Idelto

Cryptocurrency news website

Private Key

Weighing The Options Of Bitcoin Private Key Management

by

What environmental factors should one consider when deciding upon the various options available to store and manage Bitcoin private keys?

Bitcoin key management is probably one of the scariest aspects of interacting with your money for a new user with any sizable amount of value. It’s also one of the most important aspects. One of the core aspects of bitcoin that truly differentiates it from the forms of digital value that preceded it historically is the ability to control and custody your own funds, to not have to depend on some central authority or record keeper to maintain possession of and retain the ability to transfer or spend it. Without the ability to hold your own private keys, it would not be possible to truly use bitcoin in a self-sovereign way without third parties. This opens up a door of massive potential and possibilities, but also a door to massive responsibility and risk. As has commonly been reiterated many times over the years, there is no Bitcoin customer support. There is no help desk to call, no one to hold your hand and undo mistakes you might make, there’s just you.

This is the most difficult hurdle to overcome in terms of taking custody of your own bitcoin, and it is both a mental and practical hurdle. The space is awash with different ideas of best practices, how-to guides, opinions on the best device to use, and new users are bombarded from all directions with this information when they arrive here. The simple reality though, is that there is no one-size-fits-all solution to how to store your bitcoin. There are some things that are more widely applicable to people than other things, there are solutions that are better suited for larger or smaller amounts, there are some solutions that make no sense or make perfect sense depending on your living situation. But there is no one best practice for managing your private keys that applies to everyone equally. Anyone who tells you otherwise is probably not someone you should be listening to in regards to advice on the subject.

There are all kinds of ways to manage your keys, but things have come a long way since Bitcoin was first created. The original Bitcoin client generated single stand-alone keys backed up in a password-protected digital file and every time you received new coins you would have to make a new backup or risk losing that money; each new receive address was a newly-generated key totally unrelated to the other ones, and not contained in the last backup you made. Nowadays we have mnemonic seeds and deterministic wallets to allow a user to make a single backup and not have to worry about renewing that every time they receive new funds.

However, there is a lot more to safely managing keys than just the form your backup takes.

Singlesig And Multisig

One of the first things people will run into in regards to key management advice is the contention of whether or not to use a single-signature wallet or a multisig wallet. Both “camps” tend to take an extremist view that they are the one-size-fits-all solution for your average user, and tend to bombastically advise only using one or the other, it’s “automatically more security!” But as I said above, there is no such thing as a one-size-fits-all solution when it comes to key management. Every individual person is in their own personal situation, and that needs to be considered above all else before deciding how to go about things.

Let’s look at some of the benefits of a singlesig wallet before we go into multisig. First, the entire wallet requires only retaining a copy of your mnemonic seed in order to be recoverable. Every single Bitcoin address that you send money to can be deterministically generated again on another device. The seed is literally the only thing that you need to recover all of your coins. Another benefit is the cost of spending. When sending coins using a single signature on the blockchain, they take up less blockspace and thus cost less in fees because only a single signature is required in the witness data of the transaction. In terms of inheritance situations, single-signature also has the benefit of being a simple thing (the mnemonic seed) that can be left for your friends and family. As long as they have a simple-to-use and secure device to import it into, it’s pretty easy to handle with some basic guidance. What is the obvious major downside? A single point of failure. If your mnemonic or keys are compromised, that’s all she wrote. That is all that is required for a malicious actor to steal your coins, and there is no undoing that once it is done. No support line to call, no chargebacks. They’re gone for good.

What are the upsides of a multisig wallet? There is no single point of failure; you are unable to spend coins in a multisig wallet without access to multiple sets of private keys. This allows the geographic distribution of mnemonic seeds to increase the cost of gaining access to enough key sets in order to steal someone’s bitcoin. It also opens the door to letting other people take possession of one set of keys in the multisig aside from the actual owner, or distributing the keys amongst a group of people so that no one individual “owns” them from the point of view of having enough keys to spend them on their own. This is how companies like Casa or Unchained Capital are able to offer services that to some degree do hold user’s hands, offering them a safety net in the form of a recovery key held by the service to safeguard the user against losing some (although not all) of the keys they possess in the multisig. What are some of the downsides of multisig? The necessity to safeguard all of the master public keys involved in the wallet. When you use a singlesig, all you need is the mnemonic seed to recover it. But because a multisig wallet uses all of the public keys from every mnemonic seed involved, you have to back them up as well. The problem here is that if you lose a mnemonic seed involved in the multisig, and don’t have a separate backup of the matching public key, you have no way to recover it, and without that public key you cannot regenerate the multisig address to find your funds on chain, and therefore have lost access to those funds. Multisig (at least until MuSig schemes using Schnorr/Taproot are adopted) are also more expensive to spend on chain than a singlesig, so sending your money anywhere is more expensive than with a singlesig address.

So let’s look at an imaginary Bitcoiner: they live alone in an apartment, they do not get along well with their family, their friends are not the most responsible people, and they are sitting around contemplating how to set up their key management solution. Some person attempting to be helpful on Twitter advises they set up a multisig wallet with Specter or Blue Wallet. How does multisig help this person? They have no place to store keys aside from their apartment, so they are going to be keeping all the keys in one place. This prevents any benefits of spreading multisig keys around to be redundant against loss or theft, and comes with the cost of more expensive transactions on chain. As well, even though not the most likely scenario because all the seeds are stored together, they risk losing funds if they misplace or damage one seed and do not maintain public key backups. It adds no meaningful security, increases the cost of spending their bitcoin, and adds additional ways for them to lose access to their money. What might make sense for such a person is utilizing a multisig service where the provider holds a key for them to assist in recovery. If using a 2-of-3, they can keep two seeds at their apartment, the provider has one, and leave a single seed with untrusted family or irresponsible friends knowing that the single seed is not enough for them to spend the funds. They can even leave that one seed with multiple people in case someone loses or destroys their copy, so they can still recover funds if they were to lose access to both of their seeds kept at home.

Let’s look at another imaginary Bitcoiner: someone with their own house, as well as a cabin somewhere in the wilderness they own as a vacation home. Maybe they’re a senior software engineer, or a lawyer, someone who has their own locked office in their workplace. They have many different places under a reasonable amount of their own control. In this case it makes sense for this person to utilize a multisig setup with noone involved but themselves. They can generate a 2-of-3 wallet, leave one seed at home, one seed at their cabin, and one seed at their office (obviously leaving a copy of all three public keys with each seed backup). This provides them with geographic redundancy protecting them against both loss of funds and theft because they actually have access to multiple safe locations where they can store key material, unlike the first hypothetical Bitcoiner above.

Both of these scenarios should clearly demonstrate the strengths and drawbacks of both methods depending on a person’s individual circumstances. Using multisig because “it’s more secure!” is not always a sensible choice for everyone. Even if it does make sense, it doesn’t necessarily make sense to use it in the same way as someone else would. Before making a decision between a single key and multisig key set up, you should think long and hard about your own living circumstances and what makes sense for you.

Passphrases

Passphrases are also something billed as a catch-all solution to security. The reality is a lot more complicated and nuanced than that. Assume for the purposes of this discussion that you have had your mnemonic seed compromised (a passphrase is just like any internet password in that scenario from a simplistic point of view). It only adds as much security as there is entropy in the passphrase. If you used a secure passphrase, obviously this can be a good amount of added security, but this comes with the trade-off that the more secure your passphrase is the harder it will be to memorize. The core purpose of a passphrase is to have something you remember, and not physically stored anywhere, so the use of a passphrase becomes a balancing act of adding security but not creating too great a risk of forgetting it. If you don’t remember your passphrase, you lose access to your funds.

This write-up on Coldbit’s website gives a good breakdown of the entropy of different styles of passphrases, from using BIP-39 mnemonic words, to other word lists, to alphanumeric passwords. The article defines different classes of attackers based on the resources at their disposal: a single laptop, a few GPUs, a specialized ASIC for passphrase cracking, and a large supercluster of passphrase ASICs. For each class of attacker they rate on average the time it would take to brute force a passphrase based on its length and what resources an attacker has. This is something that everyone using a passphrase should consider when selecting one. Unless you approach the same entropy as a mnemonic seed itself, a passphrase is just a temporary shield to allow you to move your funds to a new seed before the attacker can bruteforce your passphrase, and if you approach the same entropy as a mnemonic seed you are heavily raising the risk of forgetting the passphrase and losing access to your funds.

The last point on seed phrases is memorizing versus writing down and storing somewhere. If memorizing a seed it might be prudent to temporarily write it down until you are confident you have it memorized, and then destroy the written copy. If you do wind up making a permanent physical copy of it, then in my opinion the best thing to do is treat it like a multisig setup. Your mnemonic and passphrase each constitute two “keys” in a “multisig” at that point, and storing both of them in the same place is a bad security risk. The major benefit of a passphrase is adding “something you know” to “something you have” (your mnemonic). If you deviate from this use of a passphrase by writing it down, keep that in mind and plan accordingly to keep them separate and not easy to find together.

Storing Seed Backups

This is a key point to consider in any wallet set up; hardware wallets generally provide physical security to make extracting your keys from the device very expensive, and any software wallet that is safe to use will be storing your keys encrypted when the wallet is not open and in use. However, all of these protections are moot if you just leave a mnemonic seed sitting around on a desk. Physical security of a mnemonic seed is of the utmost importance, whether that comes from a safe, or hiding it in some place that is not somewhere a thief or attacker will look is something for you to consider based on your situation. But it should not be somewhere easily accessible by anyone but you. A safe that is difficult to remove or break into would be a good place, or somewhere that is not immediately obvious, like writing it inside a book across many pages or under a loose floorboard (don’t take these examples literally per se, but the idea is that somewhere a thief is not going to think to look for something valuable).

If you wind up storing a mnemonic somewhere other than your own home, I cannot stress this enough, do not do so without a decently strong passphrase and preferably with some kind of tamperproof bag or setup so that you can periodically verify the seed is still there and has not been tampered with by anyone else since your last check. Personally I think that strong physical security or obfuscation (hiding) is the way to go in your own residence, but if you do have a need to store elsewhere due to security or disaster risks, I would advise storing it with someone you trust regardless of any tamperproof measures or passphrases you have in place (security deposit boxes are a horrible idea for singlesig addresses).

One last thing to consider if this happens to be a situation you might find yourself in, is how do you destroy a metal seed backup? Imagine you are leaving the country and never coming back, yet you have a word seed stamped with letter presses or etched in. You can’t bring that through customs. You also don’t want to leave it sitting around where it can be found when you leave if you plan on continuing to use it. If this is a scenario you see in your future potentially, it might make sense to use tile-based seed backups if you want to keep steel ones for durability purposes, otherwise you are going to have to migrate all of your funds to a new seed before or after leaving. This could be a time-consuming and complex thing if you have funds segregated among different passphrases, or have managed your UTXOs to keep them isolated, because you will have to move funds bit by bit without connecting them to maintain that privacy and isolation.

