Author

Topic: Strongcoin.com expired certificate (Read 1586 times)

legendary
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
October 20, 2012, 11:55:40 AM
#10
I was able to decrypt using openssl on the command line, as Richy_T posted, perfectly. 

I booted up linux using virtualbox in Windows 7.   I typed "openssl" in a console and
saw that it was already installed; got the openssl> prompt.

I copied the encrypted key from the backup pdf I had in Windows and put it in a file called key.txt.
I put that in a folder shared between that virtualbox linux OS and Windows.

I typed out the command like in Richy_T's post:
openssl enc -d -aes-256-cbc -in key.txt -a -k password

Providing the proper path to my key.txt file and copy-pasting the password from
the password manager I have running in Windows 7.  I got the decrypted key and
then copy-pasted that back into the form at the blockchain.info webpage in firefox,
also running in Windows.  It worked!

It is so cool to be able to run multiple operating systems on the same computer
at the same time, and to be able to seamlessly share files, and copy-paste data,
between them.    Cool
newbie
Activity: 10
Merit: 0
October 20, 2012, 02:05:45 AM
#9
If you use Opera, you can still get to the StrongCoin site, and decrypt your keys.  HOWEVER - I have reason to believe they've been compromised, because I just recently installed MultiBit, and imported my key from StrongCoin and reset the block chain to "move" my coins over.  But when I tried to send coins from that address, the transaction didn't get picked up in a block chain after being seen by one peer, which makes me think it appears as a "double send."  I (fortunately) used a secondary wallet for what I had in StrongCoin, so I sent coins from my "primary" wallet to confirm it wasn't some other issue, and those went just fine.
legendary
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
October 17, 2012, 07:18:07 PM
#8
This may help:

https://bitcointalksearch.org/topic/m.837238

Though it contains a link to the strongcoin which you can't see because they have an expired certificate. To save you some hassle, here is the meat: They have an online decrypter (which will be subject to the same certificate issues presumably) or you can use command-line tools:
Quote
Decrypting on the command line

We use the Gibberish AES Javascript library to generate our AES encryption. To get this to work on the command you need to cut and paste the private key data into a text file and preserve the line breaks.

You can then run the following command. (we have the key stored with line breaks in key.txt).

openssl enc -d -aes-256-cbc -in key.txt -a -k password

And you should get something like the results below.


Images missing, sorry.

openssh is available trivially for Linux or probably the easiest way for Windows is via Cygwin. Alternatively, you could maybe get a free shell account somewhere.

I notice there seems to be a few online decrypters, but I might try what you present above just to try it out.  I have a few different distros of linux that I run under/within/along-side Windows with VirtualBox. 


Thanks
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 17, 2012, 04:12:48 PM
#7
This may help:

https://bitcointalksearch.org/topic/m.837238

Though it contains a link to the strongcoin which you can't see because they have an expired certificate. To save you some hassle, here is the meat: They have an online decrypter (which will be subject to the same certificate issues presumably) or you can use command-line tools:
Quote
Decrypting on the command line

We use the Gibberish AES Javascript library to generate our AES encryption. To get this to work on the command you need to cut and paste the private key data into a text file and preserve the line breaks.

You can then run the following command. (we have the key stored with line breaks in key.txt).

openssl enc -d -aes-256-cbc -in key.txt -a -k password

And you should get something like the results below.


Images missing, sorry.

openssh is available trivially for Linux or probably the easiest way for Windows is via Cygwin. Alternatively, you could maybe get a free shell account somewhere.
donator
Activity: 640
Merit: 500
October 17, 2012, 02:48:08 PM
#6
Oh snap, that's not good.

I might be able to help you out, if you would allow me to import them to WalletBit ?

I don't need a place to keep those keys. 

I just thought a question about decrypting keys like that would be a simple one for the cryptographically minded types here on this forum. 

I expected a quick answer like:

"Sure, using an online decrypter should be safe enough."

or

"You can download a good decrypter here: somesite.com" 


Thanks for the offer anyway.

Anytime.
legendary
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
October 17, 2012, 02:31:20 PM
#5
Oh snap, that's not good.

I might be able to help you out, if you would allow me to import them to WalletBit ?

I don't need a place to keep those keys. 

