Class: Bitcoin::Key

Inherits:

Object

• Object
• Bitcoin::Key

Defined in:

lib/bitcoin/key.rb

Overview

Elliptic Curve key as used in bitcoin.

Class Method Summary

• .from_base58(str) ⇒ Object

  Import private key from base58 fromat as described in en.bitcoin.it/wiki/Private_key#Base_58_Wallet_Import_format and en.bitcoin.it/wiki/Base58Check_encoding#Encoding_a_private_key.

• .from_bip38(encrypted_privkey, passphrase) ⇒ Object

  Import private key from bip38 (non-ec-multiply) fromat as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also #to_bip38.

• .from_warp(passphrase, salt = "", compressed = false) ⇒ Object

  Import private key from warp fromat as described in github.com/keybase/warpwallet keybase.io/warp/.

• .generate(opts = {compressed: true}) ⇒ Object

  Generate a new keypair.

• .recover_compact_signature_to_key(data, signature_base64) ⇒ Object

  Thanks to whoever wrote pastebin.com/bQtdDzHx for help with compact signatures.

• .verify_message(address, signature, message) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #addr ⇒ Object

  Get the address corresponding to the public key.

• #compressed ⇒ Object
• #generate ⇒ Object

  Generate new priv/pub key.

• #hash160 ⇒ Object

  Get the hash160 of the public key.

• #initialize(privkey = nil, pubkey = nil, opts = {compressed: true}) ⇒ Key constructor

  Create a new key with given privkey and pubkey.

• #priv ⇒ Object

  Get the private key (in hex).

• #priv=(priv) ⇒ Object

  Set the private key to priv (in hex).

• #pub ⇒ Object

  Get the public key (in hex).

• #pub=(pub) ⇒ Object

  Set the public key (in hex).

• #pub_compressed ⇒ Object
• #pub_uncompressed ⇒ Object
• #sign(data) ⇒ Object

  Sign data with the key.

• #sign_message(message) ⇒ Object
• #to_base58 ⇒ Object

  Export private key to base58 format.

• #to_bip38(passphrase) ⇒ Object

  Export private key to bip38 (non-ec-multiply) format as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also Key.from_bip38.

• #verify(data, sig) ⇒ Object

  Verify signature sig for data.

• #verify_message(signature, message) ⇒ Object

Constructor Details

#initialize(privkey = nil, pubkey = nil, opts = {compressed: true}) ⇒ Key

Create a new key with given privkey and pubkey.

Bitcoin::Key.new
Bitcoin::Key.new(privkey)
Bitcoin::Key.new(nil, pubkey)

# File 'lib/bitcoin/key.rb', line 35

def initialize(privkey = nil, pubkey = nil, opts={compressed: true})
  compressed = opts.is_a?(Hash) ? opts.fetch(:compressed, true) : opts
  @key = Bitcoin.bitcoin_elliptic_curve
  @pubkey_compressed = pubkey ? self.class.is_compressed_pubkey?(pubkey) : compressed
  set_priv(privkey)  if privkey
  set_pub(pubkey, @pubkey_compressed)  if pubkey
end

Class Method Details

.from_base58(str) ⇒ Object

Import private key from base58 fromat as described in en.bitcoin.it/wiki/Private_key#Base_58_Wallet_Import_format and en.bitcoin.it/wiki/Base58Check_encoding#Encoding_a_private_key. See also #to_base58

# File 'lib/bitcoin/key.rb', line 18

def self.from_base58(str)
  hex = Bitcoin.decode_base58(str)
  compressed = hex.size == 76
  version, key, flag, checksum = hex.unpack("a2a64a#{compressed ? 2 : 0}a8")
  raise "Invalid version"   unless version == Bitcoin.network[:privkey_version]
  raise "Invalid checksum"  unless Bitcoin.checksum(version + key + flag) == checksum
  key = new(key, nil, compressed)
end

.from_bip38(encrypted_privkey, passphrase) ⇒ Object

Import private key from bip38 (non-ec-multiply) fromat as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also #to_bip38

