Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is there a way to verify incorrect Encrypted key/passphrase pair?

See original GitHub issue

Im using 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX from https://en.bitcoin.it/wiki/BIP_0038

minimal example with incorrect password aaa

var bip38 = require('bip38')
var wif = require('wif')

var encryptedKey = '6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX'
var decryptedKey = bip38.decrypt(encryptedKey, 'aaa', function (status) {
//        console.log(status.percent) // will print the percent every time current increases by 1000
})

console.log(wif.encode(0x80, decryptedKey.privateKey, decryptedKey.compressed))

produces 5JdGEnZHRWpGRijtAeZ1pUcgKQhn7bSQcBqjcMZUN3pxKjHPYR6 without throwing exception or returning false or anything.

correct password TestingOneTwoThree produces correct output

This might be EC multiply, no compression, no lot/sequence numbers specific, as on other examples lib does throws an exception.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
junderwcommented, Apr 8, 2020

ahhh, sorry I forgot about the salt.

In BIP38 the 4 byte salt (which you can get by doing the following)

const salt = bs58check.decode('6PfQu....').slice(3, 7);

Is the result of hash256(address).slice(0, 4) so you should generate the address from your result wif and hash to see if the salt matches.

hmm, it looks like we do it for non-EC but we don’t do it for EC…:

  // verify salt matches address
  var d = BigInteger.fromBuffer(privateKey)
  var address = getAddress(d, compressed)
  var checksum = hash256(address).slice(0, 4)
  assert.deepStrictEqual(salt, checksum)
0reactions
junderwcommented, Apr 8, 2020

I’m not super versed in this… maybe there’s a good reason we don’t do this…

So for now at least you know how you can check.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How do I verify/check/test/validate my SSH passphrase?
Attempt to access the key pair by inputting an incorrect passphrase. ... You can verify your SSH key passphrase by attempting to load...
Read more >
How to check if an SSH private key has passphrase or not?
This answer is not correct (anymore). A priv key not showing the proc-type and DEK headers can very well be encrypted. – GerardJP....
Read more >
How to Verify Password for an Encrypted SSL Certificate Key ...
Complete the following procedure to verify the keyfile encryption password: If you do not know the name of the keyfile, then navigate to...
Read more >
Recovering your SSH key passphrase - GitHub Docs
Double click on the entry for your SSH key to open a new dialog box. In the lower-left corner, select Show password. ......
Read more >
SSH key asking me for a passphrase? - Super User
First off it's the private key that will have the pass-phrase. This validates against the public key stored on the remote server. Best...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

(not an issue) Electrum seed format example

Next page

Scryptsy library complications