Pages:
Author

Topic: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key - page 31. (Read 153371 times)

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Here is a request I'd like to make:

Currently there's a page for Vanity Wallet.

It is presently able to take two private keys in hexadecimal, and provide the EC product of the two, along with its corresponding public key and bitcoin address.  I would like this page enhanced.

Here is what I'd like changed:

1. I would like it to accept key input in any private key format the codebase recognizes (compressed private keys may either be disallowed, or simply not allowed to be combined with uncompressed keys).  Specifically that should include "minikeys" (30-characters) as well as the usual 51-character code that starts with '5'.

2. I would also like it to accept user input of up to one public key - in other words, one box can contain a public key and the other box can be a private key, and the resulting public key and bitcoin address will be shown (with the corresponding private key unavailable, of course).

The reason is that I would like to start offering 2-factor physical bitcoins (mostly my gold-plated savings bar), and have BitAddress.org be the only tool the other party needs to securely participate in this sort of offering.

The reward for completion: Five gold-plated two-factor Casascius savings bars engraved with the vanity addresses of your choice (because you will generate your addresses starting with five different public keys I give you, one for each bar.)  Shipping is included.
legendary
Activity: 1708
Merit: 1020
not sure if kidding...   as far as I know gox mobile is not able to import bitcoin private keys.

Using "Bitcoin by Mt. Gox Mobile", v3.2 (Dec 30, 2011) for Android here's how:

At the bottom is "Transfer", then you see a tab for "Redeem".  Then click the magnifying glass to scan the QR code.  Scan, click "Redeem coins" and you're done.  The app tells you how much coin was on the address and it will automatically sweep that amount into your Mt. Gox account.  If at a later time any more funds arrive at that address, another transaction will be made to sweep them at that time as well.

Another method to redeem these keys is with Blockchain.info/wallet.  This is only done through the web interface, and not from the Blockchain for Android (or iOS) mobile app.

I just had requested this feature from EasyWallet:

One feature that would be useful would be the ability to redeem a private key.

[...]

But if Easywallet were to have this feature (to redeem a private key), I could then hand a paper Bitcoin to someone and then that person can use a mobile to go to Easywallet.org, click Redeem, scan the private key QR code and be done.  After the transaction confirms they can spend it.  That's easy!

thanks for explaining. that is very cool. more apps need it.

@pointbiz: sorry that I could not believe it Smiley

legendary
Activity: 2506
Merit: 1010
Stephen Gornick checks that the online versions checksum matches what is in github.

Oops, I'm late.



I can verify that the BitAddress.org website has been updated and returns the same HTML from the commit with the description v2.0 (54c26d38e68eb87ea5b083f07091b547e10f8eac) in github:
 - https://github.com/pointbiz/bitaddress.org


To confirm this I first check the sha1sum hash of the html returned by a request to http://bitaddress.org:

$ wget --quiet -O - http://bitaddress.org|sha1sum
c0300a88d2de421106560185e4916f4eee6ed9df  -

$ GET -eSd bitaddress.org|grep -i "200 OK"
GET https://www.bitaddress.org/bitaddress.org-v2.0-SHA1-c0300a88d2de421106560185e4916f4eee6ed9df.html --> 200 OK


Then from my bitaddress.org repo:

$ git checkout master
$ git pull
$ git log --pretty=oneline|grep "v2.0"
54c26d38e68eb87ea5b083f07091b547e10f8eac v2.0 Vanity Wallet, Paper Wallet updates

$ git checkout 54c26d38e68eb87ea5b083f07091b547e10f8eac
$ git rev-list --max-count=1 HEAD
54c26d38e68eb87ea5b083f07091b547e10f8eac

$ sha1sum bitaddress.org.html
c0300a88d2de421106560185e4916f4eee6ed9df  bitaddress.org.html
legendary
Activity: 2506
Merit: 1010
not sure if kidding...   as far as I know gox mobile is not able to import bitcoin private keys.

Using "Bitcoin by Mt. Gox Mobile", v3.2 (Dec 30, 2011) for Android here's how:

At the bottom is "Transfer", then you see a tab for "Redeem".  Then click the magnifying glass to scan the QR code.  Scan, click "Redeem coins" and you're done.  The app tells you how much coin was on the address and it will automatically sweep that amount into your Mt. Gox account.  If at a later time any more funds arrive at that address, another transaction will be made to sweep them at that time as well.

Another method to redeem these keys is with Blockchain.info/wallet.  This is only done through the web interface, and not from the Blockchain for Android (or iOS) mobile app.

I just had requested this feature from EasyWallet:

One feature that would be useful would be the ability to redeem a private key.

[...]

