node.js – How to convert HD wallet master key to extended key and child keys in javascript?

I’m trying to learn how HD wallets work internally by writing javascript code that can derive child keys from parent keys. So far, the only thing I’ve been able to do is convert a BIP39-generated seed to a master key and chain code. I can do that successfully.

Now I would like to convert the master key to an extended key, the long string that starts with xprv. I’d also like to know how to derive child keys from these, and obtain the private key for signing with any of the accounts.

I’ve been using this confusing BIP32 document as a guide so far, but I’m getting nowhere with it. As far as I can tell, before you derive any keys, you have to serialize the ones you already have.

The serialization process is described like this:

Extended public and private keys are serialized as follows:

  • 4 byte: version bytes (mainnet: 0x0488B21E public, 0x0488ADE4 private;
    testnet: 0x043587CF public, 0x04358394 private)
  • 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ….
  • 4 bytes: the fingerprint of the parent’s key (0x00000000 if master key)
  • 4 bytes: child number. This is ser32(i) for i in xi = xpar/i, with xi the key
    being serialized. (0x00000000 if master key)
  • 32 bytes: the chain code
  • 33 bytes: the public key or private key data (serP(K) for public keys,
    0x00 || ser256(k) for private keys)

This 78 byte structure can be
encoded like other Bitcoin data in Base58, by first adding 32 checksum
bits (derived from the double SHA-256 checksum), and then converting
to the Base58 representation. This results in a Base58-encoded string
of up to 112 characters. Because of the choice of the version bytes,
the Base58 representation will start with “xprv” or “xpub” on mainnet,
“tprv” or “tpub” on testnet.

Here is the javascript code I wrote in attempting to follow these instructions.

const crypto = require ('crypto');
const base58 = require ('base58');

const master_key_hex = '5a02ee5cb622f15a4e7ab3dfe7faa9861738da2ae7bb936c685af4dd7b1fbdee';
const chain_code_hex = 'abfbc73691eaad7ca4eb5e25bc51c5804af221cc27a23460634498497f92c92c';

// the 78 bytes of data
var data = '0488ade4';
data += '00';
data += '00000000';
data += '00000000';
data += chain_code_hex;
data += '00' + master_key_hex;

// add the checksum
const hash_1 = crypto.createHash ('sha256');
var sha_256_1 = hash_1.update (data, 'hex').digest ('hex');
const hash_2 = crypto.createHash ('sha256');
var sha_256_2 = hash_2.update (sha_256_1, 'hex').digest ('hex');

var data_with_checksum = data + sha_256_2;

//data = Buffer.from (data_with_checksum, 'hex');
var result = base58.encode (data_with_checksum);
console.log (result);

I tried it with a string and with a Buffer and it gave me the same error message both times. The error message is:

Error: Value passed is not a non-negative safe integer.

I have a feeling I am not even close to doing this right. Does anyone know how it should be coded to derive child keys from a master key?

Which wallet supports unlimited doge address ?

Please tell me list of wallets that you know that supports unlimited doge address generation and usage I mean same feature that coinbase and blockchain apps support unlimited bitcoin address generation. same I need for dogecoin. Thanks for reply.

What does mean when they say about Coldcard Wallet “the final software was not built deterministically like Bitcoin Core”?

I am looking at hardware wallets to store my Bitcoins, and Coldcard Wallet Mk3 seems like a great option. However, at looking at info about it at, it says that the software is not built deterministically like the consensus Bitcoin Core protocol.

I just want to know if this is true, or the info is outdated. Because in the Coldcards page, I have not found such thing.

Coldcard even claims extreme compatibility with clients such as Bitcoin Core, Electrum of Wasabi Wallet. And it seems to be easy to use it only trough ones personal Full Node.

The other option as a Hardware Wallet I am looking for, is BitBox02.

Thank you in advance,


bitcoin core – Is it ethical/legal to provide a wallet recovery service?

Over the years, numerous people have lost millions of dollars in Bitcoin due to a forgotten PK. One solution proposed for this problem is to use an online wallet recovery service which attempts to brute force your PK. Most of these services charge a fee to break your password.

Since such services could easily be abused by individuals trying to steal someone else’s Bitcoin I’m wondering what are the ethical/legal ramifications of providing such a service?


Bitcoin wallet concept – Bitcoin Stack Exchange

Multiple wallets means I have to have [multiple] accounts;

The original creator of Bitcoin, Satoshi Nakamoto, wanted to create a currency for internet use which did not depend on any trusted third parties. Originally all wallets were software programs that you downloaded and ran on a personal computer.

There were no accounts, no exchanges or other businesses that you had to trust with your money. That was deliberate. You can still use Bitcoin like this today.

Over time people and businesses have seen an opportunity to offer services to people who either don’t understand the original intent or who want to treat the currency not as a currency but as a speculative asset to be traded. These people have set up custodial accounts and have often described those accounts as wallets. These wallets are not the sort of wallets that the founder of Bitcoin intended.

You don’t have to have multiple accounts. You don’t have to have any accounts. You can use Bitcoin with no accounts whatsoever. Just download the wallet software of your choice, transfer all your Bitcoin to that wallet and close all your other accounts.

