«Lost» password to BIP38 encrypted private key, encrypter may be faulty (Bippy)
Few years ago I encrypted my Bitcoin private key for cold storage with an offline app called Bippy. Recently I tried to access my wallet by decrypting the private key, but my password was rejected. I’ve checked out this Bippy program again, and I’m beginning to suspect it’s faulty somehow. It seems that private keys beginning with a ‘5’ — encrypted with Bippy — won’t decrypt with the same password. Other prefixes seem to work OK. Now, this Bippy app is open-source and written in Python, and I got it from here. I’ve tried, as a test, to encrypt the private key 5Ka1Bv4RpKayZygPhZbBcREejqeYwq2iSRzWPKsg49SPgVRTnpW with password testingOneTwo (it’s a fresh pk, no bitcoins there ;)). In Bippy this encrypts to 6PYMN8WT4CW7xLYczLvYfXZCtQWND7XEesk32QbXujMgKhf2v5A2ZQANpL, however, using the above password fails to decrypt it to its original. I’ve tried several other ‘5’-private keys and passwords, and the same happens every time. Luckily the program is open-source; sadly, the project seems abandoned a few years back and my knowledge of Python and encryption is not at a level good enough to pinpoint the bug at play here, and hoping for some help here 🙂
asked Nov 5, 2017 at 13:26
Pantalaimon Pantalaimon
131 1 1 silver badge 4 4 bronze badges
What did you use to try and decrypt the encrypted private key? Bippy?
Nov 5, 2017 at 19:19
It should be noted this was originally asked on reddit and someone there even posted some code.
Nov 5, 2017 at 20:35
2 Answers 2
It turns out Bippy does have a bug in the encryption algorithm where it mixes up the public key compression flag. As pointed out, I posted this problem on reddit as well, and a solution has been posted there:
Bippy is definitely doing something wrong.
Technical Explanation
BIP38 encrypted keys have 4 components (in the simplest case).
The first two letters of the key, 6P, are a marker that say this is a BIP38 encrypted key.
The next letter, Y in this case, specify some attributes of the key. In this case it says «This is a simple BIP38 key, and the public key should be compressed.»
The next couple letters (4 bytes in the hex representation) specify a «checksum». We’ll get back to this.
The rest of the key is the real meat of it. It’s the encrypted private key. That’s what we care most about.
Now let’s get back to that checksum. The checksum is 4 bytes derived from the Bitcoin address associated with the original private key. A big caveat here is that there are actually two Bitcoin addresses associate with a plain Bitcoin private key. One is based off the compressed public key, and the other the uncompressed public key.
That’s why BIP38 encrypted keys specify whether they are using the compressed or uncompressed address.
In this case, Bippy spit out a Y which means it used the compressed address. In your screenshots it even says as much. BUT here’s where the problem is.
When we check the checksum Bippy spit out, it doesn’t match with a compressed address. But if we use the uncompressed address, it matches! So Bippy says it’s using the compressed address, but it’s actually using the uncompressed address.
So Bippy definitely has a bug where it’s using the uncompressed address, but saying in the resulting BIP38 key that it used the compressed address.
This isn’t too big a deal. I’ll discuss this after the non technical explaination.
Nontechnical Explanation
Bippy is encrypting correctly, but it’s screwing up its encoding of the encrypted key. It’s saying it used public key compression when actually it didn’t. This isn’t a huge deal.
Solution
So, the good news is that it looks like, other than that minor bug, Bippy is encrypted the important stuff correctly. It should be possible to take your «lost» Bippy key and recover the private key from it. Assuming your password is correct.
I should be able hack up my script to take care of that for you. I’ll to to work on that and get back to you. (I need to fold in some Base58 encoding/decoding into the script and make it a bit user friendly for ya 😉 ). The code will be quite simple Python code, so you can do a cursory glance to be sure it doesn’t do anything evil.
A python recovery script has been supplied as well, available on github — all credits to fpgaminer
Recovering 2 of 2 multisig HD Wallet with bip38 encrypted private key
I currently have both xpub’s, and the 24 word seed of the second key. Unfortunately I do not have the password for the bip38 encrypted private key. I created the wallet a while ago and cannot remember the password but I have some ideas of what the password might have been. Given this information, I believe it might be worthwhile to try to brute force the password.
I am unsure the best method of brute forcing a multisig wallet. If it was a non-multisig wallet, I could just do something like this:
const decryptedKey = bip38.decrypt(encryptedPrivateKey, password); const privateKeyWif = wif.encode( 0x80, decryptedKey.privateKey, decryptedKey.compressed ); const coinkey = CoinKey.fromWif(privateKeyWif); console.log('address with btc im trying to recover' === coinkey.publicAddress, password) // Found password The address I am trying to recover starts with a 3 as it is a P2SH address (multisig). When I run the code above I get an address that starts with a 1 (not multisig). With all this being said, what is the best way (if there is any) to validate the «correctness» of a password during brute forcing one key of a multisig wallet?
