get is the encrypted private key, right?

1HWbVLhxj7bhewhyapMZpyhqWAeAhJd51E
My Bitcoin Calculator:
http://tpbitcalc.appspot.com/
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1670067430
Hero Member
*
Offline Offline

Posts: 1670067430

View Profile Personal Message (Offline)

Ignore
1670067430
Reply with quote  #2

1670067430
Report to moderator
Hawkix
Hero Member
*****
Offline Offline

Activity: 531
Merit: 505



View Profile WWW
January 20, 2012, 06:13:45 PM
 #2

Damn! That is my password. Why do you have to use just the same nice password as I do? Its not fair. And not secure.





(OK, was just joking).

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
Joric
Member
**
Offline Offline

Activity: 67
Merit: 130


View Profile
January 25, 2012, 08:25:04 AM
Last edit: January 25, 2012, 08:41:43 AM by Joric
Merited by xandry (4)
 #3

relevant: https://bitcointalk.org/index.php?topic=34028.msg708668#msg708668

off: private key made from sha256("Satoshi Nakamoto") actually had a few coins on it, but it was swept recently.

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1070
Merit: 1148


View Profile WWW
January 25, 2012, 07:41:44 PM
 #4

Your passphrase is strengthened and converted to a 256-bit key and IV using OpenSSL's EVP routines, using SHA512.

The wallet contains an "mkey" record, which contains a 256-bit randomly generated master key, encrypted using AES-256-CBC using the above key and IV.

Key entries in the wallet ("ckey") are a mapping from the pubkey to the AES-256-CBC encrypted 32-byte EC secret, using the master key as key, and the hash of the pubkey as IV.

I do Bitcoin stuff.
Joric
Member
**
Offline Offline

Activity: 67
Merit: 130


View Profile
January 26, 2012, 01:26:14 AM
Last edit: January 26, 2012, 01:51:47 AM by Joric
Merited by xandry (4)
 #5

Your passphrase is strengthened and converted to a 256-bit key and IV using OpenSSL's EVP routines, using SHA512.

More specifically, it's 25000+ rounds of sha512 performed on "passphrase" + "salt", hence we get 64-byte hash.
Then I just use first 32 bytes as the AES key and 16 bytes after that as initialization vector.
Both number of rounds (nDerivIterations) and "salt" are stored unencrypted in the mkey record.
This is method 0 (nDerivationMethod, also stored in the mkey), other methods could have another implementation.

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!