Convert EC PRIVATE KEY from .pem into WIF

0

I have a openssl generated private key in the following form:

$ cat priv.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIDTijUe0yc3orw5+hElM2WZPWWawO6yTymJZagaStSxIoAcGBSuBBAAK
oUQDQgAE81+mTl3Pyzy41kCg8xgnV3lokrYJ/iUAGda0JUpx99aExBk1kD9Heera
5ndWARwUTa6T1Cfi7c1U6Nf81IEAQQ==
-----END EC PRIVATE KEY-----

How can i convert this (preferably using bash/Perl/python) into a WIF that can be imported into (preferably) Electrum? Also Electrum confuses me a bit, it says

WIF keys are typed in Electrum, based on script type.

A few examples:
p2pkh:KxZ...->
1Dck

What does this mean? Wallet import format does not say anything about typing

Heiner

Posted 2019-08-24T09:51:38.243

Reputation: 1

Answers

0

How can i convert this (preferably using bash/Perl/python) into a WIF that can be imported into (preferably) Electrum?

OpenSSL .pem files contain base-64 encoding of the values encoded using DER. In case of private keys they use PKCS#8 explained in RFC5208. To extract the key itself, you first have to decode the base-64 string and get the key out by reading the DER encoding (the posted example is missing 1 byte since the sequence length is 0x74 but the remaining bytes that come after it is 0x73 bytes). If you want to use OpenSSL itself, try using this command: 

openssl pkey -in priv.pem -out priv.key

This should give you the key bytes. Now you have to convert them to WIF (base-58 with checksum). Use your favorite bitcoin library (I don't have any python suggestion but there are many you could find on GitHub) that has byte-to-Wif functions.

What does this mean? Wallet import format does not say anything about typing

Your one private key gives you one public key that could be used in both compressed and uncompressed form in many different output scripts which then you will see as a different type of address (P2PKH script -> address starting with 1; P2WPKH script -> address starting with bc1; ...). So when the private key is imported in a wallet, the wallet either has to look for all the output script types (like what Bitcoin-Core does) or ask the user to explicitly include the script type (which is what Electrum does).
In other words when you import a private key in Electrum with p2pkh:<key> the wallet only checks the address starting with 1 (legacy or base58) and when import it with p2wpkh:<key> it only checks the address starting with bc1 (native SegWit or bech32) and so on.

As a side note, there is BIP-0178 that proposed extending WIFs to address this and also Electrum briefly used a different way similar to this BIP but stopped because of incompatibility with other clients.

Coding Enthusiast

Posted 2019-08-24T09:51:38.243

Reputation: 488

1DER encoding contains more than just the key itself, it includes things like the curve parameters. WIF just encodes the private key itself. So after decoding the base64 string, you still have to extract the actual private key. That's just a matter of looking up how DER encoding works and then finding the private key.Andrew Chow 2019-08-25T06:10:44.590

OpenSSL supports 8 privatekey PEM formats, only two of them PKCS8, and the example in the Q is not PKCS8 format, it is SEC1. (And as you note, corrupted.) To convert to DER, you need pkey ... -outform der or ec ... -outform der. But you don't really need to; any language that can compute base58check or similar can decode base64 and select bytes.dave_thompson_085 2019-08-25T16:04:16.947

Asked: 2019-08-24T09:51:38.243

Viewed: 141 times

Active: 2019-09-26T16:01:00.913