Topic: i need to know the private keys for my bitcoin core descriptor wallet (Read 192 times)

i think its good to lock tech support threads if they have been resolved which mine has. thanks to everyone who replied to the thread!

i dont see how someone could leak out a child private key though. if they're that careless, they might as well be leaking out the parent private key in which case it wouldn't really matter what type of derivation they were using.

ok i think that was the issue i think the addresses are matching now for the p2pkh. thanks for the clarification.

Aside from being standard with BIP44, BIP49, BIP84 and BIP86.
It enables the wallet to create "HD watch-only" wallet, you can use that to create a Cold-storage setup or for HD wallet monitoring purposes.

You can't do that with hardened derivation since you can't use the extended public key to derive hardened children public keys.

It should, Electrum's master key is actually equivalent to an extended key at "account_index" level.
His tutorial is quite hard to follow because of integrating two separate tutorials in one instruction.
But he mentioned that you should import the "Account Extended Private Key" (as named by the BIP39 tool's author) which is the extended private key at account_index.

i dont think this works.

non-hardened keys seem like they don't serve any purpose then. i don't even see the point of having them.


yeah using other tools like ian coleman and electrum is just a way to get started. i'm not saying i trust them. but i would use them as a quick check before learning how to write a script that i can trust. but as i mentioned to you, when i tried verifying the p2pkh addresses with electrum it doesn't work. so that's one reason i can't trust something like electrum. wrong output.

Why did the Bitcoin Core team opt for non-hardened keys? Since hardened keys are more secure without the risk of compromising a single or more keys, is it not possible to calculate the extended private key together with the extended public key?

And also why do most wallets default to non-hardened keys?

Wouldn't it be more logical for most these wallets to opt for hardened keys as they are safer?

Which wallets use hardened keys?

Not entirely that, it's the difference in the derivation used in legacy and descriptor wallets;
Specifically, non hardened derivation from the chain index to address index which falls to the "weakness" in the link in my previous reply.

It's the consequences of exposing a single private key.
And since the extended public key is already easy to get into;
With non-hardened derivation, all of the associated private keys of its parent extended key could be compromised alongside with it.

In that case, how do you verify that the dumpprivkey result derives the correct address without a script the you own or at least audited?
If you're using other's tools or wallets that you haven't audited, then that didn't verified anything since you're also trusting that the result of the other software is correct.

very detailed and helpful information. i can honestly say that the electrum stuff i would have never been able to figure that out or find anything about it. so thanks for putting that in. i still have to test the electrum instructions out but the ian coleman instructions seems to work so thanks for that.

one thing i dont like is how bitcoin core just kind of forgets about the addresses it generates. if you don't keep track of them then they are GONE.   of course with a tool like ian coleman you can look them all up...

that may be true but what i noticed is it uses the same exact xpriv on all the address types when i run "listdescriptors true" so i dont really think it would be necessary to back anything up but the xpriv. for that you could use pen and paper or metal engraving. you can't use those things to backup a binary file...now of course, i dont know if bitcoin core would let you restore the wallet just by you supplying the xpriv but if the binary file was instead a text file i don't see why you wouldn't be able to.

but alas the devs have struck again with this undocumented binary file format. i say undocumented because we don't know how to create it even though we know what information it needs. the xpriv and that's it.

OP if you want to get one or more private keys from the root key of your bitcoin core wallet, the easiest way is for you by following @nc50lc's instructions by writing listdescriptors true in the console, get the root key (xpriv--bunch-of-numbers-random-base-58-format), you will need 2 tools: iancoleman converter (html page that can be loaded both online and offline) and the electrum wallet, when downloading them, check the gpg signature to guarantee the integrity of the files (recommended). Take the following steps from an offline air-gapped machine to ensure that you don't accidentally leak your wallet's sensitive data, which is the extended private keys.

Open the iancoleman html page, paste the root key of your bitcoin core wallet in the field: BIP32 Root Key.

Below you will see the Derivation Path tab with the tabs, the ones we are interested in are BIP44, BIP49 and BIP84. Each BIP represents a type of address, being:

BIP44 = produces legacy or p2pkh addresses (addresses starting with the prefix 1).
49 = Nested segwit addresses or p2wpkh-p2sh, these are addresses starting with 3.
84 = Finally, these are native segwit or p2wpkh addresses starting with bc1

When you click on each of these tabs, there will be all the addresses of your bitcoin core wallet with the public keys and private keys, which is what you are looking for. You can compare the addresses and you will see that the reproduced addresses are the same as your bitcoin core wallet.