The Big Picture

Managing your own keys is the core of what makes Bitcoin special, but it is also a big responsibility. It’s like going for a hike out in the wilderness. There are many different paths you can take; some are arduous and grueling, uphill the whole way, while some are nice easy paths, and some have obstacles in the way. You can even walk completely off the trails if you so choose, but that comes with the risk of getting lost. When you go out in the elements, there is no one you can depend on but yourself. The level of preparation and understanding needed is not going to be the same for everyone, and you shouldn’t let yourself fall into the trap of thinking that is the case.

This is a guest post by Shinobi. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

The Swiss Tradition Is A Perfect Match For Bitcoin

by

A long tradition of financial discretion makes Switzerland the perfect place to store one’s private keys in a way that will be fully protected.

(Source) The dome of the Swiss Federal Palace with the coats of arms of the cantons.

Fynn Kreuz is the CEO of the Swiss Bitcoin company, Numbrs.

Independence

In 1291, three regions of the Holy Roman Empire seceded and swore an oath that founded the Swiss Confederacy. This movement, born out of a longing for freedom and independence, began when the mythical national hero, William Tell, challenged a tyrannical bailiff called Albrecht Gessler.

Over 700 years later, Bitcoin was created to secede from the existing financial and monetary order. In its struggle for freedom and independence, Bitcoin fights traditional finance, dishonest narratives and the regulatory overreach of agencies such as the SEC, run by Gary Gensler. It is said that history does not repeat itself, but often rhymes. In this case, ironically, Gessler and Gensler literally rhyme.

Bitcoin and Switzerland share a fundamental philosophy relating to freedom and independence. We at Numbrs, believe Bitcoin is the world’s best safe-haven store of value and Switzerland will become the logical destination to store one’s precious private keys. Rooted in its long tradition of safety, stability and privacy, Switzerland will transform its financial landscape, as a result of Bitcoin, and we will be at the forefront of this inevitable development.

Tradition

Ever since its creation, Switzerland has molded its system on the founding principles of freedom and independence. A deeply ingrained distrust of centralized power has given it a unique political system based on a loose union of states, or cantons, which all retain their own parliaments, governments and courts. This loose union is bound together by a weak central core, or federal government, that enacts decisions made in a system of national referenda. The general population remains the ultimate arbiter of political power and guardian of the rule of law. This decentralized governance system has made it one of the safest, most stable and wealthiest countries in the history of the world as well as the world’s premier safe-haven destination for the accumulation of wealth. A large portion of the world’s art, gold and precious stones are stored in the world’s most secure vaults in Switzerland.

Switzerland also has a long tradition of financial privacy. In the early 18th century, European Catholic monarchs gave their money to Swiss Protestant bankers to manage and neither side wanted it to be known they were dealing with each other. The Great Council of Geneva thereby began a tradition of banking secrecy, which would be enshrined in Swiss law in 1934. Subsequent attempts by governments around the world to confiscate assets and impose exorbitant taxes led an increasing amount of capital to Switzerland. The prestige of the Swiss financial system has outlived political crises, world wars and economic catastrophes.

Revolution

Today, banking secrecy in traditional finance is all but dead, but Bitcoin has established a new and superior pseudonymous transaction system. Through cryptography, Bitcoin has allowed for the creation, transfer and storage of economic value on the digital sphere. It is run on a decentralized, borderless protocol maintained by a global network of computers owned by no single person, government or legal entity. Its supply is unalterable and is on a known issuance schedule, maxing out at 21 million bitcoin.

It is vastly superior to cash, as no government has the power to debase bitcoin by producing more of it. It is also superior to gold and other precious metals, as its supply is predictable, the schedule of supply issuance is fixed and unalterable. Beyond its fixed supply, Bitcoin’s technical attributes make it far safer, more practical and discreet than traditional stores of value. Enormous economic value can be easily divided and transferred across the planet cheaply, securely and instantaneously in Bitcoin. The only infrastructure required for the system to run is the internet.

Beyond practicality, Bitcoin is breaking the traditional financial order by giving its users unadulterated ownership over their economic assets. There is no bank or financial intermediary which people have to trust to manage their livelihood. With a non-custodial wallet and private keys, each user acts as their own bank. This feature of Bitcoin, among others, is revolutionary. You no longer have to trust banks and you no longer have to worry about governments enforcing financial censorship, confiscation or other draconian policies through banks.

Bitcoin’s hard cap, technical attributes and private-key ownership make it the world’s best safe-haven store of value. This financial revolution allowed the Bitcoin network to settle over $13 trillion of transactions in 2021 and brought its market cap to over $1 trillion. We believe this is just the beginning and increasing global instability and economic mismanagement will lead to growing grassroots adoption and increased momentum for Bitcoin. Society will eventually reach a tipping point and fiat will be entirely discredited as a means of exchange. Bitcoin will become the only logical and viable alternative. An increasing number of nations will accept it as legal tender and make it the basis of a new monetary order.

Future

In order to fully benefit from this financial revolution, users must store their bitcoin in non-custodial wallets that give them full control over their private keys. Recent events around the world have shown how governments can easily use banks and centralized exchanges to expropriate users of their wealth. Bitcoin, through the use of private keys, puts people’s wealth outside of this overreach. The ownership and storage of private keys is thus of primordial importance to preserve one’s livelihood.

