diff options
| author | MidnightLightning <MidnightLightning@users.noreply.github.com> | 2014-03-05 17:04:00 -0500 |
|---|---|---|
| committer | Brooks Boyd <brooks.boyd@forteresearch.com> | 2014-04-15 16:26:50 -0500 |
| commit | 4a85b38916278100b921a64e409b78b71ba37690 (patch) | |
| tree | 23152a64155f3e5c196d94aa014cb96cc3db1fb8 /bip-0038.mediawiki | |
| parent | e196a4a7d0171d499fa496078526b7479db22d18 (diff) | |
| download | bips-4a85b38916278100b921a64e409b78b71ba37690.tar.xz | |
Update bip-0038.mediawiki
Fix some erroneous statements in the description of the math used for encryption/decryption of EC-Multiplied keys/addresses
Diffstat (limited to 'bip-0038.mediawiki')
| -rw-r--r-- | bip-0038.mediawiki | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/bip-0038.mediawiki b/bip-0038.mediawiki index 39f0632..f34a09b 100644 --- a/bip-0038.mediawiki +++ b/bip-0038.mediawiki @@ -121,7 +121,7 @@ Steps performed by ''owner'' to generate a single intermediate code, if lot and # Derive a key from the passphrase using scrypt #* Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8. salt is ''ownersalt''. n=16384, r=8, p=8, length=32. #* Call the resulting 32 bytes ''prefactor''. -#* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. +#* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. The "+" operator is concatenation. # Compute the elliptic curve point G * ''passfactor'', and convert the result to compressed notation (33 bytes). Call this ''passpoint''. Compressed notation is used for this purpose regardless of whether the intent is to create Bitcoin addresses with or without compressed public keys. # Convey ''ownersalt'' and ''passpoint'' to the party generating the keys, along with a checksum to ensure integrity. #* The following Base58Check-encoded format is recommended for this purpose: magic bytes "2C E9 B3 E1 FF 39 E2 51" followed by ''ownerentropy'', and then ''passpoint''. The resulting string will start with the word "passphrase" due to the constant bytes, will be 72 characters in length, and encodes 49 bytes (8 bytes constant + 8 bytes ''ownersalt'' + 33 bytes ''passpoint''). The checksum is handled in the Base58Check encoding. The resulting string is called ''intermediate_passphrase_string''. @@ -164,8 +164,8 @@ A confirmation tool, given a passphrase and a confirmation code, can recalculate =====Decryption===== # Collect encrypted private key and passphrase from user. -# Derive ''passfactor'' using scrypt with ''ownerentropy'' and the user's passphrase and use it to recompute ''passpoint'' -# Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownersalt'' +# Derive ''passfactor'' using scrypt with ''ownersalt'' and the user's passphrase and use it to recompute ''passpoint'' +# Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownerentropy'' # Decrypt ''encryptedpart2'' using AES256Decrypt to yield the last 8 bytes of ''seedb'' and the last 8 bytes of ''encryptedpart1''. # Decrypt ''encryptedpart1'' to yield the remainder of ''seedb''. # Use ''seedb'' to compute ''factorb''. |