Skip to content

Export and limited import of private keys

gary-rowe edited this page Sep 4, 2014 · 1 revision

MultiBit private key file format

This is the format of the MultiBit private key file formulated after discussion with Andreas Schildbach on the bitcoinj mailing list.

  1. Keys are saved in an ASCII encoded text file.

  2. There is one key per line (empty lines and lines starting with '#' are ignored).

  3. Format of keys:

\<Base58 encoded private key\>[\<any number of whitespace characters\>[\<key createdAt in UTC format\>]] 
  1. The Base58 encoded private keys are the same format as produced by the Satoshi client/ sipa dumpprivkey utility. The bitcoinj class [DumpedPrivateKey](https://github.com/bitcoinj/bitcoinj/blob/master/core/src/main/java/com/google/bitcoin/core/DumpedPrivateKey.java) can be used to produce and parse these.

  2. Any number of keys may be included in the key file, one per line.

  3. If createdAt is missing this means the date of key creation is unknown or the Bitcoin address corresponding to the private key has never appeared on the block chain. In this case the block chain has to most likely to be rewound back to the genesis block or a site like blockexplorer.com is queried to determine the date of the earliest transaction for the imported key and that date is used.

  4. UTC format is specified by RFC 3339/ISO 8601 e.g: 2011-12-31T16:42:00Z. (See http://www.w3.org/TR/NOTE-datetime). Note that the timezone of "Z" to indicate UTC is required. If this is not present according to ISO 8601 then the date will be interpreted using the local time of the computer. This is a bad idea for a data exchange format.

Development Notes

  1. We currently need a createdAt / first transaction date so that we can replay the blocks in a similar manner to "reset blockchain and transactions" to resurrect a wallet. (See: https://github.com/jim618/multibit/blob/master/src/main/java/org/multibit/action/ResetTransactionsSubmitAction.java ). This is in a human readable form to enable people to hand craft these files if they want to import their own private keys.

  2. When saving the private key file the default file name suggested to the user of "name of wallet file"."key" . E.g. if the wallet is called multibit.wallet suggest a key file name of multibit.key.

  3. The whole private key file is encrypted. This uses AES256 with a common standardized Password-Based Key Derivation Function. For maximum compatibility I have used the same encryption methodology as in OpenSSL so you can also encrypt and decrypt the files using the command line utility 'openssl'.

To decrypt a MultiBit private key export file use:

openssl enc -d -p -aes-256-cbc -a -in \<ciphertext file\> -out \<plaintext file\> -pass pass:\<password\>

To encrypt a plaintext MultiBit private key export file use:

openssl enc -p -aes-256-cbc -a -in \<plaintext file\> -out \<ciphertext file\> -pass pass:\<password\>
  1. It would be a good option to be able to print out QR codes of the keys similar to bitaddress.org for wallets with small numbers of keys. Freemoney suggested adding the createdAt to the QR code to enable automatic update of a MultiBit wallet.