How Do I Encrypt a Paper Wallet from bitaddress.org?

[unclemantis]

The subject says it all. I want to be able to print an encrypted wallet using bitaddress.org or similar service to store in multiple places.

Little help. Thanks!

[Foxpup]

Unfortunately, there aren't any simple ways of doing it, so I'll give you the semi-complicated way. You can use GPG to encrypt wallet seeds/private keys in a printable and manually-enterable format. The command line is the easiest way to do it, for example to encrypt the private key 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF:

Code:

echo "5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF" | gpg -ac --cipher-algo AES256

GPG will ask you to enter a passphrase twice and then produce something like the following:

Code:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

jA0ECQMCXxBRFtvirnFg0mkBP4MwdLp0JcMJHHLR8DT3hg3ZUrND0oTwgCxDk21O
XUgCTOQ4Bj9snJNxPsZ2vgc/mT4lh1+1XpQS0tiNq/Zi4cE/HTkMrSXTB5BjhIUZ
zTFPIpCJI1zZQThCeAo4fEVyXu/nQ6sCBPc=
=yykC
-----END PGP MESSAGE-----

Which you can then copy into a text editor and print out (this isn't Base58 encoded, so be sure to use a font that allows you to distinguish between the characters O,0,I,l, and 1).

To decrypt it, enter it into a text editor (there's no error-correction, so don't make any mistakes), save it as a plain text file, then run the command:

Code:

gpg -d filename.txt

Enter your passphrase, and it'll display the seed/private key you originally encrypted:

Code:

5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

You might want to test the last step just to make sure you've done everything right.

[Stephen Gornick]

Using the Wallet Details tab, you can enter a passphrase that is used to create the private key and public address.

And voila, that gives you a public address that can be used for receiving funds.  Then, with the passphrase, you have the ability to recreate the private key at any time.

 - http://bitcointalk.org/index.php?topic=43496.msg751496#msg751496

[fivemileshigh]

You can also save the bitaddress output file as a pdf, then store on an encrypted truecrypt volume, as an alternative. I hope this is good enough for your aims.

[unclemantis]

Using the Wallet Details tab, you can enter a passphrase that is used to create the private key and public address.

And voila, that gives you a public address that can be used for receiving funds.  Then, with the passphrase, you have the ability to recreate the private key at any time.

 - http://bitcointalk.org/index.php?topic=43496.msg751496#msg751496

Great idea but this only gives me one key pair and if I print this out and store in a safe deposit box or elsewhere it is still in plain text.

I am looking for a paper backup solution but this is a nice idea.

[TangibleCryptography]

There is no off the shelf software that I know of but most programming languages have crypto libraries.  Using GPG is clunky because it is intended for asynchronous encryption.  It can be used but if you lose the key then you lose the coins.  You could print the key and store it with the cipher text but then your security becomes only the passphrase.  

I would use AES.

Take a bulk wallet from bitcoin address.

Code:

1,"1P51sZbG4LNQP5Qq8VPKjexzStcTL29uJK","5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep"
2,"1G3Wyaea8AvamHT18d1Fa7VtsTbuGA7xrQ","5J2YdatPXojY39LgxbXcSkUvxNbbykYxAh6sDPHeemQYMdehKq3"
3,"14Cw7yBMzwGN5yxyx1uNdvi7QSpeb4A1LV","5JW4MHQYWTfXoM5vznEyGjr29g2YrSZUqVfA8UcQEwiJNkacJ5v"
4,"1ECEFCrAQVq2yDNhm1dKZCz9ApR2jGRRi3","5JSUmPoitJWmWDWkEHoqokASEy7yUNAsdB8saVzt8Dr985mbMMd"
5,"1EMhEniDqonMZqUCG3TYNdVCqQUKWGviNY","5Kfi3cciHfpFwhjuaGdHpGUzh5K3Sx9A2vyTBpUsML7tzZ8SFvn"
6,"1KdKYsU2bydotUgHWTnJWS4UTPWuYfaFPP","5KUxqY7Vu5cpTw78TvFxCzaLupNMRgqF8kFSudAkhvsRra1dGMc"
7,"1FxT8MP44tJ8ffUiJqFp2EK7mreBKQaxYi","5JGkVfJdsj1Wn1R1UD8yQmt2tENzde3Q6DF1kxgq4oBc1tbAvth"
8,"1P4Bv5bRGKK4S3QKHBj4DEsN1GsbZoCdyF","5J72q9KUP3uPmJBqX4zNtdKAcfjFayRLPmBkUG22cGjaNNDuV9G"
9,"1CtL8w7BrjUsXFA7nRJfV4YcNC8jzAzMA7","5KAqsqkG3wM9xfAATdVdhTfm6X1wd1xEtotBgsCrdLPiVzkBoAS"
10,"1JP37Lb84tsWs729fgez4hsuT8zRzfKnPK","5Kb4SAQveqH4btPFjaWSn7aNTv1BDUgfQapedaTeMeNUTRorEbV"

Split the output into list of private keys and public keys.