# File 'lib/bitcoin/key.rb', line 202

def self.from_bip38(encrypted_privkey, passphrase)
  version, flagbyte, addresshash, encryptedhalf1, encryptedhalf2, checksum =
    [ Bitcoin.decode_base58(encrypted_privkey) ].pack("H*").unpack("a2aa4a16a16a4")
  compressed = (flagbyte == "\xe0") ? true : false

  raise "Invalid version"   unless version == "\x01\x42"
  raise "Invalid checksum"  unless Digest::SHA256.digest(Digest::SHA256.digest(version + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2))[0...4] == checksum

  require 'scrypt' unless defined?(::SCrypt::Engine)
  buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
  derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]

  aes = proc{|k,a|
    cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.decrypt; cipher.padding = 0; cipher.key = k
    cipher.update(a)
  }

  decryptedhalf2 = aes.call(derivedhalf2, encryptedhalf2)
  decryptedhalf1 = aes.call(derivedhalf2, encryptedhalf1)

  priv = decryptedhalf1 + decryptedhalf2
  priv = (priv.unpack("H*")[0].to_i(16) ^ derivedhalf1.unpack("H*")[0].to_i(16)).to_s(16).rjust(64, '0')
  key = Bitcoin::Key.new(priv, nil, compressed)

  if Digest::SHA256.digest( Digest::SHA256.digest( key.addr ) )[0...4] != addresshash
    raise "Invalid addresshash! Password is likely incorrect."
  end

  key
end

.from_warp(passphrase, salt = "", compressed = false) ⇒ Object

Import private key from warp fromat as described in github.com/keybase/warpwallet keybase.io/warp/

# File 'lib/bitcoin/key.rb', line 236

def self.from_warp(passphrase, salt="", compressed=false)
  require 'scrypt' unless defined?(::SCrypt::Engine)
  s1 = SCrypt::Engine.scrypt(passphrase+"\x01", salt+"\x01", 2**18, 8, 1, 32)
  s2 = OpenSSL::PKCS5.pbkdf2_hmac(passphrase+"\x02", salt+"\x02", 2**16, 32, OpenSSL::Digest::SHA256.new)
  s3 = s1.bytes.zip(s2.bytes).map{|a,b| a ^ b }.pack("C*")

  key = Bitcoin::Key.new(s3.unpack("H*")[0], nil, compressed)
  # [key.addr, key.to_base58, [s1,s2,s3].map{|i| i.unpack("H*")[0] }, compressed]
  key
end

.generate(opts = {compressed: true}) ⇒ Object

Generate a new keypair.

Bitcoin::Key.generate

# File 'lib/bitcoin/key.rb', line 10

def self.generate(opts={compressed: true})
  k = new(nil, nil, opts); k.generate; k
end

.recover_compact_signature_to_key(data, signature_base64) ⇒ Object

Thanks to whoever wrote pastebin.com/bQtdDzHx for help with compact signatures

Given data and a compact signature (65 bytes, base64-encoded to a larger string), recover the public components of the key whose private counterpart validly signed data.

If the signature validly signed data, create a new Key having the signing public key and address. Otherwise return nil.

Be sure to check that the returned Key matches the one you were expecting! Otherwise you are merely checking that someone validly signed the data.

# File 'lib/bitcoin/key.rb', line 148

def self.recover_compact_signature_to_key(data, signature_base64)
  signature = signature_base64.unpack("m0")[0]
  return nil if signature.size != 65

  version = signature.unpack('C')[0]
  return nil if version < 27 or version > 34
 
  compressed = (version >= 31) ? (version -= 4; true) : false

  hash = Bitcoin.bitcoin_signed_message_hash(data)
  pub_hex = Bitcoin::OpenSSL_EC.recover_public_key_from_signature(hash, signature, version-27, compressed)
  return nil unless pub_hex

  Key.new(nil, pub_hex)
end

.verify_message(address, signature, message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 131

def self.verify_message(address, signature, message)
  Bitcoin.verify_message(address, signature, message)
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/bitcoin/key.rb', line 27

def ==(other)
  self.priv == other.priv
end

#addr ⇒ Object

Get the address corresponding to the public key.

# File 'lib/bitcoin/key.rb', line 93

def addr
  Bitcoin.hash160_to_address(hash160)
end

#compressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 78

def compressed
  @pubkey_compressed
end

#generate ⇒ Object

Generate new priv/pub key.

# File 'lib/bitcoin/key.rb', line 44

def generate
  @key.generate_key
end

#hash160 ⇒ Object

Get the hash160 of the public key.

