As a Newbie, i DCA-ed BTC for the past 6 months on Binance 
I don't want to use any CEX no more. I want my keys.
So based on internet articles and a bit of chat-gpt i could generate my key pair locally as follow:
Use secp256k1 elliptic curve to generate a priv key:
> openssl ecparam -genkey -name secp256k1 -noout -out privatekey.pem
Find matching pub key on the curve:
> openssl ec -in privatekey.pem -pubout -out publickey.pem
Derive an address in python:
from ecdsa import VerifyingKey
import hashlib
import base58
def generate_bitcoin_address_from_public_key(public_key_bytes):
public_key = VerifyingKey.from_pem(public_key_bytes)
# Hash the public key
hash_pubkey = hashlib.sha256(public_key.to_string()).digest()
hash_pubkey_ripemd160 = hashlib.new('ripemd160', hash_pubkey).digest()
version_byte = b'\x00'
hash_pubkey_with_version = version_byte + hash_pubkey_ripemd160
checksum = hashlib.sha256(hashlib.sha256(hash_pubkey_with_version).digest()).digest()[:4]
binary_address = hash_pubkey_with_version + checksum
bitcoin_address = base58.b58encode(binary_address).decode('utf-8')
return bitcoin_address
with open('publickey.pem', 'r') as file:
public_key_pem = file.read()
bitcoin_address = generate_bitcoin_address_from_public_key(public_key_pem.encode('utf-8'))
print("Bitcoin Address:", bitcoin_address)
This got me the following:
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIDRd6/hvSUmI3jubQv+FEve/bkPRBi4d4ddCKf1Cdz8yoAcGBSuBBAAK
oUQDQgAEr6/Q3oyxMl6Fourug/AVW2a/WyrhoGDPP0iXBPp2rEKSRF+p1G5DL7BL
gFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
gFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
-----END EC PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEr6/Q3oyxMl6Fourug/AVW2a/WyrhoGDP
P0iXBPp2rEKSRF+p1G5DL7BLgFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
-----END PUBLIC KEY-----
Bitcoin Address: 12XjArifNjhfNWDo5MBZaBMXjyYVVbVgxZ
So, did i do the correct thing ? Is it safe to transfer my BTC to an address generated this way (not this one ofc)
Or is there a better way to do it ?
Also keys seem to be base64 encoded, should i save it in another form ?
Thnaks in advance.
Generating your own key pair locally is a step towards self-custody, which many in the crypto community advocate for. Your use of the secp256k1 curve and the process you've outlined seem correct.I don't want to use any CEX no more. I want my keys.
So based on internet articles and a bit of chat-gpt
i could generate my key pair locally as follow: Use secp256k1 elliptic curve to generate a priv key:
> openssl ecparam -genkey -name secp256k1 -noout -out privatekey.pem
Find matching pub key on the curve:
> openssl ec -in privatekey.pem -pubout -out publickey.pem
Derive an address in python:
from ecdsa import VerifyingKey
import hashlib
import base58
def generate_bitcoin_address_from_public_key(public_key_bytes):
public_key = VerifyingKey.from_pem(public_key_bytes)
# Hash the public key
hash_pubkey = hashlib.sha256(public_key.to_string()).digest()
hash_pubkey_ripemd160 = hashlib.new('ripemd160', hash_pubkey).digest()
version_byte = b'\x00'
hash_pubkey_with_version = version_byte + hash_pubkey_ripemd160
checksum = hashlib.sha256(hashlib.sha256(hash_pubkey_with_version).digest()).digest()[:4]
binary_address = hash_pubkey_with_version + checksum
bitcoin_address = base58.b58encode(binary_address).decode('utf-8')
return bitcoin_address
with open('publickey.pem', 'r') as file:
public_key_pem = file.read()
bitcoin_address = generate_bitcoin_address_from_public_key(public_key_pem.encode('utf-8'))
print("Bitcoin Address:", bitcoin_address)
This got me the following:
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIDRd6/hvSUmI3jubQv+FEve/bkPRBi4d4ddCKf1Cdz8yoAcGBSuBBAAK
oUQDQgAEr6/Q3oyxMl6Fourug/AVW2a/WyrhoGDPP0iXBPp2rEKSRF+p1G5DL7BL
gFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
gFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
-----END EC PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEr6/Q3oyxMl6Fourug/AVW2a/WyrhoGDP
P0iXBPp2rEKSRF+p1G5DL7BLgFsOOBN/U0IT3iiw7agk/DCTxEO0wQ==
-----END PUBLIC KEY-----
Bitcoin Address: 12XjArifNjhfNWDo5MBZaBMXjyYVVbVgxZ
So, did i do the correct thing ? Is it safe to transfer my BTC to an address generated this way (not this one ofc)
Or is there a better way to do it ?
Also keys seem to be base64 encoded, should i save it in another form ?
Thnaks in advance.
However, when it comes to security, there are a few additional considerations. Firstly, ensure your private key remains private and is stored securely, preferably offline. Additionally, regarding encoding, it's common to save keys in formats like hexadecimal rather than Base64 for compatibility and ease of use.
Before transferring your BTC, it's wise to test the process with a small amount first to ensure everything works smoothly. Lastly, consider exploring hardware wallets for an added layer of security if you plan to hold significant amounts long-term.