Little lost bees - Reveal Public/Private keys from Password

in #dev3 years ago

Forgot your keys, know your password?


Recently in the Hive slack, it was asked what the Brain Key from HiveInvite was used for and there was a Javascript example of how to reveal your keys using your password. (Which I could understand the misunderstanding of what the brain key was as old Steem a.f.a.i.k. gave a long "password" that started with a P.

I thought this was a perfect opportunity to have a little lesson on getting the keys in python3. This short lesson uses Beem and tabulate.

#!/usr/bin/env python3
from getpass import getpass

from beemgraphenebase.account import PasswordKey
from tabulate import tabulate

hive_id = input("Hive User ID: ")
brain_key = getpass(prompt='Master Password: ')

roles = ["owner", "active", "posting", "memo"]
data = []
for role in roles:
    keys = PasswordKey(hive_id, brain_key, role=role, prefix="STM")
    priv_key = keys.get_private()
    pub_key = keys.get_public()
    data.append([role, str(pub_key), str(priv_key)])

print(tabulate(data, headers=["Role", "Public Key", "Private Key"]))

This one is rather short and available in the GitHub Repo for these HiveTools, I believe it is pretty self-explanatory but I will walk us through it anyway.
First, we set our variable by getting our info from input and getpass then list all the roles we want the keys for and make a new empty list to store them in (why declare an empty one? I'll explain in a moment).

The first and only real step is to loop through each of the roles and create a keys object. then run the two functions on that object to the key we want specifically. Then we append the list to the list, which would error if it was not already defined.

Lastly, we use the tabulate function, which makes beautiful output in my opinion (I'm a sucker for the terminal), and print that out. Viola, we have our keys.


I apologize if this guide seems rough, I am still finding my footing on a teaching style, and trying to decide at what level to begin? I still the best way to learn is to jump into the fire and get your hands dirty fast. Let me know your thoughts.

I will be putting out a proposal soon, to try to get some meager funding for this, just trying to find the best way to word it (I'm terrible at sounding like a "professional" human being. In the meantime, if you like what I am doing or attempting to do, give me an upvote, reshare, or buy me a coffee.

As always, bee safe, bee kind,
Michael Garcia a.k.a. @TheCrazyGM


IIRC in sepk elliptic cryptographic protocol any signature can be reversed to obtain public key. Now, it'd be interesting to know what "PasswordKey()" method specifically does. Thanks in advance!

@lightproject, It's actually rather short and to the point:

        """ Derive private key from the brain key and the current sequence
        a = py23_bytes(self.account + self.role + self.password, 'utf8')
        s = hashlib.sha256(a).digest()
        return PrivateKey(hexlify(s).decode('ascii'), prefix=self.prefix)

specifically, that's get_private from the method other than that it just sets the public function

Unless you meant you wanted me to step through that too :)

So If I understand correctly, password = brainkey? Thanks in advance!

yes sir, you got it right :)

I tried to clear that up, maybe i should have worded it better, steemit used to give passwords that started with "P" and were basically a key, but that is generated from suggest_brain_key i guess they didn't think people would understand an actual brain key, which most modern generators use now. (such as hiveinvite, which started this whole conversation)

I have picked your post for my daily hive voting initiative, Keep it up and Hive On!!

Thanks! Sorry been off for a few days, fell ill last week (food poisoning) and will pick it back up very soon!