Author

Topic: Decrypting Blockchain.org "My Wallet" Second Password (Read 1633 times)

legendary
Activity: 2296
Merit: 1014
Quote
however, I've not been able to decrypt this successfully when plugging my values in (taken from my own export) into a site such as these below:
Well its blockchain.info creation so you should ask them how exactly their function work and why when you put your values there it doesn't work u think it should.
There is low chance that some computer science guy will answer you, probably just support that have 0 knowledge over this.
So you can always brute-force this function especialy when you have password that you can put to make brute-force easier.
newbie
Activity: 8
Merit: 0
i am too interested in this ...any chance to decrypt?
newbie
Activity: 1
Merit: 0
Hi,

The webpage https://blockchain.info/wallet/wallet-format details how the "My Wallet" information is stored as a JSON object, and then encrypted using AES-256.

The webpage also explains how the private key is encrypted with a "secondary password".

When you attempt to Export your "My Wallet" information, you have the option to "Leave Private Keys Encrypted".  This results in your private keys staying encrypted, and is displayed in a readable format similar to this:

    "priv" : "ASDKFcqMh7jfsuLgtdMwvrw29lBjfaH3gshahklrQ+v9KOxFAULDljGV7SKTXQF7QL8KWqdcjjsgk95tlMYHHg=="},
    "sharedKey" : "5ad12271-57d5-6ad8-79ce-49755a99f539",

The webpage also shows how encryption occurs like this:
var encryptedPK = Crypto.AES.encrypt(encrypted_pk, sharedKey + secondPassword);

I would like someone to explain how I can decrypt my "priv" key from the the ciphertext in the JSON object above.

I had assumed that I could simply plug the relevant values into an AES decryption routine - to derive the plaintext of my private keys.  However, I've not been able to decrypt this successfully when plugging my values in (taken from my own export) into a site such as these below:
   http://cryptojs.altervista.org/secretkey/aes_cryptojs-v3.html
   http://www.everpassword.com/aes-encryptor

I would like to verify for myself EXACTLY how the secondary password may decrypted, by using a website outside of blockchain to test the decryption - breaking down the operation clearly - so I can see what's going on.

Essentially, I would like to decrypt the "priv" string above, using my own the knowledge of my sharedKey and the SecondPassword.

How can I do this please?  Can someone provide a step by step breakdown of exactly how I can do this decryption please?

Many Thanks,


Rob
Jump to: