Public and Private Keys - How to generate all Steem user's keys from master password, without a Steemit website, being OFFLINE

9 days ago
63 in security

I had a break in writing technical articles, because I need some time to organize two Steem Meetups (in Wrocław and in Warsaw), and to give a talk about Steem in Łódź.

But finally I am back on track regarding my Steem Security series, so today I am able to publish 3rd articles from this series. If you didn't read my earlier articles about different aspects of security of your steem account, you can find list of those articles on the bottom of this article.

part3.jpg

Real password and keys: demo

So, last time we learnt about why private keys are needed. This time we will learn how they are generated.

You already have seen in my 1st post in a series a demo gif/video, where I showed how to login to an account with a private key instead of a password. During this demo I also showed, that at the time of recording I used password P5KB2ir4BaDTeeBe5SUW16F6NYGeYSVaUBn261kDPLGGCSiNahtm to log in on my noisy3demo account.

Now I want to show you, that you actually don't have to type your master password on Steemit website, to generate all your keys. You can generate them being totally offline!

How to locally generate all Steem users keys from master password

With some help of python code and steem library, we can write something like this:

from steembase.account import PasswordKey

account = 'noisy3'
password = 'P5KB2ir4BaDTeeBe5SUW16F6NYGeYSVaUBn261kDPLGGCSiNahtm'
key_types = [
    'posting',
    'active',
    'owner',
    'memo',
    'foo_bar'
]

for key_type in key_types:
    private_key = PasswordKey(account, password, key_type).get_private_key()
    public_key = private_key.pubkey

    print('Private ' + key_type + ' key: ' + str(private_key))
    print('Public ' + key_type + ' key: ' + str(public_key) + '\n')



This gives us:

Private posting key: 5JLMze1sUVPhUBwTVjZyQhFMGfbN5KB7nqHfKjXuN5GUTYTbYFy
Public posting key: STM6GkXgEKTYc7gNv1GWJ5ZseyESHQnN7nr3rxdo5sBjzWQcdMyKy

Private active key: 5JFfMWjWMjnhu6vJKB2uUwUaLCws9JotHzLB8wkVEZjsZnSzDTv
Public active key: STM5uLTFYpPK4XVLMe16uuQFdW1Vo2MzN9UPqHQKjePwB76NnS9qk

Private owner key: 5JKjBjfRVZaf8H5w8XgiB6HfEH2SFJXUJL3QA6mteg5uQ3qRW9M
Public owner key: STM7iZnny8bvNRd6v6nx25XG6ijAKZs1ANvtuqTN2gjSYWXHC8Jgy

Private memo key: 5JvpThC3DwjHkupj6jnT5pnFW21Bsj3g4GhxhLLtM2WNsV2ynPw
Public memo key: STM5uEy2yYnoqVY9ksfkMbbY3UH4qFygARn2SW7PFJ4cRErHbH7Vh

Private foo_bar key: 5KJQP53B4MPHCWBQ8Xm9ydhKmjqrouRuf8UWWEZjHtkgmrtNCc5
Public foo_bar key: STM7hNqe6DJmXsqaDG8poaDVAvQx59EgWWQUbVLRUfi2Ab7mCvsnJ

So as you can see, private posting key is exactly the same like in my demo gif/video above:

Selection_999(271).png

From technical point of view, from your password can be generated even new type of keys, like Private foo_bar key and Public foo_bar key :)


This article belongs to series of articles which describes security on Steemit:

  1. What is the difference between a password and a private key(s) on Steemit? How to make your account more secure, by using them correctly.
  2. Public and Private Keys - how they are used by Steem, making all of these possible?
  3. How to generate all Steem user's keys from master password, without a Steemit website, being OFFLINE (this article)
  4. How to set own password, which is not generated by Steemit
  5. How passwords are stored by Steemit in your browser, and why it is secure.
  6. How to setup multisig/multiple authorities for your account
  7. ...

Make sure to follow my account, if you don't want to miss any of these :)

PS. This article was live-st(r)eemed.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending
71
  ·  9 days ago

This is great - resteeming cause many keep asking about it!

Like I tell most users, keep your private key offline and stored safely, you'll only need your posting and active key when using Steemit generally.

·
66
  ·  9 days ago

Thank you for reSteeming @acidyo.....otherwise it would have been missed. Cheers.

·
63
  ·  9 days ago

next article will be probably about: how to set own password (any length), without a Steemit website :)

·
·
71
  ·  9 days ago

Nice! Now I can finally change my password to hunter2 !

Reference

·
·
·
60
  ·  9 days ago

I am changing all my passwords to "incorrect", guess why

·
·
·
·
71
  ·  9 days ago

So the error message reminds you what it is :p

·
·
·
·
·
60
  ·  9 days ago

We have a winner! You just won 0.00000000001 SBD!!!

·
·
·
·
·
·
71
  ·  9 days ago

Niiice! You sent me 9x more SBD than I actually won, lol! I'm gonna buy an island now

·
·
·
·
·
·
·
60
  ·  9 days ago

lol :))

·
·
·
·
56
  ·  9 days ago

LOL that's too funny!

·
·
32
  ·  8 days ago

that would be so great

·
60
  ·  9 days ago

Thanks for resteeming this! I otherwise would not have seen this useful post!!

You're right about keeping the private key offline and stored safely!

·
53
  ·  9 days ago

@acidyo

tip! link

·
56
  ·  9 days ago

Hi @acidyo! You have just received a 0.1 SBD tip from @sneakgeekz!

From @sneakgeekz: Check out my blog!

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

58
  ·  8 days ago

Two months ago I scoured steemit for an answer to this exact question and it did not exist. Thank you for you for this. It is currently the first and only post I have bookmarked :)

·
50
  ·  7 days ago

It EXISTED. its just that Steem has terrible search engine. Steemwiki has all the answers now.

66
  ·  9 days ago

Thank you for posting @noisy.

This is the kind of information Steemians can use. Cheers.

55
  ·  8 days ago

@noisy you deserve a tip! 0.3 link

56
  ·  8 days ago

Hi @noisy! You have just received a 0.3 SBD tip from @imperfect-one!

From @imperfect-one: Check out my blog :)

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

52
  ·  8 days ago

This is very helpful, thanks. I just started experimenting with the python Steem library for some ideas of my own.

·
51
  ·  8 days ago

This comment has received a 6.45 % upvote from @buildawhale thanks to: @buildawhale.

53
  ·  9 days ago

This is some interesting stuff you show us in this post thank you. Good to know that I don't need my master password but only the active and posting key.

49
  ·  9 days ago

I see Ubuntu <3

57
  ·  2 days ago

This great news. That means in case the steemit website suffers a ddos which is isn't very likely, you still get access to the blockhain with your private keys. Thanks for sharing this great information. We need this type of education for the community.

59
  ·  9 days ago

Pozdrowienia z wypoka! tip! 0.3

55
  ·  9 days ago

Thanks for sharing @noisy . I Will read it first.

8
  ·  9 days ago

Interested

60
  ·  9 days ago

@noisy, thank you very much for this info!!

35
  ·  9 days ago

I really appreciate this post @noisy. I'm pretty new here and was having a bit of trouble understanding the differences between all the passwords. Thanks

60
  ·  9 days ago

1ttdt4.jpg

·
63
  ·  9 days ago

that, you do not need to use Steemit, to manage your private keys ;)

46
  ·  9 days ago

Very useful to know,thanks for sharing.

37
  ·  9 days ago

Thanks...

42
  ·  9 days ago

Wow this is so much interesting. It's been a long time now i've been trying to do most of all this cause am actually a new steemian. But today you've tought me some parts of this. Thank you for sharing👍

33
  ·  9 days ago

Great

56
  ·  9 days ago

You were in Wroclaw, I love this city. been there several times for work. Did you like it?

·
63
  ·  8 days ago

I study at Wrocław University of Science and Technology, so I know the city very well. Even after my studies, when I moved to city located next to Wrocław (Oława), so visited Wrocław every day for next 4 years due my job.

In other words, of course I love WrocLove ;)

BTW, if you are sometimes in Poland, consider joining our meetup group. We already organized two meetups in Wrocław and Warsaw, and for sure there will be more in the future :) People in meetup group are notified about upcoming events :)

61
  ·  9 days ago

A very important information for all the steemians, especially for those who just joined.

39
  ·  9 days ago

Upvoted done :)
Wonderful post.. Keep on the good job.
I now follow you.
Please, have a look into my blog may you like any of my posts :)
https://steemit.com/home/@asmaasema/5upb6x-preventing-birth-defects-steps-to-take-before-and-during-pregnancy

45
  ·  9 days ago

Love this for security purposes!

53
  ·  9 days ago

Thank you for this valuable post and series. I will be resteeming, upvoting and tipping.

tip! post

·
49
  ·  9 days ago

meep

56
  ·  9 days ago

Hi @noisy! You have just received a 0.1 SBD tip from @sneakgeekz!

Check out the newest post from @sneakgeekz: Singapore July 2017 Blockchain 2.0 Master Class and follow if you like the content :)

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

50
  ·  9 days ago

Wow, I'm glad one of the people I follow re-steemed this post. Now I know to follow you too.

Thanks for the amazing information. I'm looking forward to reading more in your series! .. and whatever other cool stuff you decide to post :)

33
  ·  9 days ago

I learn New things everyday on Steemit

32
  ·  9 days ago

Follow back bro

27
  ·  9 days ago

no way

56
  ·  9 days ago

Hi @noisy! You have just received a 0.3 SBD tip from @cardboard!

@tipU - send tips by writing tip! in the comment and get share in service profit :)
By upvoting this comment you support the service - thanks!

70
  ·  9 days ago

Always use the command line if you can. But one alternative is @xeroc's paper wallet:

https://github.com/xeroc/steem-paperwallet/releases/

48
  ·  9 days ago

Great tech hack! - now everyone is deleting their private keys offline --lol

32
  ·  9 days ago

This nice post

70
  ·  9 days ago

@noisy, I got BTS prefixes in the output of the python script. I guess I have an old library or something.

Private posting key: 5JLMze1sUVPhUBwTVjZyQhFMGfbN5KB7nqHfKjXuN5GUTYTbYFy
Public posting key: BTS6GkXgEKTYc7gNv1GWJ5ZseyESHQnN7nr3rxdo5sBjzWQcdMyKy

Private active key: 5JFfMWjWMjnhu6vJKB2uUwUaLCws9JotHzLB8wkVEZjsZnSzDTv
Public active key: BTS5uLTFYpPK4XVLMe16uuQFdW1Vo2MzN9UPqHQKjePwB76NnS9qk

Private owner key: 5JKjBjfRVZaf8H5w8XgiB6HfEH2SFJXUJL3QA6mteg5uQ3qRW9M
Public owner key: BTS7iZnny8bvNRd6v6nx25XG6ijAKZs1ANvtuqTN2gjSYWXHC8Jgy

Private memo key: 5JvpThC3DwjHkupj6jnT5pnFW21Bsj3g4GhxhLLtM2WNsV2ynPw
Public memo key: BTS5uEy2yYnoqVY9ksfkMbbY3UH4qFygARn2SW7PFJ4cRErHbH7Vh

Private foo_bar key: 5KJQP53B4MPHCWBQ8Xm9ydhKmjqrouRuf8UWWEZjHtkgmrtNCc5
Public foo_bar key: BTS7hNqe6DJmXsqaDG8poaDVAvQx59EgWWQUbVLRUfi2Ab7mCvsnJ
·
63
  ·  8 days ago

always use virtualenv, and always freeze your dependencies ;)

52
  ·  9 days ago

@noisy thanks bro junst now i saved all of my keys offline after knowing that one of our community member @fredrikaa got his account stollen

52
  ·  9 days ago

tip!

·
56
  ·  9 days ago

Beep beep. Hi @satfit!
You have used tip! in your comment - that`s my magic word for sending tips ;)
Click here if you wish to learn more!

64
  ·  9 days ago

Yes, great postings, posts like this have been my long time, now i feel safer ... thank you very much @noisy

74
  ·  9 days ago

This is very useful thank you:)

45
  ·  9 days ago

This is great....
Thanks you!

46
  ·  9 days ago

Yah @acidyo is right ....This is great - resteeming cause many keep asking about it!

Like I tell most users, keep your private key offline and stored safely, you'll only need your posting and active key when using Steemit generally.

44
  ·  9 days ago

Good news and interesting thank you

43
  ·  9 days ago

very interesting

48
  ·  8 days ago

Is a good practice

42
  ·  8 days ago

Great info, thanks for sharing! I'm now following.

37
  ·  8 days ago

Very nice ! Reesteeming it because its a good tutorial !

51
  ·  8 days ago

This post has received a 6.06 % upvote from @buildawhale thanks to: @buildawhale.

55
  ·  8 days ago

Another step towards decentralization. Thank You! :)

27
  ·  8 days ago

Being new to steemit and all, i found this very useful. Thanks

52
  ·  8 days ago

Thanks for the code! Up-Voted, Followed, Re-Steemed!

50
  ·  8 days ago

thanks for writing this.. you don't how much I wanted this information in a way I can understand.. thank you :) upvoted resteemed and appreciated @noisy

67
  ·  8 days ago

I don't know much about codes but this is great news for everyone who knows, resteemed. Cheers!

50
  ·  9 days ago

Thanks for taking the time to write this article with some useful informations about how to generate generate all Steem user's keys from master password, without a Steemit website, being OFFLINE. All the steps are clearly shown in the gift you made which is very easy to understand and follow.

38
  ·  9 days ago

it.s amazing

50
  ·  7 days ago

So I can copy your code in Microsoft Word and it will generate my keys? Cool!

41
  ·  7 days ago

@Noisey

All you programmers need to make some simple GUI's.

Especially for Steemit when the target audience hopefully drawn away from facebook, reddit etc

43
  ·  9 days ago

That seems handy -- but also scary. Does it not mean that some other person can generate my password also?

Forgive me if it's a foolish question; I am a good computer user but the nitty-gritty complexities like this are far above my level and outside my field.

·
63
  ·  9 days ago

Don't worry. It is always better to ask, if you do not know something ;)

Does it not mean that some other person can generate my password also?

Nope. Your password and your account are safe as long as you keep them private. But if you will publish your password anywhere, then someone else (even being offline) will be able to generate from that password all type of keys to your account.

·
·
71
  ·  9 days ago

Until quantum computers start brute forcing our passwords. :(

·
·
·
63
  ·  8 days ago

then every ciphered connection and every cryptocurrency will be in danger, but... only to a moment when it will be upgraded. Cryptography is fairly new science, there are plenty new solutions to discover.

·
·
·
·
71
  ·  8 days ago
47
  ·  yesterday

wao great sir its really informative and i learn alot of things from you :)