Bitcoin Forum
September 23, 2020, 12:21:13 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: how to generate a valid private-key + recv address in PHP?  (Read 15346 times)
hamdi
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500



View Profile
May 13, 2012, 06:27:43 PM
 #1

what´s the easiest way to generate a priv-key + recv-addr in php?

so i can make sites which accept bitcoin without running a daemon...

i want to do what bitaddress.org does in js, but in php.


don´t tell me to not keep private key on server... i will care about that...
i really want to do this in php, so please don´t give any arguments against my plan.

1600820473
Hero Member
*
Offline Offline

Posts: 1600820473

View Profile Personal Message (Offline)

Ignore
1600820473
Reply with quote  #2

1600820473
Report to moderator
1600820473
Hero Member
*
Offline Offline

Posts: 1600820473

View Profile Personal Message (Offline)

Ignore
1600820473
Reply with quote  #2

1600820473
Report to moderator
1600820473
Hero Member
*
Offline Offline

Posts: 1600820473

View Profile Personal Message (Offline)

Ignore
1600820473
Reply with quote  #2

1600820473
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1600820473
Hero Member
*
Offline Offline

Posts: 1600820473

View Profile Personal Message (Offline)

Ignore
1600820473
Reply with quote  #2

1600820473
Report to moderator
1600820473
Hero Member
*
Offline Offline

Posts: 1600820473

View Profile Personal Message (Offline)

Ignore
1600820473
Reply with quote  #2

1600820473
Report to moderator
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
May 13, 2012, 06:31:29 PM
 #2

Are you putting out a bounty for this? Tongue

gweedo
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000


View Profile
May 13, 2012, 06:42:52 PM
 #3

https://github.com/mikegogulski/bitcoin-php/blob/master/src/bitcoin.inc#L567

this uses a bitcoind as a backend and just queries that to get a new address so that could be an answer
hamdi
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500



View Profile
May 13, 2012, 06:48:01 PM
 #4

"generate priv-key and recv-addr in pure php without a btc-daemon or any other external requirements" 


bounty is 1 BTC to the first poster who posts a working php code here.

i know there is already some code around, but i just can´t find it.

lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
May 13, 2012, 06:48:25 PM
 #5

https://github.com/mikegogulski/bitcoin-php/blob/master/src/bitcoin.inc#L567

this uses a bitcoind as a backend and just queries that to get a new address so that could be an answer

I think hamdi's whole price is that he doesn't want to have to use bitcoind. And he doesn't have to. Now whether someone is going to write a script for him for free or not is the question.

hamdi
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500



View Profile
May 13, 2012, 06:51:20 PM
 #6

read, i set a bounty of 1 btc


Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1001


View Profile
May 30, 2012, 12:42:35 AM
 #7

Incidentally, a Python version here:

 - http://bitcointalk.org/index.php?topic=84238

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


gweedo
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000


View Profile
May 30, 2012, 01:38:40 AM
 #8

http://bitcoin.stackexchange.com/questions/2289/php-script-to-create-private-key-public-address

bitcoin address is in the sig Smiley
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
August 29, 2012, 03:30:28 PM
 #9

How did this work out? I would be interested in seeing exactly how you did it in the end.

more or less retired.
hamdi
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500



View Profile
August 29, 2012, 11:59:56 PM
 #10

i use vanitygen in the back now

kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
August 30, 2012, 05:55:47 AM
 #11

By the way, this is possible to do entirely in PHP, no calls to an external program.  You need a PHP library for doing EC math (there is one, LGPL), the curve definition for secp256k1 (copies of SEC2 are available for free on the web) and a little code to glue it all together.

The nice part is that if you do it all internally, you can specify the private key rather than asking the program for one at random.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
1541
Newbie
*
Offline Offline

Activity: 19
Merit: 0



View Profile
August 30, 2012, 07:23:35 AM
 #12

But there is no real "out of the box" PHP solution ready, right?
As most PHP based onlineshops (oscommerce, xtcommerce, zen-cart,...) run on a shared webspace, they would really benefit from a solution that does not rely on "bitcond" running as a service (or external server).
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
August 30, 2012, 11:28:32 AM
 #13

But there is no real "out of the box" PHP solution ready, right?
As most PHP based onlineshops (oscommerce, xtcommerce, zen-cart,...) run on a shared webspace, they would really benefit from a solution that does not rely on "bitcond" running as a service (or external server).

If you don't trust the host that runs your web store with your wallet, you really shouldn't trust it with the stuff that your wallet it made of either.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
hamdi
Hero Member
*****
Offline Offline

Activity: 812
Merit: 500



View Profile
August 30, 2012, 02:04:46 PM
 #14

i now use vanitygen via exec(); from php.
i then present the enduser with the bitcoin-address where he can pay his money,
at the same time the private-key is sent to an off-site bitcoind to be imported there.

kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
August 30, 2012, 02:30:02 PM
 #15

i now use vanitygen via exec(); from php.
i then present the enduser with the bitcoin-address where he can pay his money,
at the same time the private-key is sent to an off-site bitcoind to be imported there.

You'd be better off generating the pair remotely, and pulling the address into the customer-facing server.

The stuff that you don't want stolen is being created in the place that you are worried about it being stolen from.  That isn't a great idea, even if you delete it right away.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
scintill
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
August 31, 2012, 04:53:02 AM
Last edit: August 31, 2012, 07:15:13 AM by scintill
 #16

For the challenge and to learn more about Bitcoin, I implemented this in pure PHP (bcmath extension required, but I think that's pretty standard. Edit: Goes much faster with GMP extension!)  Please check it over yourself before using it!  I checked several keypairs with Casascius' address utility and they look good, but I'm not an expert, and there aren't real solid tests of the code.  Most of the work is by a pre-written ECC lib I found.

