If you need "a new Bitcoin address that begins with a 3", and want to know how to create them relatively fast and use them safely, then this is for you.You need access to a Linux machine, such as a desktop or laptop computer running Ubuntu or some other common distribution, or an online or offline virtual machine. (If someone wants to translate this to Windows, be my guest.)
A P2SH-wrapped-P2WPKH Bitcoin address is a pseudo*-segregated witness (segwit) address, in other words, a Bitcoin address beginning with a "3", compared to legacy addresses (a.k.a P2PKH addresses) that always begin with a "1". They are sometimes referred to as "wrapped". Example (DO NOT USE THESE EXACT ADDRESSES SINCE THEIR PRIVATE KEY IS EXPOSED; YOU WILL BE ROBBED):
Legacy/P2PKH address: 1GT82JgvX7WDtwHzRMRg2xGi6v5hGoJbDu
P2SH-wrapped-P2WPKH address: 35PLQyoXs2sk9QDqMv7bBGowxP1pjwXAMe
Private key (for controlling both): KzLvnctuw7tMdg5hv1NXj4X515rbweDsgoyigtDgGgsqV9dW2kNo
Until P2SH-wrapped-P2WPKH addresses and spent from, they are indistinguishable from "real" segwit addresses, but as with legacy addresses they rely on only one (1) private key, which I why I call them "pseudo-segwit". For the record, they are always compressed (legacy Bitcoin addresses may be both uncompressed and compressed; others have written in length about that).
P2SH-wrapped-P2WPKH Bitcoin addresses several advantages over legacy addresses, such as low transaction fees, but also several considerations. Even though it is not absolutely necessary, I recommend that you take a few minutes and read up on the basics. Two decent starting point are:
https://bitcoincore.org/en/segwit_wallet_dev/https://medium.com/@buddhasource/bitcoin-legacy-vs-segwit-wallet-address-what-is-the-difference-cb2e71ab8381According to numerous sources, it is extremely easy to create and use P2SH-wrapped-P2WPKH Bitcoin addresses,
but I couldn't find a simple step-by-step guide, so here we go. I'm looking forward to hearing your feedback!
GUIDE (the code is not explained in depth)1. You need to is to create a
safe 32-byte private key. There are a million different articles, scripts, codes, and so forth published about this topic. The shortest possible version is that you need to produce 32 bytes that are as close to true randomness as possible. This can actually be achieved with only one line of code (yes, it is considered safe, google it):
openssl rand -hex 32
an example output is (again - do NOT re-use my example numbers)
5d399c02e9642adb56a334b69898032747edbac8e038c6ba7adbc658bf3f53d9
2. You must convert these 32 bytes (here in hexadecimal format) into its corresponding
compressed Bitcoin private key. There are many tools for this; one of my personal favorites is (avoid online conversion tools, you NEVER want to expose your private key on a webpage):
https://github.com/matja/bitcoin-tooland the command is (using the numbers generated in step 1)
./bitcoin-tool --input-type private-key --input-format hex --output-type private-key-wif --output-format base58check --network bitcoin --public-key-compression compressed --input 5d399c02e9642adb56a334b69898032747edbac8e038c6ba7adbc658bf3f53d9
which will output the private key (guard your real private keys with your life)
KzLvnctuw7tMdg5hv1NXj4X515rbweDsgoyigtDgGgsqV9dW2kNo
3. You need to find out the corresponding legacy public address. This can be achieved in many ways, such as importing the private key into a wallet (more on that later), but for now, let's stick to code and use the same tool again, so that
./bitcoin-tool --input-type private-key --input-format hex --output-type address --output-format base58check --network bitcoin --public-key-compression compressed --input 5d399c02e9642adb56a334b69898032747edbac8e038c6ba7adbc658bf3f53d9
which will output
1GT82JgvX7WDtwHzRMRg2xGi6v5hGoJbDu
4. A public Bitcoin address is, such as the one above, base58check-encoded (google it), and in order to move on, we need to convert it to RIPEMD-160 (a.k.a. Hash160). This too can be achieved with a single line of code (using the public key from the step above):
echo -n '1GT82JgvX7WDtwHzRMRg2xGi6v5hGoJbDu' | base58 -d | xxd -p | cut -c3-42
which will output
a97a9058829417d4c581ad5004b6e46cc680063d
5. We now have everything we need to convert this to a P2SH-wrapped-P2WPKH address. First, we need to add a certain prefix and produce a single SHA256 hash of the combination (using the numbers from above):
echo '0014'+'a97a9058829417d4c581ad5004b6e46cc680063d' | xxd -r -p | openssl sha256 | tail -c65
which will output
15d62f464163bb0f6edafd421b83356fef88682b727a1e318ce633ccf1651d4d
6. The above SHA256 hash needs to be hashed once with RIPEMD-160, so:
echo '15d62f464163bb0f6edafd421b83356fef88682b727a1e318ce633ccf1651d4d' | xxd -r -p | openssl ripemd160 | tail -c41
will output
288873634ae24a3c9b6792cc7e2a084ec79ef68b
7. Hang in there, we now need to pad this with another prefix, using the numbers from above, and convert all of it to base58check (the &&-part may be omitted, but it is there to create a nice linebreak in the terminal):
echo '05'+'288873634ae24a3c9b6792cc7e2a084ec79ef68b' | xxd -r -p | base58 -c && echo ''
which will output
35PLQyoXs2sk9QDqMv7bBGowxP1pjwXAMe
And what do you know, there is your new and super-safe P2SH-wrapped-P2WPKH Bitcoin address!
8. You may now use your new P2SH-wrapped-P2WPKH Bitcoin keypair
35PLQyoXs2sk9QDqMv7bBGowxP1pjwXAMe
KzLvnctuw7tMdg5hv1NXj4X515rbweDsgoyigtDgGgsqV9dW2kNo
in all wallet software and online wallets that support segwit (all of them in 2020?). Tell people to fill your new "3-address" to the rim!
I personally like Electrum:
https://electrum.org/Create a new wallet, on the second page choose "Import Bitcoin address or private keys" and in order to get it working in this splendid wallet, you need to specify a prefix, so enter
p2wpkh-p2sh:KzLvnctuw7tMdg5hv1NXj4X515rbweDsgoyigtDgGgsqV9dW2kNo
and click "Next". When all is complete, move over to the address tab, right-click and show private key, and you should see your new address and its private key like so:
If you want to use Bitcoin Core instead, the command you are looking for is
importmulti
More information here:
https://bitcoincore.org/en/doc/0.18.0/rpc/wallet/importmulti/9. Have fun and stay safe with your new "3-addresses"!
In summaryI was surprised not to find a tutorial like this online. I hope you liked it and will find it useful. It should be really straight-forward to turn all of the above into a bash script (or python, if you're cocky). In fact, please do!
Remember: Never use private keys found online, especially not from educational examples like this, and never submit your private keys to online conversion tools (most of them exist to scam you). All of the above can and should be performed offline.
What do you think of this guide?