Verify ownership of keys for paper wallet

dzungmobile

sr. member

Activity: 658

Merit: 354

I stand with Ukraine!

Quote from: OmegaStarScream on August 02, 2023, 08:38:20 AM

You could do the same thing you've been doing to recover the wallet on Electrum or maybe Bitaddress[1] (download the source code first), you should just make sure that the device you're using is offline and safe.

[Guide] How to Safely Download and Verify Electrum

Because OP is a tech guy and serious about security, it's applicable for him to verify Electrum wallet before using it (offline or online, should be offline).

apogio

sr. member

Activity: 406

Merit: 896

This is the repo where I have implemented the wallet generator:

https://github.com/apogio/old-school-bitcoin

I am using SecureRandom to produce entropy, since I was unable to think of a better way.

Feel free to give me feedback.

Edit:
Running my code offline, doesn't necessarily solve every issue regarding privacy and safety. Furthermore, I did it for educational purposes and I don't encourage you to use it for real use.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: JohanM on August 13, 2023, 04:29:47 AM

I believe a self-written, properly tested paper wallet generator is MUCH safer that using whatever you can find on the internet now.

Compared to "whatever you can find", sure it can be safer but the choice is not between your own code and random code on github. There are other options such as well reviewed and well tested wallets such as bitcoin core and electrum that can be used to generate a key or mnemonic respectively then printing that on a paper which is way safer than your own code.

JohanM

member

Activity: 136

Merit: 35

If you have Bitcoin-QT installed you could also simply:
- create a new empty wallet
- import your self-made WIF key
- take a look at the corresponding public key it calculates. easiest way is to enable coinControl features and start a send_transaction to see the list of all public keys.

JohanM

member

Activity: 136

Merit: 35

Quote from: pooya87 on August 03, 2023, 12:40:05 AM

Because there can be other vulnerabilities in your code like your RNG being weak.

If you're using SecureRandom in JAVA that is as strong as it's going to get.
Creating a secure private key is as simple as calling nextBytes on a 32 byte byte[].
The only edge case here is that you have to check for the upper limit of the key.

Creating P2PKH or P2SH bitcoin addresses is NOT that difficult and the number of edge cases is limited.

I believe a self-written, properly tested paper wallet generator is MUCH safer that using whatever you can find on the internet now.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: ranochigo on August 03, 2023, 02:56:41 AM

If you have a synchronized Bitcoin Core instance, you can get the raw transaction and use testmempoolaccept to test if it is valid without broadcasting.

This is perfect. Thanks

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: apogio on August 03, 2023, 02:53:47 AM

But in order to broadcast the transaction you will need to use the internet. So this requires importing the private key to an application that's connected to the internet. Therefore your wallet immediately becomes hot.

Nope, you don't have to. You can create a transaction and sign it offline. Regardless, the security of the paper wallet is compromised even if you were to only expose your private key when you're spending. If you want to be safe, you should not expose your private key to a computer that is connected to the internet at any point in time.

If you have a synchronized Bitcoin Core instance, you can get the raw transaction and use testmempoolaccept to test if it is valid without broadcasting.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: pooya87 on August 03, 2023, 12:40:05 AM

Keep this educational and don't create any serious addresses using this. Most importantly is that you won't find bugs by just testing it a couple of times with random cases, there are a lot of edge cases that you may not know of and may not face in your "random tests" but can encounter in a real scenario.
Off the top of my head since you mentioned Java and are probably using the BigInteger class,is that you may forget the necessary padding for the public key and use a smaller than 32 byte x/y coordinate in the pubkey for your hash and end up with coins that can never be spent.

The best real life example I can think of that is similar to what I explained here is the bitcore-lib by Bitpay written in Javascript that had a similar bug with lack of padding. https://github.com/bitpay/bitcore-lib/issues/47

I would also say that generating a serious key (to send actual funds to) using your own code is not a good idea even if you verify the correctness of the key->address using a secondary tool. Because there can be other vulnerabilities in your code like your RNG being weak.

Thanks. As I said it's for educational purposes only. Btw I have used BitcoinJ which provided me with some classes that were kind of plug-and-play.

Quote from: ranochigo on August 02, 2023, 11:07:34 PM

As I've mentioned, if you're able to import the address into a well-known wallet, it should be fine. They are unlikely to allow you to import a private key that cannot be spent. The first one would be the best, if you can do so. It doesn't affect the security nor the privacy of your paper wallet so long as you spend the coins back to yourself.

But in order to broadcast the transaction you will need to use the internet. So this requires importing the private key to an application that's connected to the internet. Therefore your wallet immediately becomes hot.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: apogio on August 02, 2023, 08:29:54 AM

For educational purposes I have developed an app in java that generates paper wallets. I have run it multiple times offline and I have tested it in Bitcoin's testnet.

Keep this educational and don't create any serious addresses using this. Most importantly is that you won't find bugs by just testing it a couple of times with random cases, there are a lot of edge cases that you may not know of and may not face in your "random tests" but can encounter in a real scenario.
Off the top of my head since you mentioned Java and are probably using the BigInteger class,is that you may forget the necessary padding for the public key and use a smaller than 32 byte x/y coordinate in the pubkey for your hash and end up with coins that can never be spent.