But if Easywallet were to have this feature (to redeem a private key), I could then hand a paper Bitcoin to someone and then that person can use a mobile to go to Easywallet.org, click Redeem, scan the private key QR code and be done.  After the transaction confirms they can spend it.  That's easy!
legendary
Activity: 1708
Merit: 1020
Is there an Android app able to import the private key?

Mtgox mobile... but the app crashes for me on jelly bean 4.1.2 used to work great on ice cream sandwich

 Also u can use mtgox.com in Chrome for Android

not sure if kidding...   as far as I know gox mobile is not able to import bitcoin private keys.

If it is not available maybe we should suggest it to one of the app developers (bitcoinspinner, bitcoinwallet). I think it would be relatively simple for them to add this feature.
sr. member
Activity: 437
Merit: 415
1ninja
are there people scrutinizing these new releases to ensure there are no changes to the private key generation or presentment that shouldn't be there?

I review pull requests sent by others. On various occasions people have reported bugs in the code and version 0.1 to 0.4 are no longer online; I made the project open source and available at github at request on this thread and started the commits with v0.5.

v0.5 to v2.0 are online and I recommend you use the last version you have reviewed yourself if you read JavaScript.

Stephen Gornick checks that the online versions checksum matches what is in github.

I would like to invite others to review the safety of the code. I have attempted to arrange the code in a way that the libraries can be reviewed separately from the ninja code. I have recently refactored the wallet code such that each wallet has separate code and does not use methods from the other wallets. So reviews can be focused on the wallet you personally use.
sr. member
Activity: 437
Merit: 415
1ninja
Is there an Android app able to import the private key?

Mtgox mobile... but the app crashes for me on jelly bean 4.1.2 used to work great on ice cream sandwich

 Also u can use mtgox.com in Chrome for Android
legendary
Activity: 1708
Merit: 1020
Is there an Android app able to import the private key?
sr. member
Activity: 437
Merit: 415
1ninja
Another simple enhancement idea:

upon clicking the Print button, if the user has not generated new addresses since the last time he clicked it, it should tell him: "For security, new addresses will be generated before printing.  Continue?"  (OK=regenerate and print, Cancel = do nothing).

This will help avert a potential disaster if a user unknowingly prints a large batch more than once and then distributes the duplicate batches.

I realize it's of little use if the user chooses Print from his browser rather than the Print button in the page, but it's far better than nothing, and I think most users will use a Print button provided to them anyway when available, knowing it gives them the overall best chance of printing a print-friendly version.  The advanced user also maintains the option to reprint a batch if needed: he can just use the browser's Print function.

Interesting. Good usability idea.
sr. member
Activity: 437
Merit: 415
1ninja
PointBiz,

What is next on your list?

Creating offline transactions from just the script hashes/indexes and private keys?
Or some multisig magic?

N1bor

I'd like to do something with split keys for the use case of savings wallets. The goal would be to have a secure paper wallet if both computers are compromised. A casual user should be able to use bitaddress.org at work and at home to print each part of the key. Keys will need to be split and matched in bulk because once you bring a key back together it is "compromised" (if you are sufficiently paranoid) and must be spent immediately to another address. Users would divide their savings up into convenient amounts so they can cash out small portions of their savings without compromising the whole amount. For example taking 1000 BTC and sending 50 BTC to 20 bitcoin addresses. You print two copies of each half key (A & B). Keep one set of copies together in a safety deposit box (A + B). Keep one half of the keys at work (A) and one half of the keys at home (B).
legendary
Activity: 873
Merit: 1000
are there people scrutinizing these new releases to ensure there are no changes to the private key generation or presentment that shouldn't be there?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Another simple enhancement idea:

upon clicking the Print button, if the user has not generated new addresses since the last time he clicked it, it should tell him: "For security, new addresses will be generated before printing.  Continue?"  (OK=regenerate and print, Cancel = do nothing).

This will help avert a potential disaster if a user unknowingly prints a large batch more than once and then distributes the duplicate batches.

I realize it's of little use if the user chooses Print from his browser rather than the Print button in the page, but it's far better than nothing, and I think most users will use a Print button provided to them anyway when available, knowing it gives them the overall best chance of printing a print-friendly version.  The advanced user also maintains the option to reprint a batch if needed: he can just use the browser's Print function.
sr. member
Activity: 438
Merit: 291
PointBiz,

What is next on your list?

Creating offline transactions from just the script hashes/indexes and private keys?
Or some multisig magic?

N1bor
sr. member
Activity: 438
Merit: 291
Thanks pointbiz...

