how to generate a valid private-key + recv address in PHP?

scintill

sr. member

Activity: 448

Merit: 252

Quote from: Richy_T on November 26, 2013, 11:14:21 AM

This disappeared (link no good). Anyone have a copy anywhere?

I removed it, for being embarrassed about its weak key generation (!), and not wanting to enable people to unwittingly generate weak keys. Also, someone has made a more flexible fork called PHPCoinAddress, but I would recommend at least applying my patch here, in addition to ideally studying secure key generation for your configuration/platform (at least if you are doing something high-risk/high-value in production.) Feedback on my pull requests to PHPCoinAddress is welcome. Thanks.

Richy_T

legendary

Activity: 2436

Merit: 2119

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k

Quote from: scintill on August 31, 2012, 12:53:02 AM

For the challenge and to learn more about Bitcoin, I implemented this in pure PHP (bcmath extension required, but I think that's pretty standard. Edit: Goes much faster with GMP extension!) Please check it over yourself before using it! I checked several keypairs with Casascius' address utility and they look good, but I'm not an expert, and there aren't real solid tests of the code. Most of the work is by a pre-written ECC lib I found.

Anyway, the code, with a demo embedded, is at https://gist.github.com/3549107. ~~It is a little slow right now but could be sped up by using GMP instead of bcmath.~~ I don't know if anyone still cares or if the bounty has been claimed, but it'd be nice to have.

If there's interest, let me know, and I will extend and/or test it better.

Edit: Cleaned up the code and made it use GMP if possible, as it is much much faster. Also found ways to use the ECC lib's helper functions more, so there is less code.

This disappeared (link no good). Anyone have a copy anywhere?

Richy_T

legendary

Activity: 2436

Merit: 2119

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k

This code generates a mini-key if anyone's interested. I was looking for the next step, priv->pub key when I ran across this thread. It needs tidying of course and I just remembered I'm using the non-crypto rand() so that will need to be fixed too. Maybe I should just delete it Cheesy

Edit: OK, fixed to use /dev/urandom. Use /dev/random if you'd prefer.

Code:

  #Below is full list of available characters.
  #"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
  $fp=fopen("/dev/urandom","r") or die;
  $available_chars="23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz";
  do{
    $minikey='S';
    for($i=0;$i<29;$i++){
      while(($c=ord(fgetc($fp)))>=strlen($available_chars));
      $minikey.=substr($available_chars,$c,1);
    }
    $check=hash('sha256',$minikey . '?') . "\n";
  }while(substr($check,0,2)!='00');
  fclose($fp);
  $priv=hash('sha256',$minikey);
  print "Minikey: $minikey\n";
  print "Privkey: $priv\n";
?>

Note that I deliberately exclude "1' and 'o' but you may add them back in if needed.

BCB

vip

Activity: 1078

Merit: 1002

BCJ

I've been testing importing and extracting and paying key and all seems to be working fine.

kjj

legendary

Activity: 1302

Merit: 1025

Someone asked in a PM, so I wrote an example.

Code:

$bits_desired=256;
$bytes_desired=ceil($bits_desired/8);
echo "Asking for ".$bits_desired." bits of random (".$bytes_desired." bytes)\n";
if(TRUE==($fp_ent=fopen("/proc/sys/kernel/random/entropy_avail","r"))){
$ent=trim(fgets($fp_ent));
echo "Entropy available: ".$ent."\n";
if($ent>$bits_desired){
  if(TRUE==($fp_rand=fopen("/dev/random","r"))){
   $r=fread($fp_rand,$bytes_desired);
   echo bin2hex($r)."\n";
  }else echo "Failed to open /dev/random.\n";
}else echo "Not enough bits available.\n";
}else echo "Unable to get status of entropy pool.\n";
?>

scintill

sr. member

Activity: 448

Merit: 252

Quote from: kjj on October 12, 2012, 03:07:42 PM

Quote from: BCB on October 12, 2012, 02:49:14 PM

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Your best bet is probably to fopen /dev/random and read 32 bytes from it. Be warned that /dev/random will stall until it comes up with enough entropy to complete your request. Check /proc/sys/kernel/random/entropy_avail first, or use /dev/urandom (unsafe).

Yeah, that sounds good to me. I didn't know about that proc file, that's cool.

Glad it's working for you, BCB.

kjj

legendary

Activity: 1302

Merit: 1025

Quote from: BCB on October 12, 2012, 02:49:14 PM

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

Your best bet is probably to fopen /dev/random and read 32 bytes from it. Be warned that /dev/random will stall until it comes up with enough entropy to complete your request. Check /proc/sys/kernel/random/entropy_avail first, or use /dev/urandom (unsafe).

BCB

vip

Activity: 1078

Merit: 1002

BCJ

scintill

Works like a charm. Is there any more info on how to generate a sufficient amount of entropy when generating key pairs for real world use (line 42).

Thanks!

payb.tc

hero member

Activity: 812

Merit: 1000

thanks, i care, and look forward to reviewing your work.

scintill

sr. member

Activity: 448

Merit: 252

For the challenge and to learn more about Bitcoin, I implemented this in pure PHP (bcmath extension required, but I think that's pretty standard. Edit: Goes much faster with GMP extension!) Please check it over yourself before using it! I checked several keypairs with Casascius' address utility and they look good, but I'm not an expert, and there aren't real solid tests of the code. Most of the work is by a pre-written ECC lib I found.

Anyway, the code, with a demo embedded, is at https://gist.github.com/3549107. ~~It is a little slow right now but could be sped up by using GMP instead of bcmath.~~ I don't know if anyone still cares or if the bounty has been claimed, but it'd be nice to have.

If there's interest, let me know, and I will extend and/or test it better.

Edit: Cleaned up the code and made it use GMP if possible, as it is much much faster. Also found ways to use the ECC lib's helper functions more, so there is less code.

kjj

legendary

Activity: 1302

Merit: 1025

Quote from: hamdi on August 30, 2012, 10:04:46 AM

i now use vanitygen via exec(); from php.
i then present the enduser with the bitcoin-address where he can pay his money,
at the same time the private-key is sent to an off-site bitcoind to be imported there.

You'd be better off generating the pair remotely, and pulling the address into the customer-facing server.

The stuff that you don't want stolen is being created in the place that you are worried about it being stolen from. That isn't a great idea, even if you delete it right away.

hamdi

hero member

Activity: 826

Merit: 500

i now use vanitygen via exec(); from php.
i then present the enduser with the bitcoin-address where he can pay his money,
at the same time the private-key is sent to an off-site bitcoind to be imported there.

kjj

legendary

Activity: 1302

Merit: 1025

Quote from: 1541 on August 30, 2012, 03:23:35 AM

But there is no real "out of the box" PHP solution ready, right?
As most PHP based onlineshops (oscommerce, xtcommerce, zen-cart,...) run on a shared webspace, they would really benefit from a solution that does not rely on "bitcond" running as a service (or external server).

If you don't trust the host that runs your web store with your wallet, you really shouldn't trust it with the stuff that your wallet it made of either.

1541

newbie

Activity: 19

Merit: 0

But there is no real "out of the box" PHP solution ready, right?
As most PHP based onlineshops (oscommerce, xtcommerce, zen-cart,...) run on a shared webspace, they would really benefit from a solution that does not rely on "bitcond" running as a service (or external server).

kjj

legendary

Activity: 1302

Merit: 1025

By the way, this is possible to do entirely in PHP, no calls to an external program. You need a PHP library for doing EC math (there is one, LGPL), the curve definition for secp256k1 (copies of SEC2 are available for free on the web) and a little code to glue it all together.

The nice part is that if you do it all internally, you can specify the private key rather than asking the program for one at random.

hamdi

hero member

Activity: 826

Merit: 500

i use vanitygen in the back now

crazy_rabbit

legendary

Activity: 1204

Merit: 1001

RUM AND CARROTS: A PIRATE LIFE FOR ME

How did this work out? I would be interested in seeing exactly how you did it in the end.

gweedo

legendary

Activity: 1498

Merit: 1000

http://bitcoin.stackexchange.com/questions/2289/php-script-to-create-private-key-public-address

bitcoin address is in the sig

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Incidentally, a Python version here:

- https://bitcointalksearch.org/topic/simple-script-to-generate-address-from-private-key-84238

hamdi

hero member

Activity: 826

Merit: 500

read, i set a bounty of 1 btc

Topic: how to generate a valid private-key + recv address in PHP? (Read 15458 times)