I just thought a question about decrypting keys like that would be a simple one for the cryptographically minded types here on this forum. 

I expected a quick answer like:

"Sure, using an online decrypter should be safe enough."

or

"You can download a good decrypter here: somesite.com" 


Thanks for the offer anyway.
donator
Activity: 640
Merit: 500
October 17, 2012, 02:13:54 PM
#4
Neither Firefox nor Chrome will let me go to the strongcoin.com site because they deem it to be insecure:

--------------------------------------------------
strongcoin.com uses an invalid security certificate.

The certificate expired on 12/10/2012 6:28 AM.
--------------------------------------------------

I am not too worried since I have a pdf backup. Just wondering what is going on.


They just forgot to renew their certificate, I'm sure. Nothing too sinister. I'd just accept the certificate temporarily then log on and transfer all my bitcoins out since if they don't have a handle on their server certificates, that's signs of a lax attitude elsewhere.

Those browsers don't seem to give me the option to accept the cert temporarily and continue on to the site... but I suppose I could do a bit of googling to find out how to do that.

But just as an exercise, or just for fun, lets pretend that site went away completely...  does anyone have the answer to my question? 

~~

So what is the best way to decrypt the private keys in that pdf so I can import them into blockchain.info/wallet or MtGox? 

I think I read that it uses AES encryption. Is it reasonably safe to use some online form to decrypt them, or are there [trusted] programs to download to do that locally? 

Thanks

Oh snap, that's not good.

I might be able to help you out, if you would allow me to import them to WalletBit ?
legendary
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
October 17, 2012, 02:11:48 PM
#3
Neither Firefox nor Chrome will let me go to the strongcoin.com site because they deem it to be insecure:

--------------------------------------------------
strongcoin.com uses an invalid security certificate.

The certificate expired on 12/10/2012 6:28 AM.
--------------------------------------------------

I am not too worried since I have a pdf backup. Just wondering what is going on.


They just forgot to renew their certificate, I'm sure. Nothing too sinister. I'd just accept the certificate temporarily then log on and transfer all my bitcoins out since if they don't have a handle on their server certificates, that's signs of a lax attitude elsewhere.

Those browsers don't seem to give me the option to accept the cert temporarily and continue on to the site... but I suppose I could do a bit of googling to find out how to do that.

But just as an exercise, or just for fun, lets pretend that site went away completely...  does anyone have the answer to my question? 

~~

So what is the best way to decrypt the private keys in that pdf so I can import them into blockchain.info/wallet or MtGox? 

I think I read that it uses AES encryption. Is it reasonably safe to use some online form to decrypt them, or are there [trusted] programs to download to do that locally? 

Thanks
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 17, 2012, 12:50:36 PM
#2
Neither Firefox nor Chrome will let me go to the strongcoin.com site because they deem it to be insecure:

--------------------------------------------------
strongcoin.com uses an invalid security certificate.

The certificate expired on 12/10/2012 6:28 AM.
--------------------------------------------------

I am not too worried since I have a pdf backup. Just wondering what is going on.

~~

So what is the best way to decrypt the private keys in that pdf so I can import them into blockchain.info/wallet or MtGox? 

I think I read that it uses AES encryption. Is it reasonably safe to use some online form to decrypt them, or are there [trusted] programs to download to do that locally? 

Thanks


They just forgot to renew their certificate, I'm sure. Nothing too sinister. I'd just accept the certificate temporarily then log on and transfer all my bitcoins out since if they don't have a handle on their server certificates, that's signs of a lax attitude elsewhere.
legendary
Activity: 2030
Merit: 1000
My money; Our Bitcoin.
October 17, 2012, 12:29:55 PM
#1
Neither Firefox nor Chrome will let me go to the strongcoin.com site because they deem it to be insecure:

--------------------------------------------------
strongcoin.com uses an invalid security certificate.

The certificate expired on 12/10/2012 6:28 AM.
--------------------------------------------------

I am not too worried since I have a pdf backup. Just wondering what is going on.

~~

So what is the best way to decrypt the private keys in that pdf so I can import them into blockchain.info/wallet or MtGox? 

I think I read that it uses AES encryption. Is it reasonably safe to use some online form to decrypt them, or are there [trusted] programs to download to do that locally? 

Thanks
Jump to: