mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 07:08:13 +00:00
CH04::encrypted private keys: drop
These were always a bad idea and they've been superceded both in theory and in practice by HD wallets.
This commit is contained in:
parent
915b961d41
commit
1ddec1538e
@ -1207,68 +1207,6 @@ following sections we will look at advanced forms of keys and addresses,
|
|||||||
such as encrypted private keys, script and multisignature addresses,
|
such as encrypted private keys, script and multisignature addresses,
|
||||||
vanity addresses, and paper wallets.
|
vanity addresses, and paper wallets.
|
||||||
|
|
||||||
==== Encrypted Private Keys (BIP-38)
|
|
||||||
|
|
||||||
((("bitcoin improvement proposals", "Encrypted Private Keys
|
|
||||||
(BIP-38)")))((("keys and addresses", "advanced forms", "encrypted
|
|
||||||
private keys")))((("public and private keys", "encrypted private
|
|
||||||
keys")))((("passwords", "encrypted private keys")))((("security",
|
|
||||||
"passwords")))Private keys must remain secret. The need for
|
|
||||||
_confidentiality_ of the private keys is a truism that is quite
|
|
||||||
difficult to achieve in practice, because it conflicts with the equally
|
|
||||||
important security objective of _availability_. Keeping the private key
|
|
||||||
private is much harder when you need to store backups of the private key
|
|
||||||
to avoid losing it. A private key stored in a wallet that is encrypted
|
|
||||||
by a password might be secure, but that wallet needs to be backed up. At
|
|
||||||
times, users need to move keys from one wallet to another—to upgrade or
|
|
||||||
replace the wallet software, for example. Private key backups might also
|
|
||||||
be stored on paper (see <<paper_wallets>>) or on external storage media,
|
|
||||||
such as a USB flash drive. But what if the backup itself is stolen or
|
|
||||||
lost? These conflicting security goals led to the introduction of a
|
|
||||||
portable and convenient standard for encrypting private keys in a way
|
|
||||||
that can be understood by many different wallets and bitcoin clients,
|
|
||||||
standardized by BIP-38 (see <<appdxbitcoinimpproposals>>).
|
|
||||||
|
|
||||||
BIP-38 proposes a common standard for encrypting private keys with a
|
|
||||||
passphrase and encoding them with Base58Check so that they can be stored
|
|
||||||
securely on backup media, transported securely between wallets, or kept
|
|
||||||
in any other conditions where the key might be exposed. The standard for
|
|
||||||
encryption uses the Advanced Encryption Standard (AES), a standard
|
|
||||||
established by the NIST and used broadly in data encryption
|
|
||||||
implementations for commercial and military applications.
|
|
||||||
|
|
||||||
A BIP-38 encryption scheme takes as input a bitcoin private key, usually
|
|
||||||
encoded in the WIF, as a Base58Check string with the prefix of "5."
|
|
||||||
Additionally, the BIP-38 encryption scheme takes a passphrase—a long
|
|
||||||
password—usually composed of several words or a complex string of
|
|
||||||
alphanumeric characters. The result of the BIP-38 encryption scheme is a
|
|
||||||
Base58Check-encoded encrypted private key that begins with the prefix
|
|
||||||
+6P+. If you see a key that starts with +6P+, it is encrypted and
|
|
||||||
requires a passphrase in order to convert (decrypt) it back into a
|
|
||||||
WIF-formatted private key (prefix +5+) that can be used in any wallet.
|
|
||||||
Many wallet applications now recognize BIP-38-encrypted private keys and
|
|
||||||
will prompt the user for a passphrase to decrypt and import the key.
|
|
||||||
Third-party applications, such as the incredibly useful browser-based
|
|
||||||
http://bitaddress.org[Bit Address] (Wallet Details tab), can be used to
|
|
||||||
decrypt BIP-38 keys.
|
|
||||||
|
|
||||||
The most common use case for BIP-38 encrypted keys is for paper wallets
|
|
||||||
that can be used to back up private keys on a piece of paper. As long as
|
|
||||||
the user selects a strong passphrase, a paper wallet with BIP-38
|
|
||||||
encrypted private keys is incredibly secure and a great way to create
|
|
||||||
offline bitcoin storage (also known as "cold storage").
|
|
||||||
|
|
||||||
Test the encrypted keys in <<table_4-10>> using bitaddress.org to see
|
|
||||||
how you can get the decrypted key by entering the passphrase.
|
|
||||||
|
|
||||||
[[table_4-10]]
|
|
||||||
.Example of BIP-38 encrypted private key
|
|
||||||
|=======
|
|
||||||
| *Private Key (WIF)* | 5J3mBbAH58CpQ3Y5RNJpUKPE62SQ5tfcvU2JpbnkeyhfsYB1Jcn
|
|
||||||
| *Passphrase* | MyTestPassphrase
|
|
||||||
| *Encrypted Key (BIP-38)* | 6PRTHL6mWa48xSopbU1cKrVjpKbBZxcLRRCdctLJ3z5yxE87MobKoXdTsJ
|
|
||||||
|=======
|
|
||||||
|
|
||||||
[[p2sh_addresses]]
|
[[p2sh_addresses]]
|
||||||
==== Pay-to-Script Hash (P2SH) and Multisig Addresses
|
==== Pay-to-Script Hash (P2SH) and Multisig Addresses
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user