Social Icons

Showing posts with label public keys. Show all posts
Showing posts with label public keys. Show all posts

Monday, April 02, 2018

Bitcoin Address Generation : The Internals Behind

ECDSA stands for Elliptic Curve Digital Signature Algorithm and uses an elliptic curve and a finite field to "sign" data in such a way that third parties can verify the authenticity of the signature while the signer retains the exclusive ability to create the signature. The Bitcoin addressing system is not a simple deal.In order to maintain that a public key cannot be deciphered easily to any identity and in future if ECDSA is compromised at all, still,the anonymity remains.So suppose you have a ECDSA based private key,the following post content will give a step by step sequence of how the final bitcoin address is derived :
Sequence flow chart is shown below :

Image courtesy : https://www.safaribooksonline.com/library/view/mastering-bitcoin-2nd/9781491954379/assets/mbc2_0405.png

Your sample private key :

18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725

Public key derived is 

0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B2
3522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582
BA6

Site reference : https://www.bitaddress.org

Screen shot below : 

 Now perform SHA-256 hashing on the hex of the public key as shown below in the screenshot :

The SHA-256 output received is 

600ffe422b4e00731a59557a5cca46cc183944191006324a447bdb2d98d4b408

Now we take RIPEMD-160 Hash of the above output and get this as follows as seen vide the screenshot :

010966776006953d5567439e5e39f86a0d273bee

Now add Add version byte in front of RIPEMD-160 hash (0x00 for Main Network).so that the above output becomes :


00010966776006953D5567439E5E39F86A0D273BEE

Further to above,Perform SHA-256 hash on the extended RIPEMD-160 result ie

 
 so we get
445c7a8007a93d8733188288bb320a8fe2debd2ae1b47f0f50bc10bae845c094

and now we perform SHA-256 hash on the result of the this recent SHA-256 hash as seen below in the screenshot...and we get this as 

d61967f63c7dd183914a4ae452c9f6ad5d462ce3d277798075b107615c1a8a30


Now take the first 4 bytes of the second SHA-256 hash and this is the address checksum ie D61967F6

and then add the 4 checksum bytes at the end of extended RIPEMD-160 hash as hashed above and we get the 25-byte binary Bitcoin Address.

00010966776006953D5567439E5E39F86A0D273BEED61967F6

Now the last step...we  Convert the result from a byte string into a base58 string using Base58Check encoding at https://incoherency.co.uk/base58/

 Bitcoin Address : 
16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM

Useful links : 

Sunday, July 23, 2017

Generate Public Key- Private Key Pair and Test them

The Public and Private key pair comprises of two uniquely related cryptographic keys.The Public Key is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.In this post we will see how to generate a set of private and public keys and then test to encrypt with public and decrypt with private key.I have a Ubuntu system...and I attempt all here on the terminal.The following commands will be used as we work with RSA keys:

openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).

Firstly to generate the key,the terminal command will be as follows and shown in the screenshot :

 :~ openssl genrsa -des3 -out private.pem 2048

 The following command will generate a public key from the private key generated above
: ~ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
 So now we have generated a set of private key and public key with the extension .pem
 To just verify the generation,chk the contents inside as seen below :

:~ more public.pem
 :~ more private.pem
 Use the following command to generate the random key:
 :~ openssl rand -base64 128 -out key.bin
 Encrypt the sample pdf or any other file you want to encrypt with this key vide the following command :

:~ openssl enc -aes-256-cbc -salt -in anupam.pdf -out anupam.pdf.enc -pass file:./key.bin
 So now you have the original file here anupam.pdf and the encrypted file as anupam.pdf.enc
 We see that the files do not have much of a size difference but the file is encrypted.
Now use the following command to encrypt the random keyfile with the other persons public key:

:~ openssl rsautl -encrypt -inkey public.pem -pubin -in key.bin -out key.bin.enc
 The key.bin is encrypted now.
: ~ openssl rsautl -decrypt -inkey private.pem -in key.bin.enc -out key.bin1
 and finally we decrypt the pdf.enc file to original .pdf extension

:~ openssl enc -d -aes-256-cbc -in anupam.pdf.enc -out anupam1.pdf -pass file:./key.bin

Sunday, June 08, 2014

Encrypted Mail without being Technical : PROTONMAIL for You

1.    Often when we discuss about encrypting messages in emails we see it is generally confined to PGP extensions using Thunderbird, exchanging public keys and generating private keys and other encryption techniques incl Enigmail or installing GPG etc...but even after doing all this the whole thing is a bit complicated ....and no one likes complications....so when techies get complicated...it actually becomes kind of out of bounds for the common user anyway to use encryption in routine mails with each other.But with increasing rise in concern over security and privacy matters by the common user specially after Snowden revelations,the need has given us PROTONMAIL.

2. PROTONMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.It offers a user-friendly experience with full “end-to-end” encryption and encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers. So, even if someone gains complete access to the server, it will find only the encrypted data. Moreover, there is even a “self-destruct” feature in the email service which ensures your emails are only available for a limited period of time.Isn't it interesting?....

3.  At Protonmail,the decryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.So we have two cases wherein the user sends a mail from a Protonmail account to another user with Protonmail account and the other in which he sends a mail message to a non Protonmail user....

- For Protonmail to Protonmail emails, implementation of PGP is used where  key exchange is handled. So we have all the public keys. As for the private keys, when an account is created, it is generated on the browser, then encrypted with your mailbox password (which we do not have access to). Then the encrypted private key is pushed to the server so it can push it back to user whenever he/she logins.

- For PM to Outside emails, encryption is optional. If one selects to encrypt,  it uses symmetric encryption with a password that one can set for that message. This password can be ANYTHING. It should NOT be the Mailbox password. It needs to be somehow communicates to the recipient....few useful screenshots seen below :

 This is the screen at LOGIN
 Here you LOGIN
 Here is the second password before you finally LOGIN to the user interface
 Here is as you LOGIN
 This is the screen as you compose a mail.The point to be seen is the feature for choosing to encrypt your message and the expiration time.
 This is the mail received to a non PROTONMAIL user and we see there is a mail link it refers to!!!
 Once you click that link..you get a pop up for a password
 You enter the password and you will be able to decipher the password.


Powered By Blogger