Store the public key as plaintext.

Code:

1,1P51sZbG4LNQP5Qq8VPKjexzStcTL29uJK
2,1G3Wyaea8AvamHT18d1Fa7VtsTbuGA7xrQ
3,14Cw7yBMzwGN5yxyx1uNdvi7QSpeb4A1LV
4,1ECEFCrAQVq2yDNhm1dKZCz9ApR2jGRRi3
5,1EMhEniDqonMZqUCG3TYNdVCqQUKWGviNY
6,1KdKYsU2bydotUgHWTnJWS4UTPWuYfaFPP
7,1FxT8MP44tJ8ffUiJqFp2EK7mreBKQaxYi
8,1P4Bv5bRGKK4S3QKHBj4DEsN1GsbZoCdyF
9,1CtL8w7BrjUsXFA7nRJfV4YcNC8jzAzMA7
10,1JP37Lb84tsWs729fgez4hsuT8zRzfKnPK

Encrypt the private keys using AES.  

Code:

1,5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep
2,5J2YdatPXojY39LgxbXcSkUvxNbbykYxAh6sDPHeemQYMdehKq3
3,5JW4MHQYWTfXoM5vznEyGjr29g2YrSZUqVfA8UcQEwiJNkacJ5v
4,5JSUmPoitJWmWDWkEHoqokASEy7yUNAsdB8saVzt8Dr985mbMMd
5,5Kfi3cciHfpFwhjuaGdHpGUzh5K3Sx9A2vyTBpUsML7tzZ8SFvn
6,5KUxqY7Vu5cpTw78TvFxCzaLupNMRgqF8kFSudAkhvsRra1dGMc
7,5JGkVfJdsj1Wn1R1UD8yQmt2tENzde3Q6DF1kxgq4oBc1tbAvth
8,5J72q9KUP3uPmJBqX4zNtdKAcfjFayRLPmBkUG22cGjaNNDuV9G
9,5KAqsqkG3wM9xfAATdVdhTfm6X1wd1xEtotBgsCrdLPiVzkBoAS
10,5Kb4SAQveqH4btPFjaWSn7aNTv1BDUgfQapedaTeMeNUTRorEbV

for example encrypted with "this is my password there are many like it this is mine" the output is:

Code:

U2FsdGVkX19/9w7Eu8JcYRKadE02TuYxG9CA3V3aEjLwTr/Gi7h8p9Iwk3Z7yjYG
lqqHa2bAOcD1Xr+KDIGz/uDg4zRD/K0x5cOb2C53Nbsk+D3c9fgIBwhzVfboz7ZU
swNq65U8/oqnvYPKON1RwpmvzJNnCCC3BCf2St4Jaj0cc/J+w/pMkjVfPiK8zfD5
0vhQYe3e3fsfhcbhyctpfO411cqVieCNgTgXR03sNLmseXJpnc8VvU6anazMnnCc
4j+0BaoM8h7M3+kz7EzZMxKC+equNVEJgFhoXCfVKddsDj2HhsbkkdoKCoQlrlAJ
TLS1gVaUi6beA4MlT/exvFPSsZ0oisH5JDZwltsn+1RHP7dXlorzZ2u0U6ngm4kb
EzTkB0nZVhAOiYQxSAlKqhwTyKdEdklXE6egg4eRJ4xj9Y9XzIq/ckpd0gE8s/Nx
UAteXWk0Y+cXLSRGiATkjUTOj0TFC+h0VxUioOv+oE3L7q6C4XeyJc+khAAjENX4
H1V0KtXtrVBfQR8uJg1Wih+9Z1b+hG+5KRzXfpqTZojdpQl1T1FcJMsuJ65plH8F
Sxknnt0Lgp+yJyymPa0l5mfbas5Dkw+mTVl5bankbqqe0kYqyGoZhySZicy1WTaG
AVfYTCc6Qm99U5LVqZBgC28QD5JvuKQPhn3uiiCNQZseIlDsXylYS0xHQIUp7PO1
v4pyAslgSDUK6IOtZ0mG68vffAE7M8izE5Iax1vVu3M=

I would then include information and instructions on the page and print multiple copies.