Incase anyone wonders what the Vanity bit is for see:
https://bitcoinvanity.appspot.com
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Absolutely awesome, printed QR codes look great!  Codes in black toner are much more readable on printouts.
sr. member
Activity: 437
Merit: 415
1ninja
v2.0
https://www.bitaddress.org/bitaddress.org-v2.0-SHA1-c0300a88d2de421106560185e4916f4eee6ed9df.html
 - Added Vanity Wallet merged from n1bor
 - Paper Wallet merged high resolution QR code from ironwolf
legendary
Activity: 2506
Merit: 1010
v1.9
https://www.bitaddress.org/bitaddress.org-v1.9-SHA1-a487b495d710d6f617d688e5f758e40c8b6c510e.html
 - fixed Testnet Edition WIF and Compressed WIF private keys. It now prepends
   the correct byte (0xEF) for testnet when activated.



I can verify that the BitAddress.org website has been updated and returns the same HTML from the commit with the description v1.9 (770d933029b8bbb56539d866db6b8fa37f262102) in github:
 - https://github.com/pointbiz/bitaddress.org


To confirm this I first check the sha1sum hash of the html returned by a request to http://bitaddress.org:

$ wget --quiet -O - http://bitaddress.org|sha1sum
a487b495d710d6f617d688e5f758e40c8b6c510e  -

$ GET -eSd bitaddress.org|grep -i "200 OK"
GET https://www.bitaddress.org/bitaddress.org-v1.9-SHA1-a487b495d710d6f617d688e5f758e40c8b6c510e.html --> 200 OK


Then from my bitaddress.org repo:

$ git checkout master
$ git log --pretty=oneline|grep "v1.9"
770d933029b8bbb56539d866db6b8fa37f262102 v1.9 Testnet Edition fixes

$ git checkout 770d933029b8bbb56539d866db6b8fa37f262102
$ git rev-list --max-count=1 HEAD
770d933029b8bbb56539d866db6b8fa37f262102

$ sha1sum bitaddress.org.html
a487b495d710d6f617d688e5f758e40c8b6c510e  bitaddress.org.html


[Update: Had to update the procedure since there had been commits to master since v1.9.]
sr. member
Activity: 438
Merit: 291

My thoughts are that it should use the WIF private key in all cases. I had to open bitaddress in another browser tab to convert the WIF from vanitygen to HEX for the vanity tab. Is there a reason we shouldn't use just WIF? Or alternatively we could extract the private key detection used in the wallet details tab so any private key format could be used.

I was trying to avoid using WIF for the "part-private-keys" and "part-public-keys" as then they look different from the key you have to import into the wallet. Although once you get your head round it all the fact that there are 3 private and 3 public keys washing around in the process is obvious, for the casual one off user it could get confusing. By making the keys look different they are less likely to try to import the wrong private key into the Wallet and then be disappointed!

Regarding the UI we could possibly create two parts inside that tab. So it's clear there is Part/Step 1 and Part/Step 2. We can use the expand collapse UI like the FAQs on the bulk wallet tab.

Agreed - will do tomorrow, and update git.
sr. member
Activity: 437
Merit: 415
1ninja
v1.9
https://www.bitaddress.org/bitaddress.org-v1.9-SHA1-a487b495d710d6f617d688e5f758e40c8b6c510e.html
 - fixed Testnet Edition WIF and Compressed WIF private keys. It now prepends
   the correct byte (0xEF) for testnet when activated.
sr. member
Activity: 437
Merit: 415
1ninja
Have added a pull request for the Vanity Address Tab to Git:
https://github.com/pointbiz/bitaddress.org/pull/3

Any chance of someone to reviewing it?
Is trival, just 126 lines added and one changed.

I saw on github you are still making changes. I will consider adding your tab. Could you also merge with the newest version v1.7 ?

I'd like to give this Vanity Address thing a try... do you have a link that would guide me through the process?
Who do I contact to find the vanity address?

I have rebased to your latest version. Give it a try.

To test out download vanity generator from:
https://bitcointalksearch.org/topic/vanitygen-vanity-bitcoin-address-generatorminer-v022-25804

Then create a new key on the tab. Keep the private key safe.
Then run:
oclvanitygen.exe -P PUBLICKEYFROMABOVE 1prefix

This with after some time return a private key.
If you then put this private key and the one you originally generated into the bitaddress.org page it will then
generate the actual private key in WIF and confirm that the address is the one that starts with the prefix you want.

In a vanity pool someone else would run the oclvanitygen for you.



Ok, I tried it. I understand the concept and read some of the related threads.

My thoughts are that it should use the WIF private key in all cases. I had to open bitaddress in another browser tab to convert the WIF from vanitygen to HEX for the vanity tab. Is there a reason we shouldn't use just WIF? Or alternatively we could extract the private key detection used in the wallet details tab so any private key format could be used.

I like the descriptions you have for each area.

Regarding the UI we could possibly create two parts inside that tab. So it's clear there is Part/Step 1 and Part/Step 2. We can use the expand collapse UI like the FAQs on the bulk wallet tab.

Pages:
Jump to: