Topic: How do paper wallets work? (Read 1294 times)

Not to be picky on the security, but that site sends your keys over the network in plaintext (not even https), meaning not only do you have to trust the server but also every internet node along the way. Someone could specifically be sniffing that site, and all public addresses generated from it would be easy to recognizable on the blockchain if you tried to use them. That would potentially give an attacker instant access to your money. Then again I'm being paranoid

Thanks, i will try it

Thank you guys SO MUCH. This was what I didn't understand but after reading all of the responses I have a much better understanding. I'm going to refer back to this a lot.

Generate the private key ("3FB87FD7F7BA0A99FE57BFEEE53ED702B960A4722C28911E9C0FBFF0F124ED43" in the example above), enter it into the "0 - Private ECDSA Key" field on this page: http://gobittest.appspot.com/Address, and click on send. The page will show you all the steps used to create the public key.

Thanks for your feedback!

OK, since rumbitla is offline and this has dropped off the front page, I will hazard this ...

Use bitadress.org (sorry) wallet details tab, or use the keyconv utility than comes with vanitygen. [EDIT] Just tried it, seems you also need a base58 converter (google it) before keyconv will accept it. I also came across brainwallet.org which is another offline key generator.

And and as a bonus, to caclulate the sha256 of the picture ... download it to your PC and google for a sha256 hash calculator (I used the one built into my hex editor HxD). But don't use a public picture, use one from your digital camera for example. Then you have a secret picture key that you can use to recreate your private key at will, cool  

Interesting process, never heard of that before.  Thanks.

How did you calculate the corresponding Bitcoin Address?

You can take a random photo, and calculate the sha256 of that file.

For example this photo:



gives you a sha256 value of: 3FB87FD7F7BA0A99FE57BFEEE53ED702B960A4722C28911E9C0FBFF0F124ED43

convert to base58 format: 5JJMEwwis8xEE94RhAEYwL1C7NS2nBPjZSqpKBzZReKmvtqR5j8
which is your standard format private key.

calculate corresponding Bitcoin address: 1D3GRn91KXWwMkpCkzw7j1f286kk6SyRPW


DO NOT use photos you found on the internet like I did in this example, but choose a random photo taken with your digital camera. This gives you a highly random key if you do not trust bitaddress.org or vanitygen.

OK, but it is fully opensource. Download it from the github https://github.com/pointbiz/bitaddress.org -as for getting the code audited, well I guess someone would have noticed anything seriously wrong by now, but it is a risk, as is the case with vanitygen or any other open source software. But the risk is much greater with proprietary software.

Anyway, no I don't know of any alternatives, but you could try asking on the development forum https://bitcointalk.org/index.php?board=6.0

let's just say I don't trust bit address.org, do I have other alternatives except vanitygen?

Paper wallets can be USB to

Well you wouldn't do it by hand (like tossing a coin 256 times), though this would work and give you a valid private key.

You use bitaddress.org or vanitygen, which generates the random private key, does all the conversions and also (the step rumbitla left out), creates the address from the private key using some tricksy math.

Or if you did do all that coin tossing, just plug the hex value (64 hex characters) into the wallet details tab of bitaddress.org to do the conversions for you.

is this really going to work? how do you get an offline address after having the private key?

Thanks so much for sharing; I've wondered about this for a while and the article from Perry looks great.

Best read in conjunction with the other posts here though! [:

I think it's using cryptography + printer to save the keys... 

Great explanation, thanks.

You have not really "loaded" anything - there IS no connection with your private key or your wallet, yet. All that has happened is that the 1 BTC has been registered as "belonging" to that public key in the blockchain. This just tells everyone on the network that this money can't be reused until someone shows up with a private key that's able to generate the same public key. IOW, the money is now "locked" from further use.

And that's the deal. ANYONE who shows up with a private key matching that public key are now allowed to spend that money. However, you are the only person able to do that, because you generated the keys in the first place. The way the system works makes it mathematically very very difficult for anyone else to create a matching private key.

You may also want to check out http://en.wikipedia.org/wiki/Public-key_cryptography.

This is really the heart of cryptography - As demonstrated by rumbilita, the random input (step 1) is used as a basis for your private key (step 2) and this is used as a basis for the public key (step 3). There is a consistent method to produce the private key, which will consistently match to the public key. It is not possible for anyone else to reverse the method to produce the private key, so your private key alone is sufficient to grant access to the bitcoin wallet.

The only trap (as mentioned in the article) is if you don't use a unique input to produce the private key. Aside from that, there are very slim chances that another person could produce the same private/public key pair.


Correct, at that point the bitcoin blockchain has recorded a transaction of 1 BTC to the public address. At any time in the future, you can submit another transaction to send that 1 BTC to another public address, and all that is required to authorize the transaction is your private key. That is why protecting your private key is imperative, if someone gets your private key the first thing they will do is send all the bitcoins out of your wallet to a public address they control.

And you can plug the address into blockexplorer (or blockinfo.org) to check the transaction history and balance ...

http://blockexplorer.com/address/1KxKa6tGYJNUgHLQbDiT9PXAJcYhm7PC76

You can save bitaddress.org to a file (or just download it from github), so your offline computer does not even need to be temporarily connected to the internet. Also a LiveCD linux boot disk is recommended so you do not leave any trace. Alternatively a VM like VirtualBox or VMWare can be used on your normal computer (though with a slightly greater risk of malware sniffing your keys).

Another useful toy is vanitygen, which does exactly the same job but lets you select the firstbits (see my sig for example). You can plug the generated private key address into the wallet details tab of bitaddress to get the full details of the key pair (eg public key address for signing).

Paper wallets are a bit trickier to use for spending as you need to import the private key into a wallet, one of the online ones is probably easiest to use. But be sure to send the entire balance to a new paper wallet after your transaction as your private key has now been exposed to the wallet provider (or a keylogger if you tediously typed it in) and will be at risk of theft. There is also the matter of "change" as some wallets (eg bitcoin_qt) send this to a NEW address within the wallet, not back to your original paper wallet. So if you don't know for sure how it works you may even lose all your bitcoin if you lose access to that wallet. I recommend you get familiar with the entire process first (using small amounts of coin that you can afford to lose) before committing your life savings