如何根据助记词验证 bitcoinlib 创建的钱包?
How do I authenticate a bitcoinlib created wallet against a mnemonic phrase?
我已经使用 bitcoinlib 创建了一个钱包。钱包名为 'my-awesome-wallet55.' 当我尝试用新生成的助记词打开我现有的钱包时,我预期的行为是异常或安全错误,但无论如何都会打开钱包。我可以手动检查私钥来创建我自己的安全检查,但是用错误的密钥尝试打开现有钱包不应该失败吗?否则似乎是一个相当大的安全问题。
from bitcoinlib.wallets import Wallet, wallet_create_or_open
from bitcoinlib.keys import HDKey
from bitcoinlib.mnemonic import Mnemonic
# Creating a new Mnemonic phrase to try and open an existing wallet with
passphrase=Mnemonic().generate(strength=256, add_checksum=True)
# Use new phrase to create key
key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')
# In my opinion this should fail because I provided the wrong key, but it returns the wallet
w = Wallet('my-awesome-wallet55', main_key_object=key)
# Statement showing that our private keys are different
print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " +
w.main_key.key_private.hex())
if key.private_hex == w.main_key.key_private.hex():
# We don't make it here because our private keys don't match
print("Wallet 'my-awesome-wallet55' authenticated")
w.utxos_update()
print("Balance: " + str(w.balance()))
print("Wallet address: " + w.get_key().address)
w.info()
else:
# Instead we make it here and still have access to the wallet
print("Wallet Authentication failed")
w.utxos_update()
print("Balance: " + str(w.balance()))
print("Wallet address: " + w.get_key().address)
w.info()
是否有使用 bitcoinlib 验证钱包的标准方法?根据我这里的情况,似乎有人只需要知道钱包的名称就可以完全访问它。
更新:
收到 Frank 的问题后,我更新了代码以尝试发送交易:
from bitcoinlib.wallets import Wallet, wallet_create_or_open
from bitcoinlib.keys import HDKey
from bitcoinlib.mnemonic import Mnemonic
passphrase=Mnemonic().generate(strength=256, add_checksum=True)
#passphrase='lumber romance negative child immense grab icon wasp silver essay enjoy jewel mom demise fit moral device hand capable toilet spirit age enforce deny'
print(passphrase)
key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')
#wallet_create_or_open('my-awesome-wallet55', keys=passphrase, witness_type='segwit', network='testnet')
w = Wallet('my-awesome-wallet55', main_key_object=key)
print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " + w.main_key.key_private.hex())
if key.private_hex == w.main_key.key_private.hex():
print("Wallet 'my-awesome-wallet55' authenticated")
w.utxos_update()
print("Balance: " + str(w.balance()))
t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
t.info()
else:
print("Wallet Authentication failed")
w.utxos_update()
print("Balance: " + str(w.balance()))
t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
t.info()
结果如下:
Sonnys-MBP:TelegramBTCWallet sonnyparlin $ python test.py
unfold royal atom rule electric ice quote spin fiber quality lady just garment nature secret six garden comic carpet mom endless lamp family arctic
key.private_hex: 23ac38dc5293ee53918c8dfe18abc28975c8fa6963c876302aa4473ddca2f14a
w.main_key.key_private.hex(): 8c11283bf21e9344930ab9519742d6f59cd220528e0be17886d27a21c9c127c7
Wallet Authentication failed
Balance: 95000.0
Transaction 5e729021da81a5e6fc3b3d88b5bf136d09c78b0ac9a08be2cf1c90107e7ae27c
Date: None
Network: testnet
Version: 1
Witness type: segwit
Status: unconfirmed
Verified: True
Inputs
- tb1q7dx79l3maq2cqynpjzxqxsk3v6jhhaggzl07c3 0.00095000 tBTC badb9dbe2b4741310137de774e058aaf6cbba28e2f36c11640b241284f780f86 1
segwit sig_pubkey; sigs: 1 (1-of-1) valid
Outputs
- tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec 0.00004000 tBTC p2wpkh U
- tb1q9wg0vnqx63ng39s80gwqqffe2z7c5vvh0f4h3g 0.00090000 tBTC p2wpkh U
Size: 139
Vsize: 139
Fee: 1000
Confirmations: 0
Block: None
Pushed to network: True
Wallet: my-awesome-wallet55
我将此作为错误发布给了 bitcoinlib 开发人员,他们确认了这一点,您可以在此处关注:
https://github.com/1200wd/bitcoinlib/issues/206#issuecomment-991265402
我已经使用 bitcoinlib 创建了一个钱包。钱包名为 'my-awesome-wallet55.' 当我尝试用新生成的助记词打开我现有的钱包时,我预期的行为是异常或安全错误,但无论如何都会打开钱包。我可以手动检查私钥来创建我自己的安全检查,但是用错误的密钥尝试打开现有钱包不应该失败吗?否则似乎是一个相当大的安全问题。
from bitcoinlib.wallets import Wallet, wallet_create_or_open
from bitcoinlib.keys import HDKey
from bitcoinlib.mnemonic import Mnemonic
# Creating a new Mnemonic phrase to try and open an existing wallet with
passphrase=Mnemonic().generate(strength=256, add_checksum=True)
# Use new phrase to create key
key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')
# In my opinion this should fail because I provided the wrong key, but it returns the wallet
w = Wallet('my-awesome-wallet55', main_key_object=key)
# Statement showing that our private keys are different
print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " +
w.main_key.key_private.hex())
if key.private_hex == w.main_key.key_private.hex():
# We don't make it here because our private keys don't match
print("Wallet 'my-awesome-wallet55' authenticated")
w.utxos_update()
print("Balance: " + str(w.balance()))
print("Wallet address: " + w.get_key().address)
w.info()
else:
# Instead we make it here and still have access to the wallet
print("Wallet Authentication failed")
w.utxos_update()
print("Balance: " + str(w.balance()))
print("Wallet address: " + w.get_key().address)
w.info()
是否有使用 bitcoinlib 验证钱包的标准方法?根据我这里的情况,似乎有人只需要知道钱包的名称就可以完全访问它。
更新:
收到 Frank 的问题后,我更新了代码以尝试发送交易:
from bitcoinlib.wallets import Wallet, wallet_create_or_open
from bitcoinlib.keys import HDKey
from bitcoinlib.mnemonic import Mnemonic
passphrase=Mnemonic().generate(strength=256, add_checksum=True)
#passphrase='lumber romance negative child immense grab icon wasp silver essay enjoy jewel mom demise fit moral device hand capable toilet spirit age enforce deny'
print(passphrase)
key = HDKey.from_passphrase(passphrase, witness_type='segwit', network='testnet')
#wallet_create_or_open('my-awesome-wallet55', keys=passphrase, witness_type='segwit', network='testnet')
w = Wallet('my-awesome-wallet55', main_key_object=key)
print("key.private_hex: " + key.private_hex + "\nw.main_key.key_private.hex(): " + w.main_key.key_private.hex())
if key.private_hex == w.main_key.key_private.hex():
print("Wallet 'my-awesome-wallet55' authenticated")
w.utxos_update()
print("Balance: " + str(w.balance()))
t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
t.info()
else:
print("Wallet Authentication failed")
w.utxos_update()
print("Balance: " + str(w.balance()))
t = w.send_to('tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec', 4000, fee=1000)
t.info()
结果如下:
Sonnys-MBP:TelegramBTCWallet sonnyparlin $ python test.py
unfold royal atom rule electric ice quote spin fiber quality lady just garment nature secret six garden comic carpet mom endless lamp family arctic
key.private_hex: 23ac38dc5293ee53918c8dfe18abc28975c8fa6963c876302aa4473ddca2f14a
w.main_key.key_private.hex(): 8c11283bf21e9344930ab9519742d6f59cd220528e0be17886d27a21c9c127c7
Wallet Authentication failed
Balance: 95000.0
Transaction 5e729021da81a5e6fc3b3d88b5bf136d09c78b0ac9a08be2cf1c90107e7ae27c
Date: None
Network: testnet
Version: 1
Witness type: segwit
Status: unconfirmed
Verified: True
Inputs
- tb1q7dx79l3maq2cqynpjzxqxsk3v6jhhaggzl07c3 0.00095000 tBTC badb9dbe2b4741310137de774e058aaf6cbba28e2f36c11640b241284f780f86 1
segwit sig_pubkey; sigs: 1 (1-of-1) valid
Outputs
- tb1qprqnf4dqwuphxs9xqpzkjdgled6eeptn389nec 0.00004000 tBTC p2wpkh U
- tb1q9wg0vnqx63ng39s80gwqqffe2z7c5vvh0f4h3g 0.00090000 tBTC p2wpkh U
Size: 139
Vsize: 139
Fee: 1000
Confirmations: 0
Block: None
Pushed to network: True
Wallet: my-awesome-wallet55
我将此作为错误发布给了 bitcoinlib 开发人员,他们确认了这一点,您可以在此处关注:
https://github.com/1200wd/bitcoinlib/issues/206#issuecomment-991265402