Example:

Code:

10 bitcoin private keys.
Created 07/09/2012

Encrypted using reference implementation of AES algorithm using a 128 bit key from a passphrase.

============= BEGIN AES PROTECTED BLOCK =============
U2FsdGVkX19/9w7Eu8JcYRKadE02TuYxG9CA3V3aEjLwTr/Gi7h8p9Iwk3Z7yjYG
lqqHa2bAOcD1Xr+KDIGz/uDg4zRD/K0x5cOb2C53Nbsk+D3c9fgIBwhzVfboz7ZU
swNq65U8/oqnvYPKON1RwpmvzJNnCCC3BCf2St4Jaj0cc/J+w/pMkjVfPiK8zfD5
0vhQYe3e3fsfhcbhyctpfO411cqVieCNgTgXR03sNLmseXJpnc8VvU6anazMnnCc
4j+0BaoM8h7M3+kz7EzZMxKC+equNVEJgFhoXCfVKddsDj2HhsbkkdoKCoQlrlAJ
TLS1gVaUi6beA4MlT/exvFPSsZ0oisH5JDZwltsn+1RHP7dXlorzZ2u0U6ngm4kb
EzTkB0nZVhAOiYQxSAlKqhwTyKdEdklXE6egg4eRJ4xj9Y9XzIq/ckpd0gE8s/Nx
UAteXWk0Y+cXLSRGiATkjUTOj0TFC+h0VxUioOv+oE3L7q6C4XeyJc+khAAjENX4
H1V0KtXtrVBfQR8uJg1Wih+9Z1b+hG+5KRzXfpqTZojdpQl1T1FcJMsuJ65plH8F
Sxknnt0Lgp+yJyymPa0l5mfbas5Dkw+mTVl5bankbqqe0kYqyGoZhySZicy1WTaG
AVfYTCc6Qm99U5LVqZBgC28QD5JvuKQPhn3uiiCNQZseIlDsXylYS0xHQIUp7PO1
v4pyAslgSDUK6IOtZ0mG68vffAE7M8izE5Iax1vVu3M=
============= END AES PROTECTED BLOCK =============

You can test the above example using this site.  http://www.everpassword.com/aes-encryptor

WARNING:  Don't use this site to encrypt any real secrets.  I have no idea the security of it.  You may be handing the site operator a plaintext list of your keys.



Personally I would enhance the above concept to use PBKDF2 for producing the decryption key.  This would provide brute-force resistance.  If the wallet is very large I would also use PBKDF2 produce a key which encrypt a random 256 bit number that is actual key for the rest of the wallet.  The example above encrypts all the keys a single block of text.  A better solution might be to encrypt each key seperately and include the public key.  Then you can selectively decrypt one key as needed.  Essentially the method used by bitcoin wallet except on paper.  That might be an interesting enhancement to pywallet.


If you do encrypt your paper wallet remember the algorithm, key generation method, salt, and other technical details ARE NOT SECRETS.  Include plain English instructions maybe even source code to ensure it can be decrypted later.  Good encryption doesn't work on obscurity it works based on mathematical theories that certain operations are cost prohibitive without the secret.  The only thing missing from your encrypted paper wallet should be the passphrase.  It is a common misconception that encryption should be sneaky (like just including a paper with nothing but cipher text) and that adds security.  The only thing that adds it the likelihood that at some point in the future you never will figure out how to decrypt it even WITH the passphrase.

[foo]

Using GPG is clunky because it is intended for asynchronous encryption.  It can be used but if you lose the key then you lose the coins.  You could print the key and store it with the cipher text but then your security becomes only the passphrase. 

Uh, no. gpg -c does symmetric encryption. It does not use a private key.

I would use AES.

gpg -ac --cipher-algo aes

[DeathAndTaxes]

Uh, no. gpg -c does symmetric encryption. It does not use a private key.

gpg -ac --cipher-algo aes

+1 I learned something new today.  I have only ever used GPG for asymmetric.  I knew it used AES behind the scenes because asymmetric is so slow.  Generate a one time symmetric key use the symmetric key to encrypt the payload.  Then encrypt the symmetric key using the public key(s).

I just never knew that functionality was exposed to the user.  So yeah gpg using would work fine.

