evening I finally had enough of trying to decode the cryptic documentation for steemd, and piston, regarding the algorithm for generating role keys out of the master key for Steem, and just started at writing the script using a copy of the 'minified' javascript for steemjs, found at @fabien's (@xeroc) github.

I have more or less now got a simple HTML page that takes a username, master key, and gives you the public role keys (posting, active, owner, memo):

http://projectinception.lt/static/keygen.html

I know it works because when I feed it the master key for my account, and my account name, out pops the correct public keys (STMblaoeublaoeu).

I now have two further things to work on. One, I want it to give me the private keys for each role, and Two, I need to find out how to construct these 'WIF' keys. I just remembered, as I wrote this, that these keys are a standart used for bitcoin and very commonly used all over cryptoland.

Currently the 'generate new password' button on this script just uses a handy little random generator function I found, and I configured it to use only alphabet and numbers. In fact, the generator function doesn't care about whether humans can read the key at all (it could be any random string of 12 or more bytes not just ascii letters and numbers and characters).

But I think it should be generating a random string and then processing it into a WIF format, which I think for one thing always starts with a 5, and is followed by an uppercase letter (several rounds of suggest_brain_key gave me H, J, and K in the second position), and then the rest is a-zA-Z0-9.

The mysterious P prefix in Steemit Master Passwords

Something else that is still a mystery to me is why when the steemit.com password change page always puts a P in front, yet when you enter it to log in, that P needs to not be there. The script on this key generator page does not produce the correct public keys unless you put the P at the front, but steemit.com says password incorrect if you put it at the front.

I am just writing this to update my progress, and for those who are interested, you can verify this generates correct role keys by putting in your username and password. Of course, I trust the script (the steemjs library) less than you probably do, but if you read the source you can see I only make calls to code that does not dial out or access local files in any way.

You can always try it with your network disconnected, from saving that page to your computer and opening it, to be sure it doesn't send something out.

Update

I just found this, and it's kinda funny because I didn't think to actually learn what WIF meant. Well, this page explains the procedure for generating private and public keys and all the other jazz. So after reading the generation procedure I am pleased to see I figured it out well enough, 0x80 byte in front, hex form of the secret, 4 bytes of the hash of the hash of the secret, only it says if it is a compressed key you also add a 0x01 at the front.

I need to find the function for base58 encoding, I suppose it's probably available in steemjs, and this script is complete.

---

We can't code here! This is Whale country!

Vote #1 l0k1

_{Go to steemit.com/~witnesses to cast your vote by typing l0k1 into the text entry at the bottom of the leaderboard.}