Public and Private Keys - How to generate all Steem user's keys from master password, without a Steemit website, being OFFLINE

in #security7 years ago (edited)

I had a break in writing technical articles, because I need some time to organize two Steem Meetups (in Wrocław and in Warsaw), and to give a talk about Steem in Łódź.

But finally I am back on track regarding my Steem Security series, so today I am able to publish 3rd articles from this series. If you didn't read my earlier articles about different aspects of security of your steem account, you can find list of those articles on the bottom of this article.

part3.jpg

Real password and keys: demo

So, last time we learnt about why private keys are needed. This time we will learn how they are generated.

You already have seen in my 1st post in a series a demo gif/video, where I showed how to login to an account with a private key instead of a password. During this demo I also showed, that at the time of recording I used password P5KB2ir4BaDTeeBe5SUW16F6NYGeYSVaUBn261kDPLGGCSiNahtm to log in on my noisy3demo account.

Now I want to show you, that you actually don't have to type your master password on Steemit website, to generate all your keys. You can generate them being totally offline!

How to locally generate all Steem users keys from master password

With some help of python code and steem library, we can write something like this:

from steembase.account import PasswordKey

account = 'noisy3'
password = 'P5KB2ir4BaDTeeBe5SUW16F6NYGeYSVaUBn261kDPLGGCSiNahtm'
key_types = [
    'posting',
    'active',
    'owner',
    'memo',
    'foo_bar'
]

for key_type in key_types:
    private_key = PasswordKey(account, password, key_type).get_private_key()
    public_key = private_key.pubkey

    print('Private ' + key_type + ' key: ' + str(private_key))
    print('Public ' + key_type + ' key: ' + str(public_key) + '\n')



This gives us:

Private posting key: 5JLMze1sUVPhUBwTVjZyQhFMGfbN5KB7nqHfKjXuN5GUTYTbYFy
Public posting key: STM6GkXgEKTYc7gNv1GWJ5ZseyESHQnN7nr3rxdo5sBjzWQcdMyKy

Private active key: 5JFfMWjWMjnhu6vJKB2uUwUaLCws9JotHzLB8wkVEZjsZnSzDTv
Public active key: STM5uLTFYpPK4XVLMe16uuQFdW1Vo2MzN9UPqHQKjePwB76NnS9qk

Private owner key: 5JKjBjfRVZaf8H5w8XgiB6HfEH2SFJXUJL3QA6mteg5uQ3qRW9M
Public owner key: STM7iZnny8bvNRd6v6nx25XG6ijAKZs1ANvtuqTN2gjSYWXHC8Jgy

Private memo key: 5JvpThC3DwjHkupj6jnT5pnFW21Bsj3g4GhxhLLtM2WNsV2ynPw
Public memo key: STM5uEy2yYnoqVY9ksfkMbbY3UH4qFygARn2SW7PFJ4cRErHbH7Vh

Private foo_bar key: 5KJQP53B4MPHCWBQ8Xm9ydhKmjqrouRuf8UWWEZjHtkgmrtNCc5
Public foo_bar key: STM7hNqe6DJmXsqaDG8poaDVAvQx59EgWWQUbVLRUfi2Ab7mCvsnJ

So as you can see, private posting key is exactly the same like in my demo gif/video above:

Selection_999(271).png

From technical point of view, from your password can be generated even new type of keys, like Private foo_bar key and Public foo_bar key :)


This article belongs to series of articles which describes security on Steemit:

  1. What is the difference between a password and a private key(s) on Steemit? How to make your account more secure, by using them correctly.
  2. Public and Private Keys - how they are used by Steem, making all of these possible?
  3. How to generate all Steem user's keys from master password, without a Steemit website, being OFFLINE (this article)
  4. How to set own password, which is not generated by Steemit
  5. How passwords are stored by Steemit in your browser, and why it is secure.
  6. How to setup multisig/multiple authorities for your account
  7. ...

Make sure to follow my account, if you don't want to miss any of these :)

PS. This article was live-st(r)eemed.

Sort:  

This is great - resteeming cause many keep asking about it!

Like I tell most users, keep your private key offline and stored safely, you'll only need your posting and active key when using Steemit generally.

Thank you for reSteeming @acidyo.....otherwise it would have been missed. Cheers.

next article will be probably about: how to set own password (any length), without a Steemit website :)

Nice! Now I can finally change my password to hunter2 !

Reference

I am changing all my passwords to "incorrect", guess why

So the error message reminds you what it is :p

We have a winner! You just won 0.00000000001 SBD!!!

Niiice! You sent me 9x more SBD than I actually won, lol! I'm gonna buy an island now

that would be so great

Thanks for resteeming this! I otherwise would not have seen this useful post!!

You're right about keeping the private key offline and stored safely!

Hi @acidyo! You have just received a 0.1 SBD tip from @sneakgeekz!

From @sneakgeekz: Check out my blog!

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

Two months ago I scoured steemit for an answer to this exact question and it did not exist. Thank you for you for this. It is currently the first and only post I have bookmarked :)

It EXISTED. its just that Steem has terrible search engine. Steemwiki has all the answers now.

Thank you for posting @noisy.

This is the kind of information Steemians can use. Cheers.

@noisy you deserve a tip! 0.3 link

Hi @noisy! You have just received a 0.3 SBD tip from @imperfect-one!

From @imperfect-one: Check out my blog :)

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

This is very helpful, thanks. I just started experimenting with the python Steem library for some ideas of my own.

This comment has received a 6.45 % upvote from @buildawhale thanks to: @buildawhale.

This is some interesting stuff you show us in this post thank you. Good to know that I don't need my master password but only the active and posting key.

I see Ubuntu <3

This great news. That means in case the steemit website suffers a ddos which is isn't very likely, you still get access to the blockhain with your private keys. Thanks for sharing this great information. We need this type of education for the community.

Hi @noisy! You have just received a 0.3 SBD tip from @cardboard!

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!