diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-04-13 09:34:07 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-04-13 09:34:07 +0200 |
| commit | e196a4a7d0171d499fa496078526b7479db22d18 (patch) | |
| tree | 9613c848b714c166f9622591cb67141f9d93f00c /bip-0038.mediawiki | |
| parent | 243524acde016ae59df5dc3d073e7cd7d32e8469 (diff) | |
| parent | 86c90a9e792d16676ef14e1ac6e84f8f52c66ec8 (diff) | |
| download | bips-e196a4a7d0171d499fa496078526b7479db22d18.tar.xz | |
Merge pull request #47 from voisine/patch-1
Update bip-0038.mediawiki
Diffstat (limited to 'bip-0038.mediawiki')
| -rw-r--r-- | bip-0038.mediawiki | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/bip-0038.mediawiki b/bip-0038.mediawiki index c4d062e..39f0632 100644 --- a/bip-0038.mediawiki +++ b/bip-0038.mediawiki @@ -1,7 +1,8 @@ <pre> BIP: 38 Title: Passphrase-protected private key - Author: Mike Caldwell + Authors: Mike Caldwell + Aaron Voisine <voisine@gmail.com> Status: Draft (Some confusion applies: The announcements for this never made it to the list, so it hasn't had public discussion) Type: Standards Track Created: 2012-11-20 @@ -139,9 +140,9 @@ Steps to create new encrypted private keys given ''intermediate_passphrase_strin # Take the first four bytes of SHA256(SHA256(''generatedaddress'')) and call it ''addresshash''. # Now we will encrypt ''seedb''. Derive a second key from ''passpoint'' using scrypt #*Parameters: ''passphrase'' is ''passpoint'' provided from the first party (expressed in binary as 33 bytes). ''salt'' is ''addresshash'' + ''ownerentropy'', n=1024, r=1, p=1, length=64. The "+" operator is concatenation. -#*Split the result into two 16-byte halves and call them ''derivedhalf1'' and ''derivedhalf2''. -# Do AES256Encrypt(seedb[0...15]] xor derivedhalf1[0...15], derivedhalf2), call the 16-byte result ''encryptedpart1'' -# Do AES256Encrypt((encryptedpart1[8...15] + seedb[16...23]) xor derivedhalf1[16...31], derivedhalf2), call the 16-byte result ''encryptedseedb''. The "+" operator is concatenation. +#*Split the result into two 32-byte halves and call them ''derivedhalf1'' and ''derivedhalf2''. +# Do AES256Encrypt(seedb[0...15] xor derivedhalf1[0...15], derivedhalf2), call the 16-byte result ''encryptedpart1'' +# Do AES256Encrypt((encryptedpart1[8...15] + seedb[16...23]) xor derivedhalf1[16...31], derivedhalf2), call the 16-byte result ''encryptedpart2''. The "+" operator is concatenation. The encrypted private key is the Base58Check-encoded concatenation of the following, which totals 39 bytes without Base58 checksum: * 0x01 0x43 + ''flagbyte'' + ''addresshash'' + ''ownerentropy'' + ''encryptedpart1''[0...7] + ''encryptedpart2'' @@ -163,7 +164,7 @@ A confirmation tool, given a passphrase and a confirmation code, can recalculate =====Decryption===== # Collect encrypted private key and passphrase from user. -# Derive ''passfactor'' using scrypt with ''ownersalt'' and the user's passphrase and use it to recompute ''passpoint'' +# Derive ''passfactor'' using scrypt with ''ownerentropy'' and the user's passphrase and use it to recompute ''passpoint'' # Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownersalt'' # Decrypt ''encryptedpart2'' using AES256Decrypt to yield the last 8 bytes of ''seedb'' and the last 8 bytes of ''encryptedpart1''. # Decrypt ''encryptedpart1'' to yield the remainder of ''seedb''. |