Class: Bitcoin::Key

Inherits:

Object

• Object
• Bitcoin::Key

Defined in:

lib/bitcoin/key.rb

Overview

Elliptic Curve key as used in bitcoin.

Instance Attribute Summary

• #key ⇒ Object readonly

  Returns the value of attribute key.

Class Method Summary

• .from_base58(str) ⇒ Object

  Import private key from base58 fromat as described in en.bitcoin.it/wiki/Private_key#Base_58_Wallet_Import_format and en.bitcoin.it/wiki/Base58Check_encoding#Encoding_a_private_key.

• .from_bip38(encrypted_privkey, passphrase) ⇒ Object

  Import private key from bip38 (non-ec-multiply) fromat as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also #to_bip38.

• .from_warp(passphrase, salt = "", compressed = false) ⇒ Object

  Import private key from warp fromat as described in github.com/keybase/warpwallet keybase.io/warp/.

• .generate(opts = {compressed: true}) ⇒ Object

  Generate a new keypair.

• .recover_compact_signature_to_key(data, signature_base64) ⇒ Object

  Thanks to whoever wrote pastebin.com/bQtdDzHx for help with compact signatures.

• .verify_message(address, signature, message) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #addr ⇒ Object

  Get the address corresponding to the public key.

• #compressed ⇒ Object
• #generate ⇒ Object

  Generate new priv/pub key.

• #hash160 ⇒ Object

  Get the hash160 of the public key.

• #initialize(privkey = nil, pubkey = nil, opts = {compressed: true}) ⇒ Key constructor

  Create a new key with given privkey and pubkey.

• #priv ⇒ Object

  Get the private key (in hex).

• #priv=(priv) ⇒ Object

  Set the private key to priv (in hex).

• #pub ⇒ Object

  Get the public key (in hex).

• #pub=(pub) ⇒ Object

  Set the public key (in hex).

• #pub_compressed ⇒ Object
• #pub_uncompressed ⇒ Object
• #sign(data) ⇒ Object

  Sign data with the key.

• #sign_message(message) ⇒ Object
• #to_base58 ⇒ Object

  Export private key to base58 format.

• #to_bip38(passphrase) ⇒ Object

  Export private key to bip38 (non-ec-multiply) format as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also Key.from_bip38.

• #verify(data, sig) ⇒ Object

  Verify signature sig for data.

• #verify_message(signature, message) ⇒ Object

Constructor Details

#initialize(privkey = nil, pubkey = nil, opts = {compressed: true}) ⇒ Key

Create a new key with given privkey and pubkey.

Bitcoin::Key.new
Bitcoin::Key.new(privkey)
Bitcoin::Key.new(nil, pubkey)

# File 'lib/bitcoin/key.rb', line 37

def initialize(privkey = nil, pubkey = nil, opts={compressed: true})
  compressed = opts.is_a?(Hash) ? opts.fetch(:compressed, true) : opts
  @key = Bitcoin.bitcoin_elliptic_curve
  @pubkey_compressed = pubkey ? self.class.is_compressed_pubkey?(pubkey) : compressed
  set_priv(privkey)  if privkey
  set_pub(pubkey, @pubkey_compressed)  if pubkey
end

Instance Attribute Details

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/bitcoin/key.rb', line 8

def key
  @key
end

Class Method Details

.from_base58(str) ⇒ Object

Import private key from base58 fromat as described in en.bitcoin.it/wiki/Private_key#Base_58_Wallet_Import_format and en.bitcoin.it/wiki/Base58Check_encoding#Encoding_a_private_key. See also #to_base58

# File 'lib/bitcoin/key.rb', line 20

def self.from_base58(str)
  hex = Bitcoin.decode_base58(str)
  compressed = hex.size == 76
  version, key, flag, checksum = hex.unpack("a2a64a#{compressed ? 2 : 0}a8")
  raise "Invalid version"   unless version == Bitcoin.network[:privkey_version]
  raise "Invalid checksum"  unless Bitcoin.checksum(version + key + flag) == checksum
  key = new(key, nil, compressed)
end

.from_bip38(encrypted_privkey, passphrase) ⇒ Object

Import private key from bip38 (non-ec-multiply) fromat as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also #to_bip38