The best real life example I can think of that is similar to what I explained here is the bitcore-lib by Bitpay written in Javascript that had a similar bug with lack of padding. https://github.com/bitpay/bitcore-lib/issues/47

I would also say that generating a serious key (to send actual funds to) using your own code is not a good idea even if you verify the correctness of the key->address using a secondary tool. Because there can be other vulnerabilities in your code like your RNG being weak.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: apogio on August 02, 2023, 03:59:14 PM

Thanks for the options. The second one seems somewhat sophisticated. I ll check it out, but it looks tricky to do it totally offline, since I don't know which tools I must use.

Not exactly. Any wallet would be able to sign a transaction. Electrum, or most of the mainstream wallets that we have should be able to do so just fine.

As I've mentioned, if you're able to import the address into a well-known wallet, it should be fine. They are unlikely to allow you to import a private key that cannot be spent. The first one would be the best, if you can do so. It doesn't affect the security nor the privacy of your paper wallet so long as you spend the coins back to yourself.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: apogio on August 02, 2023, 03:59:14 PM

Ok, so if I get it right, you mean I should re-run my own code, to see whether the private key generates the address.

No. Use other software to verify you get the same result (from the private key).

Quote

And, I must do it offline. Correct?

Correct.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: OmegaStarScream on August 02, 2023, 08:38:20 AM

You could do the same thing you've been doing to recover the wallet on Electrum or maybe Bitaddress[1] (download the source code first), you should just make sure that the device you're using is offline and safe.

Quote from: LoyceV on August 02, 2023, 11:15:23 AM

Quote from: OmegaStarScream on August 02, 2023, 08:38:20 AM

You could do the same thing you've been doing to recover the wallet on Electrum or maybe Bitaddress[1] (download the source code first), you should just make sure that the device you're using is offline and safe.

For peace of mind, I (would) do this every time when I create any offline wallet (before funding it). It doesn't hurt to make sure you can recover your backups.

Ok, so if I get it right, you mean I should re-run my own code, to see whether the private key generates the address. And, I must do it offline. Correct?

Quote from: ranochigo on August 02, 2023, 08:41:27 AM

There are different ways of doing it.

1) Since you've already sent the small amount of Bitcoins, you can create a transaction that spend a small amount of Bitcoin to your address. You can spend a fraction of that with a small fee, the confirmation doesn't matter. So long as you can see the transaction on blockexplorer, it's fine.

2) Sign a message with the address. If you can verify it, then it would be fine.

3) Import it into an offline wallet. So long as the wallet allows it to be imported, it should be valid and its perfectly safe. Which is what you've done. Well-known and working wallet have sanity checks on your private key which prevents those which aren't working to be imported.

Thanks for the options. The second one seems somewhat sophisticated. I ll check it out, but it looks tricky to do it totally offline, since I don't know which tools I must use.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: OmegaStarScream on August 02, 2023, 08:38:20 AM

You could do the same thing you've been doing to recover the wallet on Electrum or maybe Bitaddress[1] (download the source code first), you should just make sure that the device you're using is offline and safe.

For peace of mind, I (would) do this every time when I create any offline wallet (before funding it). It doesn't hurt to make sure you can recover your backups.

ranochigo

legendary

Activity: 2954

Merit: 4158

There are different ways of doing it.

1) Since you've already sent the small amount of Bitcoins, you can create a transaction that spend a small amount of Bitcoin to your address. You can spend a fraction of that with a small fee, the confirmation doesn't matter. So long as you can see the transaction on blockexplorer, it's fine.

2) Sign a message with the address. If you can verify it, then it would be fine.

3) Import it into an offline wallet. So long as the wallet allows it to be imported, it should be valid and its perfectly safe. Which is what you've done. Well-known and working wallet have sanity checks on your private key which prevents those which aren't working to be imported.

OmegaStarScream

staff

Activity: 3402

Merit: 6065

You could do the same thing you've been doing to recover the wallet on Electrum or maybe Bitaddress[1] (download the source code first), you should just make sure that the device you're using is offline and safe.

Or.. if the goal is to test whether your software is generating addresses/private keys the correct way, then it doesn't really matter. You could just use an online device to check, then go ahead and regenerate another address (offline) to send funds to.

[1] https://github.com/pointbiz/bitaddress.org

apogio

sr. member

Activity: 406

Merit: 896

Hello. I have seen many people (mainly early bitcoiners) that own keys in the form of paper wallets.

Most paper wallet generators provide the user with a private key and an address.

For educational purposes I have developed an app in java that generates paper wallets. I have run it multiple times offline and I have tested it in Bitcoin's testnet. The way I tested it was just sending test money to the address and then recovering the wallet in Electrum, Sparrow and BlueWallet using the private key.

Although I am happy with what I have done, I needed to recover my wallet and be connected to the internet. Before sending REAL money to the generated address, I need to verify I can access it using my private key. But how can I do it in a safe and private way? Preferably offline.

Topic: Verify ownership of keys for paper wallet (Read 231 times)