I did not realize there was interest in this feature. I've shied away from any passphrase protection features because I'm wrestling with the idea if it's better for bitcoins to be stolen then to be lost... there might be a greater chance of people forgetting versus people actually getting robbed. Especially in these early days... that being said I passphrase protect my desktop wallet.

And now for the workaround....

With the current version of BitAddress you can go to the Wallet Details tab and enter a passphrase (instead of a private key) and then you will be prompted to confirm you want to SHA256 hash your passphrase to generate a bitcoin address along with private key details. You can copy/paste the bitcoin address somewhere and then print it, or print the whole page and physically destroy the private key, etc. Then you've accomplished your goal of having a bitcoin address and accessing it's private key through a passphrase. No need to print an encrypted private key that later needs a passphrase anyway to decrypt.

Of course, it's not as elegant as the feature you have described. The current functionality is one passphrase to one bitcoin address versus what you proposed sounds like one passphrase to many bitcoin addresses.

I don't think this would be too hard to implement on the Paper Wallet tab... I'd probably need to include an AES javascript library... I'll think about it.

Nice workaround, but you're right; I was thinking of having the same passphrase for all the wallets on a single sheet of paper.  I want multiple addresses, and don't want to have to remember multiple passphrases for them.

Maybe it would be useful to have the option to print the same page of addresses twice - once encrypted (for my bookshelf) and once unencrypted (for the bank vault in the event that I lose the wetware copy of the passphrase).


The problem I see with that approach is that if I try to redeem one of my paper wallets on a compromised machine, I lose them all, not just one.  Once you have the salt and my passphrase you have all my paper wallets.

I think I was probably using the terminology wrongly, mixing "keys" with "wallets", etc.


That's the part that made me think a single salt plus the passphrase would give up all the private keys in the wallet in one fell swoop.

But if the salt was long enough to not be brute-forceable, and each address in the wallet had its own salt, that could work nicely.

Hi guys, I created a fork and branch (comp_wif) with a few changes to add support for compressed public keys.  Bitcoin 0.6+ utilizes compressed pubkeys when generating new addresses and the dumpprivkey/importprivkey commands support both formats.  Naturally I wanted my favorite bitcoin utility to support it as well.  

This is actually the first time I've used github, and it's been years since I did any java programming, but I think it was trivial enough to implement without making too much of a mess!  I really only changed the "Wallet Details" tab.  It now accepts and displays WIF keys with the compression marker and displays the corresponding compressed public key and bitcoin address.   I think I managed to avoid introducing any errors but if anyone would like to give it a second look I'd appreciate it.


Latest commit:  d2ba2803 0ebfba0b
https://github.com/coretechs/bitaddress.org/tree/comp_wif


I used the following test cases:
http://sourceforge.net/mailarchive/message.php?msg_id=28648286

Nice catch!

It looks like that bug is present in the master as well.  It's the same bug that Casascius pointed out earlier in this thread, looks like it was missed for the base64 conversion.

I added the padding to the byte array before it gets passed to bytesToBase64() and it appears to be working correctly now.

New commit: 0ebfba0b
https://github.com/coretechs/bitaddress.org/commit/0ebfba0b37d84ec5b9401df7e8f1be5c9ea4ad4b

Great work! Thank you for the contribution. I reviewed the code looks good. I have to catch up a bit on the compressed keys stuff to be 100% sure.
Thank you for the bug fix on the zero padding of base64 keys.

I will get this merged to the master branch and posted on bitaddress.org
I will post here when it's live.

I can verify that the site has been updated and returns the same HTML from the latest commit (e58a86a2fad0e9ac4c9530abd1035a71abbbcce7) in github.

To confirm this I first check the sha1sum hash of the html returned by a request to http://bitaddress.org:

$ wget --quiet -O - http://bitaddress.org|sha1sum
f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b  -

Then from my bitaddress.org repo:

$ git rev-list --max-count=1 HEAD
e58a86a2fad0e9ac4c9530abd1035a71abbbcce7

$ sha1sum bitaddress.org.html
f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b  bitaddress.org.html

Some addresses are bigger than others.  It's perfectly natural, and nothing to worry about.

See https://en.bitcoin.it/wiki/Base58Check_encoding#Creating_a_Base58Check_string (particularly step 5) for the technical details as to why the length isn't fixed.

Thanks, I was about to manually remove the "offenders!"