It is for this reason that Switzerland is the logical place to develop the safest solution to store bitcoin. With a long tradition of safety and financial discretion, a Swiss non-custodial wallet, backed up by military encryption in the heart of the Swiss Alps, is the only way that one’s bitcoin will be fully protected and conveniently accessible.

In order for Switzerland to remain at the forefront of finance, it will have to adapt and continue its long tradition of financial security and excellence. We are delighted to see that the legal framework is at the cutting edge of the needs of a new digital monetary system and we will continue to strive to take a leading role in the industry.

This is a guest post by Fynn Kreuz. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.

Bitcoin Security: Trustless Private Messaging With Public And Private Key Cryptography

by

Message privacy, increasingly important to Bitcoiners, can be achieved with public and private key cryptography.

As a Bitcoiner, you’re going to need a secure way to communicate privately, without relying on a company to encrypt your data for you. For example, freely available methods with end-to-end encryption like Telegram (not with its default option) and Signal and others are easy to use, but I don’t completely trust them.

This article will show you how to send messages using free open-source software, GNU Privacy Guard (gpg), which allows encryption and decryption using public and private key cryptography. It’s more tricky at first to DIY, but once you get the hang of it, it’s not that hard. I’ll take you through it step by step, just follow along and bookmark this article for future reference.

This is a little more background about gpg (including pgp) for those who wish to dig deeper. It’s of interest to note that public and private key cryptography is not only used for encryption and decryption, but also used for the verification of digital signatures — used in Bitcoin transactions and also data in general (e.g., checking if the software you downloaded is genuine and not tampered with, as shown in the first video here).

How It Works

To make a public and private key pair, your computer generates a very large (“unguessable”) random number from which the gpg software will create for us a private key, and from that, a public key is created (just like Bitcoin private keys, more info here).

The public key is shared with the world (like a Bitcoin address) and contains your ID (email and name) which you publish online. Here is mine. Think of the public key like an open safe. Anyone can write a message and encrypt that message with your PUBLIC key (i.e., put it in your safe and lock the door shut) — only you have the private key and, therefore, only you can open your safe (i.e., decrypt and read the message).

A side note: Don’t worry about this for now — just note that, in Bitcoin, there is no “encryption” going on with payments. Instead, there are “signatures” made with private keys, which can be “verified” by anyone using public keys.

Overview

In this guide, I’ll take you through the following steps:

  1. Download gpg.
  2. Make your own private and public key.
  3. Store your private key to a USB drive.
  4. Upload your private key to your other computer’s’ keychain.
  5. Upload your PUBLIC key to a keyserver and/or your website.
  6. Upload your public key’s fingerprint to your online profile, e.g., Twitter or Keybase.
  7. Send me a message encrypted with my public key, and I will reply encrypting with your public key.

Download GPG

The first thing you’ll need to do is download the gpg software.

Linux

If you’re using Linux, gpg should already be installed. If not, you can install it with the command:

sudo apt-get install gnupg

If you just want to check if it’s installed, type this:

gpg –version

HINT: If you’re running a Bitcoin Node on a Raspberry Pi, you can actually use SSH to access your Pi’s terminal and run gpg commands like that. If what I said makes no sense, don’t worry, ignore it, it’s outside the scope of this article.

Mac

If you have a Mac, you’ll need to download and install “GPG Suite” — it’s free unless you also want the email tools (no need). This will give you the command line tools you need.

Windows

Download and install “Gpg4Win.” It’s free. There is a donation page before downloading, you can select $0 to proceed.

When installing, you can uncheck all the boxes except the first.

Make Your Own Private and Public Key

Open the terminal in Mac or Linux or command prompt in Windows.

Type:

gpg –full-generate-key

Choose the default RSA option.

Then choose the size of your key. Bigger is more secure.

Then select how long the key should be valid. I prefer not to let the key expire.

Then you’ll fill out some personal details. This will be made public so people know who the public key belongs to. The data actually gets embedded into the key. Choose “O” for “Okay” to proceed.

Then lock your private key with a “passphrase.”

I was advised to move the mouse around or type on the keyboard during key creation to add some extra randomness to the key. These are the details of the key I created (at the bottom).

Store Your Public Key To A USB Drive

The computer you used to create the private key has the key in its “keychain,” and it’s locked with a passphrase. The keychain is just an abstract concept — the key(s) are actually just stored in a file somewhere.

I suggest you backup your private key to a USB thumb drive. This allows you to copy it to a different computer if needed and reduces the risk of loss.

To do that, we first have to export it from the keychain and put it into a file.

Start by getting the key’s ID:

gpg –list-keys

This shows you all the keys (public and private) in your computer’s keychain.

Copy the key ID to the clipboard. Mine is:

D7200D35FF3BEDFDAB6E0C996565B2E40BC9A48F

Then we export the public keys to a file, and we need to put the key ID in the command (that’s why we copied it to the clipboard).

The above command uses gpg and has some options.

The “–output” option specifies that the output should go to a file, provided straight after.

I chose “public.gpg” ias the name of the file, and it will be created as the command is executed.

“–armor” specifies the output should be in ASCII-armored format and “–export” specifies which key from the keychain should be exported, provided straight after.

If you want to see the contents of the file, just use the “less” command (‘q’ exits the ‘less’ function):

less public.gpg

Next, let’s export the private key. The command is like the one before with some adjustments. Change the file name to something like “private.gpg” and change the “–export” option to “–export-secret-key.”