However, if you want to have these private keys more accessible whenever you need them without having to do this all the time (as this can greatly expose you to the risk of accidentally leaking data or some security breach). you must follow the procedures below:

[Attention, you will need to do this process 3x times to restore wallets with each type of address above] Open the electrum wallet, select you want to create a new wallet > standard wallet > Use the master key... copy the extended private key that is in the field: Account Extended Private Key of the BIP44, BIP49 or BIP84 tab and paste it into Electrum.

However, as bitcoin core only supports root keys in legacy format (xpriv = legacy or p2pkh format), when listing your bitcoin core root key, it will show the root key only in legacy format, electrum will only restore the legacy addresses of your bitcoin core wallet in the BIP-44 derivation path which that key.

If you want to get all your wallet address scripts, you must convert the Account Extended Private Key into p2wpkh-p2sh and p2wpkh formats and one of the easiest ways is to use the electrum console, which I leave instructions below on how to proceed:

To obtain segwit-p2sh addresses (addresses starting with prefix 3):


To obtain bech32 native-segwit addresses (addresses starting with bc1):


Open a new wallet in electrum and import the root keys you got through the electrum root key converter: ypriv, zpriv...

Repeat the process below and paste one of the Account Extended Private Keys and do the entire process for the remaining extended privkeys (ypriv or zpriv...)

After you have generated the 3 wallets in electrum, each one with its address script, go to the wallet you want to obtain the private key for the address, in the addresses tab, select the address and with a right click you will see the option to private key, when selecting this option, it will ask for your electrum password (if you have configured a password) you will see the private key for that address.

that's kind of like saying lets put the fox in the henhouse again and see if he does the same thing as before. of course he will. but that doesn't mean you can trust him.

all of this is very easy.

that's where we come to the problem. i don't my "own script"   i guess that means i need to go satoshi mode and figure out how to write one...that's alot of trouble to verify the wallet but i guess it is what it is.

safety for who though? are we saying that we don't trust the users themselves to not run "dumpprivkey" on all their addresses and post the results here on the forum or something?


i don't prefer binary files. i prefer json text files and i think that's reasonable. json was invented for a reason, so that we could avoid unreadable binary files. those benefit no one, in my opinion but thank you for your input!

Use listdescriptors, take note of the results.
Now use getaddressinfo "address", and check if its parent descriptor matches one of your wallet's descriptor.
To get the private descriptor, use listdescriptors true to list the same results above but with the "master private key" instead.

With those info, use your own script to derive the address from your master private key with the provided derivation path in the descriptor.

As for disabling dumpprivkey, it's a safety feature since clients that does that with non-hardened addresses have been doing it with risks.
See: learnmeabitcoin.com/technical/keys/hd-wallets/extended-keys/#weakness
Probably related to those "unexplained" hacks that we've been seeing in Electrum or other clients sometimes.

Im not forcing you to use Bitcoin Core though, it's up to you to choose your Bitcoin client.

Bitcoin Core doesn't use seed phrases, it uses a master private key generated from random bytes. This master private key is used to generate long sequences of private keys at once which are stored in the wallet.dat.

You can't directly export the private keys of a descriptor wallet through the RPC interface yet. But since you are able to decrypt the wallet.dat file you might be able to reverse-engineer the location of the private keys table in the BDB (or sqlite3) database and then decrypt it accordingly.

Is this a rant or a serious question?

Format a computer. Reinstall Bitcoin Core. Restore your backup. Verify if you get the same wallet.
If you don't want descriptors, create a non-descriptor wallet.

what is this?


01:24:57
dumpprivkey "address"


01:24:57
Only legacy wallets are supported by this command (code -4)

i doubt anyone here is going to be able to help me with this issue but i'm suprised that people would just trust bitcoin core that much that they wouldn't even need to verify a single private key. that won't be me.

also, and this is just an observation from what it looks like but i think bitcoin core is not very good because it doesn't even have a seed phrase. but apparently one backup at the very beginning is all you need. but you can't even read the backup because it is in binary. i dont get it. i want to be able to see things. trust but verify. i don't trust something if i can't verify it.

you can't even see anything. you just have to trust it is working correctly.