public override Key GetKey(string password) { var encrypted = PartialEncrypted.ToArray(); //Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint byte[] passfactor = CalculatePassFactor(password, LotSequence, OwnerEntropy); var passpoint = CalculatePassPoint(passfactor); var derived = SCrypt.BitcoinComputeDerivedKey2(passpoint, this.AddressHash.Concat(this.OwnerEntropy).ToArray()); //Decrypt encryptedpart1 to yield the remainder of seedb. var seedb = DecryptSeed(encrypted, derived); var factorb = Hashes.DoubleSHA256(seedb).ToBytes(); #if HAS_SPAN var eckey = NBitcoinContext.Instance.CreateECPrivKey(passfactor).TweakMul(factorb); var key = new Key(eckey, IsCompressed); #else var curve = ECKey.Secp256k1; //Multiply passfactor by factorb mod N to yield the private key associated with generatedaddress. var keyNum = new BigInteger(1, passfactor).Multiply(new BigInteger(1, factorb)).Mod(curve.N); var keyBytes = keyNum.ToByteArrayUnsigned(); if (keyBytes.Length < 32) { keyBytes = new byte[32 - keyBytes.Length].Concat(keyBytes).ToArray(); } var key = new Key(keyBytes, fCompressedIn: IsCompressed); #endif var generatedaddress = key.PubKey.GetAddress(ScriptPubKeyType.Legacy, Network); var addresshash = HashAddress(generatedaddress); if (!Utils.ArrayEqual(addresshash, AddressHash)) { throw new SecurityException("Invalid password (or invalid Network)"); } return(key); }
public override Key GetKey(string password) { byte[] encrypted = PartialEncrypted.ToArray(); //Derive passfactor using scrypt with ownerentropy and the user's passphrase and use it to recompute passpoint byte[] passfactor = CalculatePassFactor(password, LotSequence, OwnerEntropy); byte[] passpoint = CalculatePassPoint(passfactor); byte[] derived = SCrypt.BitcoinComputeDerivedKey2(passpoint, this.AddressHash.Concat(this.OwnerEntropy).ToArray()); //Decrypt encryptedpart1 to yield the remainder of seedb. byte[] seedb = DecryptSeed(encrypted, derived); byte[] factorb = Hashes.Hash256(seedb).ToBytes(); X9ECParameters curve = ECKey.Secp256k1; //Multiply passfactor by factorb mod N to yield the private key associated with generatedaddress. BigInteger keyNum = new BigInteger(1, passfactor).Multiply(new BigInteger(1, factorb)).Mod(curve.N); byte[] keyBytes = keyNum.ToByteArrayUnsigned(); if (keyBytes.Length < 32) { keyBytes = new byte[32 - keyBytes.Length].Concat(keyBytes).ToArray(); } var key = new Key(keyBytes, fCompressedIn: IsCompressed); BitcoinPubKeyAddress generatedaddress = key.PubKey.GetAddress(Network); byte[] addresshash = HashAddress(generatedaddress); if (!Utils.ArrayEqual(addresshash, AddressHash)) { throw new SecurityException("Invalid password (or invalid Network)"); } return(key); }