Bitcoin wallet import private key

Python Package Index

from bitmerchant.wallet import Wallet w = Wallet.from_master_secret("correct horse battery staple") assert w.to_address == "1AJ7EDxyRwyGNcL4scXfUU7XqYkmVcwHqe"

BIP32 wallets are hierarchical deterministic wallets. They allow you to generate bitcoin/altcoin addresses without exposing your private key to a potentially insecure server.

To link a user with a new bitcoin address, you just need to provide the user's ID to the create_new_address_for_user method:

TL;DR

## DO THIS ON AN OFFLINE MACHINE, NOT YOUR WEBSERVER from bitmerchant.wallet import Wallet # Create a wallet, and a primary child wallet for your app my_wallet = Wallet.new_random_wallet print(my_wallet.serialize_b58(private=True)) # Write this down or print it out and keep in a secure location project_0_wallet = my_wallet.get_child(0, is_prime=True) project_0_public = project_0_wallet.public_copy print(project_0_public.serialize_b58(private=False)) # Put this in your app's settings file ## THINGS BELOW ARE PUBLIC FOR YOUR WEBSERVER # In your app's settings file, declare your public wallet: WALLET_PUBKEY = "" # Create a payment address for a user as needed: from bitmerchant.wallet import Wallet from myapp.settings import WALLET_PUBKEY def get_payment_address_for_user(user): user_id = user.id assert isinstance(user_id, (int, long)) wallet = Wallet.deserialize(WALLET_PUBKEY) wallet_for_user = wallet.create_new_address_for_user(user.id) return wallet_for_user.to_address

Security warning

BIP32 wallets have a vulnerability/bug that allows an attacker to recover the master private key when given a master public key and a publicly-derived private child. In other words:

from bitmerchant.wallet import Wallet w = Wallet.new_random_wallet child = w.get_child(0, is_prime=False) # public derivation of a private child w_pub = w.public_copy master_public_key = w_pub.serialize_b58(private=False) private_child_key = child.serialize_b58(private=True)

Given master_public_key and private_child_key, the steps to recover the secret master private key (w) are as simple as a subtraction on the elliptic curve. This has been implemented as Wallet.crack_private_key, because if it's possible to do this, then anyone should be able to do it so the attack is well known:

public_master = Wallet.deserialize(master_public_key) private_child = Wallet.deserialize(private_child_key) private_master = public_master.crack_private_key(private_child) assert private_master == w # :(

This attack can be mitigated by these simple steps:

  1. NEVER give out your root master public key.
  2. When uploading a master public key to a webserver, always use a prime child of your master root.
  3. Never give out a private child key unless the user you're giving it to already has control of the parent private key (eg, for user-owned wallets).
Source: pypi.python.org June 3, 2014 – 05:54

Related Posts

Bitcoin-qt wallet export private key

Bitcoin wallet export private key

Bitcoin QT importprivkey

Bitcoin Wallet importieren