mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 07:08:13 +00:00
CH04::encrypted private keys: drop
These were always a bad idea and they've been superceded both in theory and in practice by HD wallets.
This commit is contained in:
parent
915b961d41
commit
1ddec1538e
@ -1207,68 +1207,6 @@ following sections we will look at advanced forms of keys and addresses,
|
||||
such as encrypted private keys, script and multisignature addresses,
|
||||
vanity addresses, and paper wallets.
|
||||
|
||||
==== Encrypted Private Keys (BIP-38)
|
||||
|
||||
((("bitcoin improvement proposals", "Encrypted Private Keys
|
||||
(BIP-38)")))((("keys and addresses", "advanced forms", "encrypted
|
||||
private keys")))((("public and private keys", "encrypted private
|
||||
keys")))((("passwords", "encrypted private keys")))((("security",
|
||||
"passwords")))Private keys must remain secret. The need for
|
||||
_confidentiality_ of the private keys is a truism that is quite
|
||||
difficult to achieve in practice, because it conflicts with the equally
|
||||
important security objective of _availability_. Keeping the private key
|
||||
private is much harder when you need to store backups of the private key
|
||||
to avoid losing it. A private key stored in a wallet that is encrypted
|
||||
by a password might be secure, but that wallet needs to be backed up. At
|
||||
times, users need to move keys from one wallet to another—to upgrade or
|
||||
replace the wallet software, for example. Private key backups might also
|
||||
be stored on paper (see <<paper_wallets>>) or on external storage media,
|
||||
such as a USB flash drive. But what if the backup itself is stolen or
|
||||
lost? These conflicting security goals led to the introduction of a
|
||||
portable and convenient standard for encrypting private keys in a way
|
||||
that can be understood by many different wallets and bitcoin clients,
|
||||
standardized by BIP-38 (see <<appdxbitcoinimpproposals>>).
|
||||
|
||||
BIP-38 proposes a common standard for encrypting private keys with a
|
||||
passphrase and encoding them with Base58Check so that they can be stored
|
||||
securely on backup media, transported securely between wallets, or kept
|
||||
in any other conditions where the key might be exposed. The standard for
|
||||
encryption uses the Advanced Encryption Standard (AES), a standard
|
||||
established by the NIST and used broadly in data encryption
|
||||
implementations for commercial and military applications.
|
||||
|
||||
A BIP-38 encryption scheme takes as input a bitcoin private key, usually
|
||||
encoded in the WIF, as a Base58Check string with the prefix of "5."
|
||||
Additionally, the BIP-38 encryption scheme takes a passphrase—a long
|
||||
password—usually composed of several words or a complex string of
|
||||
alphanumeric characters. The result of the BIP-38 encryption scheme is a
|
||||
Base58Check-encoded encrypted private key that begins with the prefix
|
||||
+6P+. If you see a key that starts with +6P+, it is encrypted and
|
||||
requires a passphrase in order to convert (decrypt) it back into a
|
||||
WIF-formatted private key (prefix +5+) that can be used in any wallet.
|
||||
Many wallet applications now recognize BIP-38-encrypted private keys and
|
||||
will prompt the user for a passphrase to decrypt and import the key.
|
||||
Third-party applications, such as the incredibly useful browser-based
|
||||
http://bitaddress.org[Bit Address] (Wallet Details tab), can be used to
|
||||
decrypt BIP-38 keys.
|
||||
|
||||
The most common use case for BIP-38 encrypted keys is for paper wallets
|
||||
that can be used to back up private keys on a piece of paper. As long as
|
||||
the user selects a strong passphrase, a paper wallet with BIP-38
|
||||
encrypted private keys is incredibly secure and a great way to create
|
||||
offline bitcoin storage (also known as "cold storage").
|
||||
|
||||
Test the encrypted keys in <<table_4-10>> using bitaddress.org to see
|
||||
how you can get the decrypted key by entering the passphrase.
|
||||
|
||||
[[table_4-10]]
|
||||
.Example of BIP-38 encrypted private key
|
||||
|=======
|
||||
| *Private Key (WIF)* | 5J3mBbAH58CpQ3Y5RNJpUKPE62SQ5tfcvU2JpbnkeyhfsYB1Jcn
|
||||
| *Passphrase* | MyTestPassphrase
|
||||
| *Encrypted Key (BIP-38)* | 6PRTHL6mWa48xSopbU1cKrVjpKbBZxcLRRCdctLJ3z5yxE87MobKoXdTsJ
|
||||
|=======
|
||||
|
||||
[[p2sh_addresses]]
|
||||
==== Pay-to-Script Hash (P2SH) and Multisig Addresses
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user