We now have “public.gpg” and “private.gpg” files in the current directory. Copy them to a USB drive and keep them safe and hidden. It’s not as sensitive as a Bitcoin private key, but the loss or theft of the “private.gpg” file would allow someone to impersonate you. If your passphrase is strong, it’s unlikely an attacker will be able to use your private key even if they got their grubby hands on it.

Upload Your Keys To Your Other Computer’s Keychain

Take your USB drive with your private key to your other computer. Make sure gpg is installed. Open a terminal and navigate to the location of your file. Enter the command:

gpg –import private.gpg

Remember “private.gpg” is a file name, so replace that with your file’s name, don’t just blindly copy the command without thinking. You will be asked to enter the passphrase, and then the private and public keys will be imported in one go.

To delete the private key, the command is:

gpg –delete-secret-keys KEY_ID

Substitute KEY_ID for the key ID or email of your key.

Upload Your PUBLIC Key To A Keyserver And/Or Your Website

There are several popular keyservers in use around the world. The major keyservers synchronize themselves just like Bitcoin nodes do, so it is fine to pick a keyserver close to you on the internet and then use it regularly for sending and receiving keys (PUBLIC keys, of course).

gpg –keyserver keyserver.ubuntu.com –send-key D7200D35FF3BEDFDAB6E0C996565B2E40BC9A48F

The above command is on one line. There is a space after “–send-key” which may not be obvious as the formatting on your browser may break the line into two.

“–keyserver” is an option that expects the web address of a keyserver next.

“–send-key” is an option that expects a Key_ID.

If you want to import a public key of someone else directly from a keyserver, enter the above command but change “–send-key” to “recv-key,” and use his or her Key_ID.

Upload Your Public Key’s Fingerprint To Your Twitter/Keybase

What’s the point of this? If you display a short version of your public key in various places, someone sending you a message can be more certain that they are downloading the correct public key.

You can see your key’s fingerprint with this command:

gpg –fingerprint KEY_email

With most of these commands, sometimes an email will work, sometimes it needs the exact KEY_ID. You can always see what your KEY_ID is with:

gpg –list-keys

Once you see your fingerprint, copy it and paste it into your online profiles as I have done on Twitter.

When you download my public key, the fingerprint will be displayed after you import it, or if you use the “–list-keys” command, or “gpg –fingerprint Key_ID”.

You can then check the output with my online profile to make sure you have the correct key.

Send Me A Message Encrypted With My Public Key, And I Will Reply Encrypting With Your Public Key

First, you’ll need to get my public key. You can browse to keyserver.ubuntu.com, and enter my email into the search field.

Or you can visit my contacts/gpg page and follow instructions there. Copy my Key_ID to the clipboard.

Open a terminal and enter this command:

gpg –keyserver keyserver.ubuntu.com –recv-keys e7c061d4c5e5bc98

You now have my public key imported to your computer’s keychain.

Now you can type a letter to me in a text file (letter.txt) or Word document (anything, really) and save it to disk. In a terminal, navigate to where you stored the file. Then type this command:

gpg –output letter.gpg –encrypt –recipient [email protected] letter.txt

Here you’ve got a command which will be all on one line. The “–output” option lets you create a filename typed immediately afterward, where the encrypted data will go.

The “–encrypt” option is an instruction to encrypt.

The “–recipient” option allows you to choose which public key in your keychain to use to encrypt the message. Immediately afterward, if you type in an email address, it will choose the right key from your keychain.

Finally, following the email or Key_ID, you put the name of the file you want to encrypt.

You might get some warnings and confirmation messages, but after that, you should have a new file called “letter.gpg” or whatever filename you chose. The original file still exists (“letter.txt”). You can delete that file with (using Linux or Mac):

rm letter.txt

You can also clear the history of the command prompt with:

history -c

You can then send an email and attach “letter.gpg” and send it to me. When I receive it, I will download it to disk first, then use this command to decrypt the file:

gpg –output decrypted_message.txt –decrypt letter.gpg

This will create a new file “decrypted_message.txt” using the encrypted data from “letter.gpg.” The computer can read which public key encrypted the data (so I don’t need to specify a Key_ID), and it can see it has the private key to that public key in the keyring, so it can use it to decrypt the message.

Conclusion

I’ve shown you the steps to create a private and public key for yourself, encrypt a message with my public key, and send me the message which I will decrypt with my private key.

If you send me your public key, or instructions to get it, I can encrypt a message and send you a message if you like.

Give it a go!

This is a guest post by Arman the Parman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

‘Who Holds All the Bitcoin’ List Debunked — Without Cryptographic Proof No BTC Ownership Claim Holds Water

by

Who Holds All the Bitcoin List Debunked — Without Cryptographic Proof No BTC Ownership List Holds Water

A web portal that displays a list of alleged owners of all the bitcoin in the world has been shared a great deal since China cracked down on crypto trading last week. The web portal claims that the Chinese government owns 194,775 bitcoin that reportedly stem from the Plustoken crypto scam. The problem with the list’s sources is that the ownership verification is highly inconclusive and doesn’t offer much of anything aside from speculation.

Does China or Bulgaria Really Hold Billions in Bitcoin?

Ever since China made a few statements concerning citizens dealing with cryptocurrency via offshore exchanges and explaining that the process is illegal, a web page with a list called “Who Holds All The Bitcoin?” has been shared all over social media and cryptocurrency forums.

The reason people share it is because they speculate that China is banning bitcoin, while at the same time hoarding 194,775 bitcoins from the Plustoken crypto scam. The list of who owns all the bitcoin also provides a link to sources, and the China source stems from an article published by theblockcrypto.com on November 27, 2020.

