OpenSSL generate Bitcoin address

Question

I am building a script to generate secp256k1 using OpenSSL in MacOS. Seems to work fine. My question: is this SECURE enough?

#!/bin/bash

if [ $# -eq 0 ]; then
  echo "Missing name, for example generate_key.sh bob"
  exit 1
fi

FILE_NAME=$1
PRIVATE_KEY=${FILE_NAME}_private.pem
PUBLIC_KEY=${FILE_NAME}_public.pem
BITCOIN_PRIVATE_KEY=bitcoin_${FILE_NAME}_private.key
BITCOIN_PUBLIC_KEY=bitcoin_${FILE_NAME}_public.key

echo "Generating private key"
openssl ecparam -genkey -name secp256k1 -rand /dev/urandom -out $PRIVATE_KEY

echo "Generating public key"
openssl ec -in $PRIVATE_KEY -pubout -out $PUBLIC_KEY

echo "Generating BitCoin private key"
openssl ec -in $PRIVATE_KEY -outform DER|tail -c +8|head -c 32|xxd -p -c 32 > $BITCOIN_PRIVATE_KEY

echo "Generating BitCoin public key"
openssl ec -in $PRIVATE_KEY -pubout -outform DER|tail -c 65|xxd -p -c 65 > $BITCOIN_PUBLIC_KEY

echo "Files created!"

Could you may explain what's the background of converting the private/public keys to Bitcoin private/public keys? — soupdiver, Sep 14 '17 at 17:37

score 2 · Answer 1 · answered Jul 15 '17 at 00:33

2

OpenSSL's RNG is considered secure, so there should be no problem with this method. I don't think you need to use -rand /dev/urandom since OpenSSL already uses /dev/urandom for seeding the RNG.

answered Jul 15 '17 at 00:33

Ava Chow

70,382
5
81
161

Makes sense, tnx – Mircea Stanciu Jul 15 '17 at 00:54
If you're on macOS, which uses LibreSSL 2.2.7, then there is no option -rand – onmyway133 Dec 18 '17 at 23:31

OpenSSL generate Bitcoin address

1 Answers1

Linked