# File 'lib/bitcoin/key.rb', line 200

def self.from_bip38(encrypted_privkey, passphrase)
  version, flagbyte, addresshash, encryptedhalf1, encryptedhalf2, checksum =
    [ Bitcoin.decode_base58(encrypted_privkey) ].pack("H*").unpack("a2aa4a16a16a4")
  compressed = (flagbyte == "\xe0") ? true : false

  raise "Invalid version"   unless version == "\x01\x42"
  raise "Invalid checksum"  unless Digest::SHA256.digest(Digest::SHA256.digest(version + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2))[0...4] == checksum

  require 'scrypt' unless defined?(::SCrypt::Engine)
  buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
  derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]

  aes = proc{|k,a|
    cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.decrypt; cipher.padding = 0; cipher.key = k
    cipher.update(a)
  }

  decryptedhalf2 = aes.call(derivedhalf2, encryptedhalf2)
  decryptedhalf1 = aes.call(derivedhalf2, encryptedhalf1)

  priv = decryptedhalf1 + decryptedhalf2
  priv = (priv.unpack("H*")[0].to_i(16) ^ derivedhalf1.unpack("H*")[0].to_i(16)).to_s(16).rjust(64, '0')
  key = Bitcoin::Key.new(priv, nil, compressed)

  if Digest::SHA256.digest( Digest::SHA256.digest( key.addr ) )[0...4] != addresshash
    raise "Invalid addresshash! Password is likely incorrect."
  end

  key
end

.from_warp(passphrase, salt = "", compressed = false) ⇒ Object

Import private key from warp fromat as described in github.com/keybase/warpwallet keybase.io/warp/

# File 'lib/bitcoin/key.rb', line 234

def self.from_warp(passphrase, salt="", compressed=false)
  require 'scrypt' unless defined?(::SCrypt::Engine)
  s1 = SCrypt::Engine.scrypt(passphrase+"\x01", salt+"\x01", 2**18, 8, 1, 32)
  s2 = OpenSSL::PKCS5.pbkdf2_hmac(passphrase+"\x02", salt+"\x02", 2**16, 32, OpenSSL::Digest::SHA256.new)
  s3 = s1.bytes.zip(s2.bytes).map{|a,b| a ^ b }.pack("C*")

  key = Bitcoin::Key.new(s3.unpack("H*")[0], nil, compressed)
  # [key.addr, key.to_base58, [s1,s2,s3].map{|i| i.unpack("H*")[0] }, compressed]
  key
end

.generate(opts = {compressed: true}) ⇒ Object

Generate a new keypair.

Bitcoin::Key.generate

# File 'lib/bitcoin/key.rb', line 12

def self.generate(opts={compressed: true})
  k = new(nil, nil, opts); k.generate; k
end

.recover_compact_signature_to_key(data, signature_base64) ⇒ Object

Thanks to whoever wrote pastebin.com/bQtdDzHx for help with compact signatures

Given data and a compact signature (65 bytes, base64-encoded to a larger string), recover the public components of the key whose private counterpart validly signed data.

If the signature validly signed data, create a new Key having the signing public key and address. Otherwise return nil.

Be sure to check that the returned Key matches the one you were expecting! Otherwise you are merely checking that someone validly signed the data.

# File 'lib/bitcoin/key.rb', line 146

def self.recover_compact_signature_to_key(data, signature_base64)
  signature = signature_base64.unpack("m0")[0]
  return nil if signature.size != 65

  version = signature.unpack('C')[0]
  return nil if version < 27 or version > 34
 
  compressed = (version >= 31) ? (version -= 4; true) : false

  hash = Bitcoin.bitcoin_signed_message_hash(data)
  pub_hex = Bitcoin::OpenSSL_EC.recover_public_key_from_signature(hash, signature, version-27, compressed)
  return nil unless pub_hex

  Key.new(nil, pub_hex)
end

.verify_message(address, signature, message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 129

def self.verify_message(address, signature, message)
  Bitcoin.verify_message(address, signature, message)
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/bitcoin/key.rb', line 29

def ==(other)
  self.priv == other.priv
end

#addr ⇒ Object

Get the address corresponding to the public key.

# File 'lib/bitcoin/key.rb', line 96

def addr
  Bitcoin.hash160_to_address(hash160)
end

#compressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 81

def compressed
  @pubkey_compressed
end

#generate ⇒ Object

Generate new priv/pub key.

# File 'lib/bitcoin/key.rb', line 46

def generate
  @key.generate_key
end

#hash160 ⇒ Object

Get the hash160 of the public key.

# File 'lib/bitcoin/key.rb', line 91

def hash160
  Bitcoin.hash160(pub)
end

#priv ⇒ Object

Get the private key (in hex).