- multi-signature
- wallet-recovery
- mnemonic-seed
- recover-private-key
- bip38
How do I decrypt a password protected, BIP0038 address?
You said: » Enter the encrypted private key in the «Wallet Details» tab. It will prompt you for a password then. » BUT where? Bitcoin QT don’t do this. Electrum don’t do this. Blockchain.info don’t do this. SO what wallet do what you say. Thanks
Jan 12, 2014 at 3:25
2 Answers 2
I found https://github.com/sour-is/bip38tool on github and after a little bit of struggle with the unfamilar golang ecosystem got it installed.
Once installed, the instructions for use are as follows:
export BIP38_PASS= cd /usr/local/go/src/bip38tool ./bip38tool decrypt
This produces your entire decrypted wallet including the plaintext private key which you can import into electrum or any other wallet application.
Decrypt bip38 private key
Decrypting: Input your BIP38-encrypted private key and passphrase. Click «Decrypt Key» and you will see the private key in the Decrypted Key box. Click «Import Address» to import the private key for the respective XLR address.
- What Bip 38?
- What is BIP38 encrypt?
- Can you decrypt a Bitcoin wallet?
- Should I BIP38 Encrypt?
- How do I transfer Coinbase to paper wallet?
- What is a paper wallet for Cryptocurrency?
- What Bip 32?
- How do I unlock my old Bitcoin wallet?
- How do I unlock my bitcoin wallet?
- Can you transfer from Coinbase to a cold wallet?
- Why can’t I withdraw from Coinbase?
- What is the safest crypto wallet?
What Bip 38?
BIP38 is basically a standard way to encrypt a Bitcoin private key with a password. So if someone finds your encrypted key he can’t decipher it without knowing the password.
What is BIP38 encrypt?
BIP38 is a standard process to encrypt Bitcoin and crypto currency private keys that is less susceptible to brute force attacks thus protecting the user.
Can you decrypt a Bitcoin wallet?
Absolutely not. The bitcoin wallet is a public key that’s encrypted from the private key. You could go the other direction but not in reverse.
Should I BIP38 Encrypt?
About BIP38 password-encrypted paper wallets
The advantage to encrypting your paper wallet’s private key with a password is that if your paper wallet is stolen or otherwise exposed, the balance on the wallet is safe unless the passphrase used to encrypt the wallet is guessed.
How do I transfer Coinbase to paper wallet?
Visit Coinbase on your phone app and select BTC wallet and click on «Send» icon on top-right and if you want to transfer everything, use the MAX button and then click on «Send» button at the bottom. Now click the QRCode and scan the public key of your paper-wallet which should autofill the address for you.
What is a paper wallet for Cryptocurrency?
A paper wallet is a printed piece of paper containing keys and QR codes used to facilitate your cryptocurrency transactions. Because they are removed from the internet, at one point, paper wallets were considered to be more secure than other forms of cryptocurrency storage.
What Bip 32?
BIP 32 is the Bitcoin Improvement Proposal which introduced the standard of Hierarchical Deterministic (HD) wallets and extended keys to Bitcoin. . First, HD wallets greatly improved the interoperability of wallets, as a set of keys could be transferred between wallet software with a single extended private key (xprv).
How do I unlock my old Bitcoin wallet?
All you need to do is create an account, log in, go to settings, and click the addresses where an option to import BTC addresses will appear. After entering your private keys, you should be able to access your wallet once again.
How do I unlock my bitcoin wallet?
As far as I understand, in most core wallets you’ll find the unlock wallet options under settings “Settings >> Unlock wallet”. Just check that the right app is installed on your ledger hardware wallet and enter your passphrase to unlock your wallet.
Can you transfer from Coinbase to a cold wallet?
Another form of cold storage is a “hardware wallet,” which are fobs that plug into your computer through the USB port. . To transfer your coins off of Coinbase, you simply need to send them to your other wallet. Click on your Coinbase wallet, then click “send,” and it asks for the bitcoin address you’re sending funds to.
Why can’t I withdraw from Coinbase?
It’s directly related to purchasing crypto or depositing fiat currency using a linked bank account. For security reasons, you will not be able to immediately withdraw fiat deposited using a linked bank account or send crypto purchased with such funds off of Coinbase Pro (we call this “withdrawal availability”).
What is the safest crypto wallet?
Blockchain the safest and most popular wallet. It is used for investing and storing cryptocurrencies. It is one of the most secure Bitcoin wallet which keeps track of who owns the digital tokens.
Multisig
How do I add an address to electrum?How do I create a multisig address?What is a multisig address?How do I get Electrum wallet?Where is my Electrum w.
Bitcoin
How does a Bitcoin wallet work?Does Bitcoin wallet need verification?Can a Bitcoin wallet be traced?Why bitcoin is falling?Why do I need Bitcoin wall.
Blockchain
How many GB is the Bitcoin Blockchain?How much storage does a blockchain need?What is the size of a block in blockchain?What happens when blockchain .
Website about cryptocurrencies. A lot of useful and interesting information about trading, platforms, courses and the most profitable investments in cryptocurrencies