[unclemantis]

Code:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

jA0EBwMCXNhHsH1oaxdg0sEvAQREqLwJGplz9qp3ofjqsOvjPPb8cCk9t7DxOh+Q
7PGU6aSIJVqWsnJ5wTVQ1xzK//kfoGDGXKyP2WYoCrkBNHg2b9RMzbF+iuEPCOhG
fOajZY5Tn948+zVYQJq2b6MxyKtPSwAATZJDBfsRRiKIcePDansiB8FjBpqvLXoq
RP/svuoagVTQpvrtSFs1V9NzS7fdfIM7dfv6cRn8Dt0vjgJo/ehBc86Wm7SFol/B
CyuOetY4jXuns3b62PKUHoTRh/Qa76NxJxyI0TrzVjHaGdbmYFG4rWLfYqVsBZcY
M6pHXmG77sF73QhJrN2sx/4MVHUAHrc+jo+mmoym3FBUipH6A65iTphkX1PxYS3D
5g7uzlM2PQY94+iZpP1bgfKdQP7t3uGDdonBaI6O4DSLsEIhByKuQoatMofZnG1U
BnGXN2TKUUzdJcUl9na1aD6f7Cywh6zq/Dj8jEbTiGq6tGAagE2M42iLV2kbj2pa
JxVhMxcW8epm8YK6BCuGHWHK7Pzds5R9PcRHW800nsiQ7132dg0AAhqswcTJUlzI
sUV9vbg+5WU6ihNHkMrgc0PVle+g509wc7CE2H96XOdTx8sVHAKw/SI65H1jfKVN
D06BDE0KPSFWDFmvHcU2JxbNhafObT+s/yx+UlnOutoX
=t41Q
-----END PGP MESSAGE-----

I got the above by placing the private key list into a file named plain.txt

Code:

1,5KW4jRYUbux8tW7pvC6V5JxbLkF2w5LMMHUT8R2Dx5SSRBT73Ep
2,5J2YdatPXojY39LgxbXcSkUvxNbbykYxAh6sDPHeemQYMdehKq3
3,5JW4MHQYWTfXoM5vznEyGjr29g2YrSZUqVfA8UcQEwiJNkacJ5v
4,5JSUmPoitJWmWDWkEHoqokASEy7yUNAsdB8saVzt8Dr985mbMMd
5,5Kfi3cciHfpFwhjuaGdHpGUzh5K3Sx9A2vyTBpUsML7tzZ8SFvn
6,5KUxqY7Vu5cpTw78TvFxCzaLupNMRgqF8kFSudAkhvsRra1dGMc
7,5JGkVfJdsj1Wn1R1UD8yQmt2tENzde3Q6DF1kxgq4oBc1tbAvth
8,5J72q9KUP3uPmJBqX4zNtdKAcfjFayRLPmBkUG22cGjaNNDuV9G
9,5KAqsqkG3wM9xfAATdVdhTfm6X1wd1xEtotBgsCrdLPiVzkBoAS
10,5Kb4SAQveqH4btPFjaWSn7aNTv1BDUgfQapedaTeMeNUTRorEbV

I then encoded it by running cat plaintext.txt | gpg -ac --cipher-algo aes > encrypted.txt

To decrypt back to the original plain text I typed this gpg -d encrypted.txt > decrypted.txt

and PRESTO!

I would then print out the encrypted.txt file using an OCR type style and store it everywhere right? Of course include the directions.

So... Did I do good? =)

[casascius]

You can also save the bitaddress output file as a pdf, then store on an encrypted truecrypt volume, as an alternative. I hope this is good enough for your aims.

That or how about just a password-protected PDF?  That has the benefit of being completely usable by a layperson given only the file and the password.  This also uses AES under the hood.

[TangibleCryptography]

sounds good to me.  Nice touch printing it in an ocr font.

Someone likely could build in some nice enhancements like per address encryption, making QR codes of the encrypted strings, key hardening (bcrypt, PBKDF2) to make brute force attack more difficult, etc.  However you got the basics down.  I can't think of any weaknesses in that approach (assuming the passphrase is long enough and can't be dictionary attacked).

[TangibleCryptography]

That or how about just a password-protected PDF?  That has the benefit of being completely usable by a layperson given only the file and the password.  This also uses AES under the hood.

I think his intent was non-digital storage.  How do you print and recover a password protected pdf.  I mean if your goal is just to keep a digital copy you don't need pdf just backup the encrypted wallet.dat.

[unclemantis]

Would be nice of the developer of bitaddress.org could read this post and incorporate encryption into his next release!