The source the website uses is an article written by Wolfie Zhao and the editorial is called “Chinese police have seized $4.2 billion cryptos from Plustoken Ponzi crackdown.” The article also contains a court judgment order which explains the case details and lists the conspirators involved.

While the article and the judgment order note that the Chinese government did seize various quantities of bitcoin, ethereum, litecoin, and other tokens, it does not necessarily mean that the Chinese government still holds these crypto assets. There is no hard evidence that the Chinese government holds approximately 194,775 BTC today.

The Chinese government would have to prove ownership, and it won’t, and there’s no way of telling whether or not the nation-state sold the assets. It may be possible for blockchain surveillance trackers (blockchain parsers) to at least get a glimpse at whether or not it is even worth pondering. The Chinese government would have to either make a public display and move the coins so the world can see or prove ownership of the funds by using the private key and signature verification.

If the Chinese government source is considered legitimate, then people could also assume that Bulgaria owns 213,519 bitcoin. There are plenty of articles regarding the mystery behind the Bulgarian government seizing these coins, but to this day, it is still debatable as to whether or not they are still owned by Bulgaria.

Evidence shows it is very likely that Bulgaria auctioned the 200K BTC stash, yet some still believe it is owned by the Bulgarian government. It is also assumed that the government in Ukraine owns 46,351 bitcoin but that figure only comes from public disclosure forms that derive from Ukrainian civil servants.

Cryptographic Verification and Proof of Reserves

There is no way of verifying whether or not the Chinese government or Bulgarian government still owns any of these bitcoins that were seized from criminal actions. Again, China or Bulgaria would have to prove ownership in a public manner or prove they could move these funds. The countries could sign a message tied to a specific address that held the said quantity of bitcoin, but no government would do this.

Some of the sources on the list of who owns all the bitcoin derive from tweets and other articles tied to the likes of Tim Draper and Michael Saylor. Unless these individuals prove ownership by moving the said quantities of bitcoin or they sign a message tied to the crypto asset’s private key, a list of these people with approximate bitcoin holdings is meaningless.

Ownership and proving true proof of reserves is quite easy in the world of bitcoin with a private key and signature. Someday, proof of reserves in bitcoin, by signature, will likely be relied on more heavily as the years transpire, because you can’t take a government’s word for it or some individual on social media saying they own thousands of bitcoin. Bitcoin proponent Nic Carter discusses the importance of proof of reserves in an editorial that highlights:

Proof of Reserves + Proof of Liability = Proof of Solvency

In the introduction to the proof of reserves subject, Carter notes that “if there’s a single thing I could do to better this industry, it would be to convince every custodial service provider in the cryptocurrency space to adopt a routine Proof of Reserve program.” Proof of reserves can be done with bitcoin (and other crypto assets) by pretty much any individual or organization that exists today. Without proof of reserves, everything else is mere speculation, hearsay, and unverified evidence.

This would include every crypto custodian that doesn’t deploy a proof of reserve method or a claimant that simply says they own a quantity of bitcoin. Just as we would not accept an individual that claims to be Satoshi Nakamoto without verified cryptographic proof, the same can be said about these lists of so-called bitcoin owners. Fact is, without cryptographic proof, every ‘who owns bitcoin’ list can be called into question, and dismissed as mere speculation.

What do you think about lists of bitcoin owners claiming to show specific ownership and approximate quantities of bitcoin owned by individuals or organizations? Let us know what you think about this subject in the comments section below.

DIY Bitcoin Private Key Project

by

In this fun tutorial, you will learn how to generate your very own bitcoin private key.

This is a fun project that will help you understand Bitcoin keys better. You’ll need a pencil, paper, something to generate random output in binary (like a coin) and a computer. The purpose here is to get you doing something which will help you learn a lot, instead of just reading about pure theory. And it’ll be easy enough that you can just jump right in and follow along.

Important Preamble

Don’t use this key for your actual bitcoin. Practice with this guide first.

When you make your real key — the one that will hold real bitcoin — you must make it on an air-gapped computer if you use this method. An air-gapped computer must have no capability of connecting to the internet. It’s not enough to just temporarily switch off your wifi connection on a regular computer if you are serious about security; clever hackers exist and can extract your private keys even if you are temporarily disconnected from the internet. At the end I’ll explain what to do next if you want to use this method to make your real keys.

Ok, let’s begin the project…

Step #1 – Make A Big, Random Binary Number

You can flip a coin 256 times, but it’s better and faster to use dice. You can buy casino-grade dice to ensure fair, random rolls. But it’s also okay to just save money and just use any old dice. Even if your dice are not perfect and have some bias, as long as you use several at a time, you will achieve sufficient randomness.

This is the procedure (one of many ways)…

  • Take four or so dice (e.g. from an old board game lying around).
  • Consider the numbers 1, 2 or 3 to be an output of zero while 4, 5 or 6 will be an output of one. This way you’ll get a binary output (only zeros and ones in the final result) with dice (e.g. roll a 3, record a zero; roll a 6, record a one).
  • Roll them and read left to right (consistency, decided beforehand, is important to maintain randomness). If it’s a close call about which is more to the left or right, just roll again.
  • Make 23 lines of 11 digits. The 24th line will only need three digits only. For each line, clump digits into groups of 4-4-3 (see image below) for easy reading and calculating. Keep your vertical columns aligned as much as possible and leave space between each row for manual calculations. This will all make sense later.

Like this example:

There are 256 binary digits here — 23 complete sets of 11 digits with the 24th row only needing three digits.