Anyway, the code, with a demo embedded, is at https://gist.github.com/3549107.  It is a little slow right now but could be sped up by using GMP instead of bcmath.  I don't know if anyone still cares or if the bounty has been claimed, but it'd be nice to have. Smiley

If there's interest, let me know, and I will extend and/or test it better.

Edit: Cleaned up the code and made it use GMP if possible, as it is much much faster.  Also found ways to use the ECC lib's helper functions more, so there is less code.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
payb.tc
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile
August 31, 2012, 04:56:39 AM
 #17

thanks, i care, and look forward to reviewing your work.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1064
Merit: 1002


BCJ


View Profile
October 12, 2012, 06:49:14 PM
 #18

scintill

Works like a charm.    Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
October 12, 2012, 07:07:42 PM
 #19

scintill

Works like a charm.    Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Your best bet is probably to fopen /dev/random and read 32 bytes from it.  Be warned that /dev/random will stall until it comes up with enough entropy to complete your request.  Check  /proc/sys/kernel/random/entropy_avail first, or use /dev/urandom (unsafe).

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
scintill
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
October 14, 2012, 05:38:54 AM
 #20

scintill

Works like a charm.    Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Your best bet is probably to fopen /dev/random and read 32 bytes from it.  Be warned that /dev/random will stall until it comes up with enough entropy to complete your request.  Check  /proc/sys/kernel/random/entropy_avail first, or use /dev/urandom (unsafe).

Yeah, that sounds good to me.  I didn't know about that proc file, that's cool.

Glad it's working for you, BCB.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001



View Profile
October 14, 2012, 05:44:29 AM
 #21

Someone asked in a PM, so I wrote an example.

Code:
<?php
$bits_desired
=256;
$bytes_desired=ceil($bits_desired/8);
echo 
"Asking for ".$bits_desired." bits of random (".$bytes_desired." bytes)\n";
if(
TRUE==($fp_ent=fopen("/proc/sys/kernel/random/entropy_avail","r"))){
 
$ent=trim(fgets($fp_ent));
 echo 
"Entropy available: ".$ent."\n";
 if(
$ent>$bits_desired){
  if(
TRUE==($fp_rand=fopen("/dev/random","r"))){
   
$r=fread($fp_rand,$bytes_desired);
   echo 
bin2hex($r)."\n";
  }else echo 
"Failed to open /dev/random.\n";
 }else echo 
"Not enough bits available.\n";
}else echo 
"Unable to get status of entropy pool.\n";
?>


17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1064
Merit: 1002


BCJ


View Profile
October 14, 2012, 05:58:21 AM
 #22

I've been testing importing and extracting and paying key and all seems to be working fine.
Richy_T
Legendary
*
Offline Offline

Activity: 1358
Merit: 1005


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
November 25, 2013, 06:58:15 PM
Last edit: November 25, 2013, 07:20:22 PM by Richy_T
 #23

This code generates a mini-key if anyone's interested. I was looking for the next step, priv->pub key when I ran across this thread. It needs tidying of course and I just remembered I'm using the non-crypto rand() so that will need to be fixed too. Maybe I should just delete it Cheesy

Edit: OK, fixed to use /dev/urandom. Use /dev/random if you'd prefer.

Code:
<?php
  
#Below is full list of available characters.
  #"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
  
$fp=fopen("/dev/urandom","r") or die;
  
$available_chars="23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz";
  do{
    
$minikey='S';
    for(
$i=0;$i<29;$i++){
      while((
$c=ord(fgetc($fp)))>=strlen($available_chars));
      
$minikey.=substr($available_chars,$c,1);
    }
    
$check=hash('sha256',$minikey '?') . "\n";
  }while(
substr($check,0,2)!='00');
  
fclose($fp);
  
$priv=hash('sha256',$minikey);
  print 
"Minikey: $minikey\n";
  print 
"Privkey: $priv\n";
?>


Note that I deliberately exclude "1' and 'o' but you may add them back in if needed.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Richy_T
Legendary
*
Offline Offline

Activity: 1358
Merit: 1005


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
November 26, 2013, 03:14:21 PM
 #24

For the challenge and to learn more about Bitcoin, I implemented this in pure PHP (bcmath extension required, but I think that's pretty standard. Edit: Goes much faster with GMP extension!)  Please check it over yourself before using it!  I checked several keypairs with Casascius' address utility and they look good, but I'm not an expert, and there aren't real solid tests of the code.  Most of the work is by a pre-written ECC lib I found.

Anyway, the code, with a demo embedded, is at https://gist.github.com/3549107.  It is a little slow right now but could be sped up by using GMP instead of bcmath.  I don't know if anyone still cares or if the bounty has been claimed, but it'd be nice to have. Smiley

If there's interest, let me know, and I will extend and/or test it better.

Edit: Cleaned up the code and made it use GMP if possible, as it is much much faster.  Also found ways to use the ECC lib's helper functions more, so there is less code.

This disappeared (link no good). Anyone have a copy anywhere?

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
scintill
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
November 30, 2013, 02:00:28 AM
 #25

This disappeared (link no good). Anyone have a copy anywhere?

I removed it, for being embarrassed about its weak key generation (!), and not wanting to enable people to unwittingly generate weak keys.  Also, someone has made a more flexible fork called PHPCoinAddress, but I would recommend at least applying my patch here, in addition to ideally studying secure key generation for your configuration/platform (at least if you are doing something high-risk/high-value in production.)  Feedback on my pull requests to PHPCoinAddress is welcome.  Thanks.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
Pages: 1 2 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!