# File 'lib/bitcoin/key.rb', line 88

def hash160
  Bitcoin.hash160(pub)
end

#priv ⇒ Object

Get the private key (in hex).

# File 'lib/bitcoin/key.rb', line 49

def priv
  return nil  unless @key.private_key
  @key.private_key.to_hex.rjust(64, '0')
end

#priv=(priv) ⇒ Object

Set the private key to priv (in hex).

# File 'lib/bitcoin/key.rb', line 55

def priv= priv
  set_priv(priv)
end

#pub ⇒ Object

Get the public key (in hex). In case the key was initialized with only a private key, the public key is regenerated.

# File 'lib/bitcoin/key.rb', line 62

def pub
  regenerate_pubkey unless @key.public_key
  return nil        unless @key.public_key
  @pubkey_compressed ? pub_compressed : pub_uncompressed
end

#pub=(pub) ⇒ Object

Set the public key (in hex).

# File 'lib/bitcoin/key.rb', line 83

def pub= pub
  set_pub(pub)
end

#pub_compressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 68

def pub_compressed
  @key.public_key.group.point_conversion_form = :compressed
  @key.public_key.to_hex.rjust(66, '0')
end

#pub_uncompressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 73

def pub_uncompressed
  @key.public_key.group.point_conversion_form = :uncompressed
  @key.public_key.to_hex.rjust(130, '0')
end

#sign(data) ⇒ Object

Sign data with the key.

key1 = Bitcoin::Key.generate
sig = key1.sign("some data")

# File 'lib/bitcoin/key.rb', line 100

def sign(data)
  sig = @key.dsa_sign_asn1(data)
  if Script::is_low_der_signature?(sig)
    sig
  else
    Bitcoin::OpenSSL_EC.signature_to_low_s(sig)
  end
end

#sign_message(message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 123

def sign_message(message)
  Bitcoin.sign_message(priv, pub, message)['signature']
end

#to_base58 ⇒ Object

Export private key to base58 format. See also Key.from_base58

# File 'lib/bitcoin/key.rb', line 166

def to_base58
  data = Bitcoin.network[:privkey_version] + priv
  data += "01"  if @pubkey_compressed
  hex  = data + Bitcoin.checksum(data)
  Bitcoin.int_to_base58( hex.to_i(16) )
end

#to_bip38(passphrase) ⇒ Object

Export private key to bip38 (non-ec-multiply) format as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also Key.from_bip38

# File 'lib/bitcoin/key.rb', line 177

def to_bip38(passphrase)
  flagbyte = compressed ? "\xe0" : "\xc0"
  addresshash = Digest::SHA256.digest( Digest::SHA256.digest( self.addr ) )[0...4]

  require 'scrypt' unless defined?(::SCrypt::Engine)
  buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
  derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]

  aes = proc{|k,a,b|
    cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.encrypt; cipher.padding = 0; cipher.key = k
    cipher.update [ (a.to_i(16) ^ b.unpack("H*")[0].to_i(16)).to_s(16).rjust(32, '0') ].pack("H*")
  }

  encryptedhalf1 = aes.call(derivedhalf2, self.priv[0...32], derivedhalf1[0...16])
  encryptedhalf2 = aes.call(derivedhalf2, self.priv[32..-1], derivedhalf1[16..-1])

  encrypted_privkey = "\x01\x42" + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2
  encrypted_privkey += Digest::SHA256.digest( Digest::SHA256.digest( encrypted_privkey ) )[0...4]

  encrypted_privkey = Bitcoin.encode_base58( encrypted_privkey.unpack("H*")[0] )
end

#verify(data, sig) ⇒ Object

Verify signature sig for data.

key2 = Bitcoin::Key.new(nil, key1.pub)
key2.verify("some data", sig)

# File 'lib/bitcoin/key.rb', line 112

def verify(data, sig)
  regenerate_pubkey unless @key.public_key
  sig = Bitcoin::OpenSSL_EC.repack_der_signature(sig)
  if sig
    @key.dsa_verify_asn1(data, sig)
  else
    false
  end
end

#verify_message(signature, message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 127

def verify_message(signature, message)
  Bitcoin.verify_message(addr, signature, message)
end