# File 'lib/bitcoin/key.rb', line 51

def priv
  return nil  unless @key.private_key
  @key.private_key.to_hex.rjust(64, '0')
end

#priv=(priv) ⇒ Object

Set the private key to priv (in hex).

# File 'lib/bitcoin/key.rb', line 57

def priv= priv
  set_priv(priv)
  regenerate_pubkey
end

#pub ⇒ Object

Get the public key (in hex). In case the key was initialized with only a private key, the public key is regenerated.

# File 'lib/bitcoin/key.rb', line 65

def pub
  regenerate_pubkey unless @key.public_key
  return nil        unless @key.public_key
  @pubkey_compressed ? pub_compressed : pub_uncompressed
end

#pub=(pub) ⇒ Object

Set the public key (in hex).

# File 'lib/bitcoin/key.rb', line 86

def pub= pub
  set_pub(pub)
end

#pub_compressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 71

def pub_compressed
  @key.public_key.group.point_conversion_form = :compressed
  @key.public_key.to_hex.rjust(66, '0')
end

#pub_uncompressed ⇒ Object

# File 'lib/bitcoin/key.rb', line 76

def pub_uncompressed
  @key.public_key.group.point_conversion_form = :uncompressed
  @key.public_key.to_hex.rjust(130, '0')
end

#sign(data) ⇒ Object

Sign data with the key.

key1 = Bitcoin::Key.generate
sig = key1.sign("some data")

# File 'lib/bitcoin/key.rb', line 103

def sign(data)
  Bitcoin.sign_data(key, data)
end

#sign_message(message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 121

def sign_message(message)
  Bitcoin.sign_message(priv, pub, message)['signature']
end

#to_base58 ⇒ Object

Export private key to base58 format. See also Key.from_base58

# File 'lib/bitcoin/key.rb', line 164

def to_base58
  data = Bitcoin.network[:privkey_version] + priv
  data += "01"  if @pubkey_compressed
  hex  = data + Bitcoin.checksum(data)
  Bitcoin.int_to_base58( hex.to_i(16) )
end

#to_bip38(passphrase) ⇒ Object

Export private key to bip38 (non-ec-multiply) format as described in github.com/bitcoin/bips/blob/master/bip-0038.mediawiki See also Key.from_bip38

# File 'lib/bitcoin/key.rb', line 175

def to_bip38(passphrase)
  flagbyte = compressed ? "\xe0" : "\xc0"
  addresshash = Digest::SHA256.digest( Digest::SHA256.digest( self.addr ) )[0...4]

  require 'scrypt' unless defined?(::SCrypt::Engine)
  buf = SCrypt::Engine.__sc_crypt(passphrase, addresshash, 16384, 8, 8, 64)
  derivedhalf1, derivedhalf2 = buf[0...32], buf[32..-1]

  aes = proc{|k,a,b|
    cipher = OpenSSL::Cipher::AES.new(256, :ECB); cipher.encrypt; cipher.padding = 0; cipher.key = k
    cipher.update [ (a.to_i(16) ^ b.unpack("H*")[0].to_i(16)).to_s(16).rjust(32, '0') ].pack("H*")
  }

  encryptedhalf1 = aes.call(derivedhalf2, self.priv[0...32], derivedhalf1[0...16])
  encryptedhalf2 = aes.call(derivedhalf2, self.priv[32..-1], derivedhalf1[16..-1])

  encrypted_privkey = "\x01\x42" + flagbyte + addresshash + encryptedhalf1 + encryptedhalf2
  encrypted_privkey += Digest::SHA256.digest( Digest::SHA256.digest( encrypted_privkey ) )[0...4]

  encrypted_privkey = Bitcoin.encode_base58( encrypted_privkey.unpack("H*")[0] )
end

#verify(data, sig) ⇒ Object

Verify signature sig for data.

key2 = Bitcoin::Key.new(nil, key1.pub)
key2.verify("some data", sig)

# File 'lib/bitcoin/key.rb', line 110

def verify(data, sig)
  regenerate_pubkey unless @key.public_key
  sig = Bitcoin::OpenSSL_EC.repack_der_signature(sig)
  if sig
    @key.dsa_verify_asn1(data, sig)
  else
    false
  end
end

#verify_message(signature, message) ⇒ Object

# File 'lib/bitcoin/key.rb', line 125

def verify_message(signature, message)
  Bitcoin.verify_message(addr, signature, message)
end