diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-26 22:15:03 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-06-26 22:15:03 +0200 |
| commit | 27bfe7f28e03f7c1bd22e8501c10bdb7efa72d29 (patch) | |
| tree | ccfcd26ac4323e52abe5a910b410d587abe6a6b1 /bip-0038.mediawiki | |
| parent | cc17c3fbb306c390877451ac3120f3ca23afc2d0 (diff) | |
| parent | d69abd64e13dd118ba011b348e0194315d748320 (diff) | |
| download | bips-27bfe7f28e03f7c1bd22e8501c10bdb7efa72d29.tar.xz | |
Merge pull request #29 from MidnightLightning/patch-1
Update bip-0038.mediawiki
Diffstat (limited to 'bip-0038.mediawiki')
| -rw-r--r-- | bip-0038.mediawiki | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/bip-0038.mediawiki b/bip-0038.mediawiki index 67e6864..29fe21e 100644 --- a/bip-0038.mediawiki +++ b/bip-0038.mediawiki @@ -121,7 +121,7 @@ Steps performed by ''owner'' to generate a single intermediate code, if lot and # Derive a key from the passphrase using scrypt #* Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8. salt is ''ownersalt''. n=16384, r=8, p=8, length=32. #* Call the resulting 32 bytes ''prefactor''. -#* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. +#* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. The "+" operator is concatenation. # Compute the elliptic curve point G * ''passfactor'', and convert the result to compressed notation (33 bytes). Call this ''passpoint''. Compressed notation is used for this purpose regardless of whether the intent is to create Bitcoin addresses with or without compressed public keys. # Convey ''ownersalt'' and ''passpoint'' to the party generating the keys, along with a checksum to ensure integrity. #* The following Base58Check-encoded format is recommended for this purpose: magic bytes "2C E9 B3 E1 FF 39 E2 51" followed by ''ownerentropy'', and then ''passpoint''. The resulting string will start with the word "passphrase" due to the constant bytes, will be 72 characters in length, and encodes 49 bytes (8 bytes constant + 8 bytes ''ownerentropy'' + 33 bytes ''passpoint''). The checksum is handled in the Base58Check encoding. The resulting string is called ''intermediate_passphrase_string''. @@ -170,8 +170,8 @@ To recalculate the address: =====Decryption===== # Collect encrypted private key and passphrase from user. -# Derive ''passfactor'' using scrypt with ''ownerentropy'' and the user's passphrase and use it to recompute ''passpoint'' -# Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownersalt'' +# Derive ''passfactor'' using scrypt with ''ownersalt'' and the user's passphrase and use it to recompute ''passpoint'' +# Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownerentropy'' # Decrypt ''encryptedpart2'' using AES256Decrypt to yield the last 8 bytes of ''seedb'' and the last 8 bytes of ''encryptedpart1''. # Decrypt ''encryptedpart1'' to yield the remainder of ''seedb''. # Use ''seedb'' to compute ''factorb''. @@ -249,7 +249,7 @@ Test 1: *Bitcoin address: 1PE6TQi6HTVNz5DLwB1LcpMBALubfuN2z2 *Unencrypted private key (WIF): 5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2 *Unencrypted private key (hex): A43A940577F4E97F5C4D39EB14FF083A98187C64EA7C99EF7CE460833959A519 - + Test 2: *Passphrase: Satoshi *Passphrase code: passphraseoRDGAXTWzbp72eVbtUDdn1rwpgPUGjNZEc6CGBo8i5EC1FPW8wcnLdq4ThKzAS @@ -258,6 +258,13 @@ Test 2: *Unencrypted private key (WIF): 5KJ51SgxWaAYR13zd9ReMhJpwrcX47xTJh2D3fGPG9CM8vkv5sH *Unencrypted private key (hex): C2C8036DF268F498099350718C4A3EF3984D2BE84618C2650F5171DCC5EB660A +Test 3: +*Passphrase ϓ␀𐐀💩 (<tt>\u03D2\u0301\u0000\U00010400\U0001F4A9</tt>; [http://codepoints.net/U+03D2 GREEK UPSILON WITH HOOK], [http://codepoints.net/U+0301 COMBINING ACUTE ACCENT], [http://codepoints.net/U+0000 NULL], [http://codepoints.net/U+10400 DESERET CAPITAL LETTER LONG I], [http://codepoints.net/U+1F4A9 PILE OF POO]) +*Encrypted key: 6PRW5o9FLp4gJDDVqJQKJFTpMvdsSGJxMYHtHaQBF3ooa8mwD69bapcDQn +*Bitcoin Address: 16ktGzmfrurhbhi6JGqsMWf7TyqK9HNAeF +*Unencrypted private key (WIF): 5Jajm8eQ22H3pGWLEVCXyvND8dQZhiQhoLJNKjYXk9roUFTMSZ4 +* ''Note:'' The non-standard UTF-8 characters in this passphrase should be NFC normalized to result in a passphrase of <tt>0xcf9300f0909080f09f92a9</tt> before further processing + ===EC multiply, no compression, lot/sequence numbers=== Test 1: @@ -279,4 +286,3 @@ Test 2: *Unencrypted private key (hex): CA2759AA4ADB0F96C414F36ABEB8DB59342985BE9FA50FAAC228C8E7D90E3006 *Confirmation code: cfrm38V8G4qq2ywYEFfWLD5Cc6msj9UwsG2Mj4Z6QdGJAFQpdatZLavkgRd1i4iBMdRngDqDs51 *Lot/Sequence: 806938/1 - |