You’ll see later more clearly but, for now, understand that every 11 digits of binary will be translated to a mnemonic seed word. For the total 256 random binary digits, we can divide by 11 to get the number of words in the seed. But the answer to 256 divided by 11 is not a whole number; it’s 23.27. We can’t have 23.27 words in our seed.

We need eight more bits to have enough to make our 24th word. Once we have 264 bits in total, it all divides nicely into 24 sets of 11, yielding a 24-word mnemonic seed. As you’ll see later, these final eight extra bits will have their own important role to play.

A note on randomness:

You can make these 256 bits of random data any way you want, as long as it’s actually random. If it’s not random, someone might be able to reproduce the data. They would then be able to recreate your private key and could take all of your bitcoin. For example, if you make 256 bits of all zeroes (clearly not random), then someone will be able to guess your private key. Here’s proof: I generated a private key from that terrible all-zeroes randomness and found someone’s existing wallet. If it hadn’t already been emptied, I could have stolen the funds.

They clearly knew what they were doing because it was a small amount and they didn’t leave any coins there for long. It might have been a demonstration, who knows. But other people have made non-random private keys that were guessable and as a result lost their bitcoin. But don’t worry, if you make a truly random private key, someone would have to exactly repeat your binary dice rolls or coin flips and, thanks to exponential math, that’s not going to happen during the life of the universe.

Step 2 – Calculate The Checksum

These final missing eight digits need to be calculated to form what is called the “checksum.”

What is a checksum? A checksum is how computers know that you’ve made a typo when you enter things like your credit card number or bank account number. It’s a useful thing to have the computer warn you that you’ve made a typo in your Bitcoin private key!

To calculate the checksum you’ll need a Linux or Mac computer. If you have Windows 10, you can install the Ubuntu App (a version of Linux) from the Microsoft Store. Just search “Ubuntu” and install it. You’ll use the Ubuntu terminal to run the commands that follow. The app is a temporary session; no files are stored on the Ubuntu app. This means you’ll get a clean session each time you run it.

Windows users need to do this workaround and it’s a nuisance. I tried other workarounds but met with various issues.

Now that you have a terminal on your Mac, Linux orWindows 10 machine, type the command below. Replace my binary digits with your own random binary digits (note that this should all be one very long line, even though the way it’s displayed here may look otherwise)

echo 1010111100111000000011110110001111010111101001010010001011001111011110100011000010100011111100100010100011110001110101000110011111110000101000110001010111010001010011111110101001010011110110110110000001101111010011000001110101101001000010001000010000100111 | shasum -a 256 -0

It can be hard to interpret that if you’re not used to the command line. I’ll spell it out: type “echo” then a space, then your series of zeros and ones without any spaces, then a space, then the “pipe” symbol (usually below the key on most keyboards), then a space, then the “shasum” command, a space, hyphen “a”, a space, “256”, a space, another hyphen and then the zero digit. Then hit .

Explanation of the code: The “echo” command just repeats back whatever you type next. The pipe symbol (“|”) takes that output and passes it to the command to the right of the pipe symbol (it “pipes” the data from left side to the right side!). The recipient of your bit stream is the ”shasum” hashing command. “-a” is an option to specify which algorithm to use. “256” represents SHA-256 — famous in the Bitcoin world — which is our choice for “-a”. Finally, “-0” is an option to say that the input should be interpreted as binary data, not regular text (aka ASCII) data.

When I run this command my resulting hash is displayed under the command. It’s the line that starts with “b184”:

Now we can begin calculating the checksum. We take the first two digits of the hash output, in this case, “b” and “1”. These are hexadecimal numbers. In hexadecimal, instead of displaying digits from 0 to 9, we count up to 15 by using letters of the alphabet to represent numbers greater than nine:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f

Similar to how playing cards count from 1 to 13 using their own substitutions:

Ace, 2, 3, 4, 5, 6, 7, 8, 9, 10, Jack, Queen, King

So in my hash, my first digit, “b”, represents 11. And “1” in hexadecimal is the same as a “1” that we’re used to dealing with.

Now we convert these first two numbers to their four-digit binary representations. You can do this by referring to the chart below:

11 in four-digit binary is 1011. 1 in four-digit binary is 0001. (Instructables circuits)

So we went from b and 1, to 11 and 1, and finally to 1011 and 0001.

These four-digit numbers are the checksum that we’ll add to our bits to complete our 24th word!

Add them to the 24th line to complete the final set of 11 binary digits. You now have 264 digits in total (see how the 24th line is completed in the diagram further down)

Step 3 – Converting Binary To Decimal

Each of the groups of 11 binary digits needs to be converted to a decimal number.

You can enter them into an online binary-to-decimal calculator, but only for this practice wallet. For your real wallet, I’ll show you how to do it manually.

A bit about binary. In a binary number system, there is only 0 and 1. The other digits you know (2,3,4,5,6,7,8,9) don’t exist. So counting upwards we start with 0, then 1, but the next number is unusual. There is no “2” available. So the next biggest number after 1 is “10”. Don’t read it as “ten,” read it as “one, zero.” In binary, “10” represents the “2” you are used to. The next number up after 10 (binary) is “11” (“one, one,” not “eleven”!). That’s equal to “3” in decimal. For the next number “12” is not possible because there is no “2” digit in binary; the next biggest number we can represent with just zeros and ones is “100” (“one, zero, zero”). That’s actually “4” in decimal. Then 101=5, 110=6, 111=7, 1000=8, 1001=9 and so on.

