Bitcoin private key from GnuPG secp256k1 secret key?

Stefan Claas stefan.claas at posteo.de
Sat Aug 26 07:39:10 CEST 2017


On Thu, 03 Aug 2017 16:24:05 +0900, NIIBE Yutaka wrote:
> Stefan Claas <stefan.claas at posteo.de> wrote:
> > I could imagine that no one will do this, because if you have no
> > private key for "your" public address (according to your reply),
> > you have no control of that address, like spending/ sending
> > BTC from this address.  
> 
> Sorry about my vague description.
> 
> As a subkey of 0x00B45EBD4CA7BABE, I have a key of secp256k1.  And the
> private key is controlled by me, on a Gnuk Token.  But I have no
> "wallet", yet.  This is the situation.
> 
> My idea was that we can use WoT of OpenPGP to check Bitcoin address.
> It seems that people don't buy this idea.

Hi NIIBE-san,

while reading a bit more on the Bitcoin Wiki and reading about
Bitmessage papers etc. I would like to know from you and all
other experts here on the list about some thoughts i have and
what you think about this.

First of all, inspired by your script i looked for an easy way to
extract the secret key material of a GnuPG secp256k1 sub key,
which works nicely with GnuPG, without the usage of a script
or programming knowledge etc.

With this secret key material everybody could create a valid Bitcoin
address and when using two sub keys (like a signing and a encryption
key one can also generate a Bitmessage key pair with the proper
Bitmessage address.

Usually pub keys with Bitcoin or Bitmessage are not seen by the
user, afaik. Except a Bitcoin user would sign a message with
it's secret Bitcoin key and the pub key would be derived from
the address and the signature data.

i tried also out educational open source software for Bitcoin signing
and encryption and the interesting thing was that when a user
likes to encrypt a message to another user the software looks up
the blockchain and checks if there was a valid transaction done.
If not the encryption fails.

I tried also another .html based software for Bitcoin signing out and
what i liked very much about this is that users can verify a signed
Bitcoin message, without needing a public key from the communication
partner in advance, nor does the software collects public keys,
because it's not needed.

Now my thoughts about this subject.

Let's say i create a valid Bitcoin address from a secret GnuPG secp256k1
sub key and import the secret key material, which i have converted to
a valid WIF secret key, into my Bitcoin wallet. Now if i buy officially
some Satoshi from well known traders and transfer, as a registered user,
from this account the Satoshi to my newly created GnuPG Bitcoin Address
the transaction is in the blockchain. If then i would send from my valid
GnuPG Bitcoin address some Satoshi to a valid gnupg.org Bitcoin address
i would have donated (the modern way :-)) a bit to the GnuPG Foundation
and it would appear also in the block chain and i think this could be
then also a sign of proof that i'm the owner of a public key, without
being in the Web of Trust. keybase.io users for example have the
option to publish their Bitcoin address on their page as well.

The second thought. I already have lot's of GnuPG public keys collected
due to reading the mailing list or signed Usenet posts. Thanks
to auto-key-retrieve on.

If GnuPG would allow a user in the future to use an additional flag,
when signing with a secp256k1 sub key, which would produce
signatures that would work like Bitcoin key signatures, users would not
need to collect a ton of public keys and the signature would verify.

Well, i hope that my thoughts are not to crazy, but i really would like
to hear the opinion from other members here.

Best regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 506 bytes
Desc: Digitale Signatur von OpenPGP
URL: </pipermail/attachments/20170826/da4108a0/attachment-0001.sig>


More information about the Gnupg-users mailing list