With eleven binary digits, the smallest possible number is zero (00000000000), and the largest is 2047 (11111111111).

We take each of these eleven binary digits on our page (each line) and convert them to decimal. You can do it manually or convert them from the command line in Linux, Mac, or the Ubuntu App.

For the number 10101111001, you’d type:

echo “$((2#10101111001))”

You’ll get an output of “1401”. Just change the 10101010101 to match each group of eleven digits and calculate its equivalent decimal number.

Doing this conversion solely by hand is harder, but possible.

On the top of the page, write this exact sequence of numbers from right to left, vertically in line with the binary digits below:“1024” above the first column of binary digits. Then “512” over the next column. Then “256”. And on and on, halving the number each time until you end up with “1” above the last (eleventh) column of your binary digits.

Now look at the your first row of binary digits. Wherever there is a “1”, you add the decimal number that’s directly above it and record it below the binary digit. Where there is a “0” you ignore the number above. Like this:

In this example, there’s a “1” under the 1024 column, the 256 column, the 64, the 32, the 16, the 8 and the 1.

Add the decimal numbers to get the total:

Now repeat this process for all 24 rows:

You now will have 24 decimal numbers that range between 0 and 2047.

Step 3 – Look Up The BIP 39 Words

The BIP 39 protocol (Bitcoin Improvement Proposal number 39) specifies 2048 different words, listed in alphabetical order. When this list is read in by code, each word can be identified by its ordered position in the list. The numbers you just calculated are used to look up their corresponding word. For example, the first row resulted in the number 1401 which equals the word “quality” in the ordered BIP 39 wordlist.

Zero is the smallest possible value you could calculate for a row (from binary 00000000000). In that case you would select “abandon,” the first word on the list.

The largest possible number is 2047 (from 11111111111). The correct word for that would be “zoo,” the last word on the list. This is word number 2047.

There’s one confusing wrinkle to be aware of: computers count items starting at 0. So the fifth item in a list is the computer’s number 4.

This extra confusion is unfortunate. The official specification of the BIP 39 words is on GitHub but the word list is displayed with line numbers that start with one instead of zero. So while “abstract” is the eighth word and is listed on line number 8, its actual BIP 39 numeric equivalent is 7.

My first line of 11 binary digits adds up to 1401 in decimal. So on the list in Github, I have to find the word on line 1402 (1401 + 1). That word is “quality”. Proceed to look up each decimal — taking care to add an extra 1 to your calculated result to match Github’s line numbering — and find the word for each of the 24 lines.

Well done if you’ve made it this far! You now have a valid 24-word Bitcoin mnemonic seed. You should now throw it away — unless you used the fully manual approach, you can’t use these for your bitcoin as they were not created in a safe environment!

Actually, before you do toss them, you could enter the words into a hardware wallet or software wallet and see if they are rejected. If it is rejected, you’ve made an error somewhere, which is very easy to do with this manual approach. If there’s any error anywhere, the checksum will not match and all wallets will signal an error immediately.

For Your Real Keys

You really need to do key generation on an air-gapped computer.

You can learn to build a cheap $10 Raspberry Pi Zero air-gapped computer here, buy one ready-made or if you have extra money you can build a custom desktop computer without any wifi or Bluetooth components. The Raspberry Pi option is very cheap but the computer is very slow, so be warned. It is excellent if you want to have many distributed keys in a multisignature setup.

Heard some FUD about air-gapped computers? See some anti-FUD here in Q&A number 23.

In addition to the safe generation of keys, you have to consider storage and duplication or distribution.

To drastically reduce your risk of attack or loss, the next level up is learning about multisignature wallets — something I teach in my mentorship program.

If you are in the single-signature key phase of storage (most people are), then you really should keep your seed in a hardware device. Most people let the hardware wallet (HWW)make their key and never verify that key on an air-gapped computer. That’s fine for most people. But if you are paranoid, you should verify that the key produces the public key and addresses you expect.

And now that you know how to securely make your own key (the totally manual, offline approach described above), you don’t have to trust the HWW to generate a good key. You first make a new key yourself and then instead of creating a new wallet on the hardware device, you “restore” a wallet instead and enter your newly calculated words into the device. The words are then “locked” in the HWW and protected by your PIN.

The hardware device is thus a digital safe for your private key.

You should never have just one copy of your private key. If you lose it, you will lose any bitcoin stored by the key in there. Technically there are no bitcoin in the device; they are on the blockchain. The hardware wallet, as I said, is a digital safe for your private key which is represented by the words you just made. To understand this a little better, see this article.

The code within the HWW uses mathematical functions to calculate your extended public key from the private key and then many individual public keys are mathematically derived from the extended public key. And then each of those can be used to calculate a collection of seemingly infinite addresses. Everything is downstream from the private key. You can enter your private key in a different device and reliably (mathematically) produce exactly the same collection of public keys and addresses. More details on this here.

The point of saying this is for you to appreciate that it’s as if the bitcoin are stored on the 24 words you created — not the hardware wallet. And you should very, very carefully back up those words and keep them safe from thieves and natural disasters. If you make copies and store them in different locations, then a fire in one location won’t cause you to lose all of your bitcoin because you’ll have a copy somewhere else.

Inheritance

Once you have your keys that you generated on an air-gapped computer and you’ve backed them up very securely, it’s time to think about how to pass them on to your heirs.

There are trusted third parties that can hold your keys or you can develop a plan in a trustless way — my preferred option. I am happy to assist people that need this.

Happy Bitcoining.

This is a guest post by Arman the Parman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.