Recovering my old bitcoin wallet

As far as I can tell, my old bitcoin wallet got corrupted. It was created in Bitcoin Core in the 2014/2015s, and I’m trying to recover it. Bitcoin Core doesn’t accept it anymore (and doesn’t give an error message), so I’m trying another way.

I managed to read the contents using walletools (, and here is what I have :

  • a long list of “tx” items, containing mostly binary data
  • quite a few (probably 50 ish) “ckey” items, with the public key and encrypted private keys
  • a single “mkey” item, with the ‘nID’, ‘encrypted_key’, ‘salt’, ‘derivationMethod’, ‘nDerivationIterations’ and ‘otherParams’ fields containing data
  • two “name” items containing ‘hash’ and ‘name’ fields
  • a number of “pool” items with ‘n’, ‘nVersion’, ‘nTime’, and the ‘public_key’
  • lots of empty “keymeta” items
  • a “version” item : 150001
  • a “bestblock” item, with a “key” field
  • a “minversion” item : 130000
  • a “orderposnext” item (empty)
  • a “bestblock_nomerkle” item (empty)

From there, I imagine the important data is the mkey. What is its encryption algorithm and what Python lib could I use to decrypt it (assuming I remember the password ! ) ?

bitcoin core – Is my cold wallet still cold?

I created a new wallet.dat on a dedicated, secured machine with Bitcoin Core.

Then I encrypted it.

Then I sent my “fortune” of coins to it.

Then I backed the file up by putting it on all my disks on my normal PC as well as offline disks.

I even added it to Bitcoin Core on my normal PC, so it now lets me switch between my unencrypted “hot”/”live” wallet and the encrypted “cold” wallet in Bitcoin Core in a very neat manner, allowing me to always look to check that the coins are still there in the “cold” one.

Since I’m afraid to death of losing the encryption password, I did not write it down on physical paper and stick it into the fireproof safe (it could still burn, or get dissolved from water leaking in, or get seized/stolen under gunpoint). Instead, the password is PARTIALLY in various text files backed up on all storage devices I have, including instructions for how to input the rest of the password, which is based on “things that I know very well but others would struggle to guess or find out”, such as past pets’ nicknames and things like that.

I thought and worried for years before finally coming up with this scheme. To me, it seems like the only sensible solution, having very carefully looked into those hardware wallets and all other (known to me) ways to secure your coins.

My question is: is my “cold” wallet really “cold” if it’s literally lying around on my Internet-connected Windows 10 machine, albeit in encrypted form and never decrypted on that machine? Or does it have to always be offline, even if encrypted, to be considered “cold”?

1-888-498-0162| How to Add Money in Cash App Wallet? | NewProxyLists

User experience is often mentioned as an important factor to consider while providing the services and selling products. This common but effective perspective fits squarely on the Square Cash App payment app. To enhance the user experience, Square offers a decent looking Cash App Cash Card. Many of us already know that with the help of a cash card we can spend money with total ease of mind.


blockchain – fourth word The sixth word:craft (whallet id : 164416d1-2e1b-bda3-ac63144cf522 ) This is also my wallet ID

I forgot 12 words to recover 6, now I only have 6. Give me the other 6, please. The first word:detect -Second letter:lab -The third word:fiscal -The fourth word :victory -The fifth word:shield -The sixth word:craft (whallet id : 164416d1-2e1b-bda3-ac63144cf522 ) This is also my wallet ID. I forgot the password. I have these two documents. Please return the rest to me.

private key – HD Wallet with BIP44 – workaround of deriving public keys knowing only a xpub

My goal: I don’t want to require a private key to hierarchically derive new addresses.

Sure, I can create a batch of addresses, given a private key, at first. But once I have surpassed that batch I’ll require the private key again to generate more addresses.

I want to derive addresses knowing only a public key. I know this is possible with BIP39, but understand there can be security concerns involved with this, ie. if an attacker stumbles upon an xpub and xprv they can derive as many addresses as they want and be able to sign transactions using them.

Attempting to derive from a HD public key with BIP44 results in a exception stating a hardened path requires a HD private key. However, I have found a workaround, but I fear it is cheating and might sacrifice the benefits of path hardening in BIP44.

Here’s an example:

// It starts off with a `userCode` that represents a BIP39 Mnemonic code.
const codeUser = new Mnemonic('select scout crash enforce riot rival spring whale hollow radar rule sentence')

// Convert to HD private key...
const hdUserPrivateKey = codeUser.toHDPrivateKey()

// Gives: `xpub661MyMwAqRbcEngoXGfFNahZ5FzSDGqY8pWKTqo6vtXxK15otDNLXJmbeHV7DUjvPc7CAFhYp6hzBiTanr8rgoHPHf6NSgZAyejK5bk8MiW`
// But we won't use it...

// Instead, I can then derive a BIP44 without the `change`, `address_index` segments from `hdUserPrivateKey`...
// Gives: `xpub6CsrEMgU2f8uEGfFMvsPjKB9ekHuZiesLqSHLwCJuNFkP2uJGm7WjTo2gy95S4KEBc4etdodNQXAvn5Vsf4kupJQ1DKR4DMfcHwKdhQ3k6h`
// This is the xpub I can use to derive addresses without requiring the initial private key.

// So knowing this, I can build a HD public key given that xpub...
const hdPublicKey = Mnemonic.bitcore.HDPublicKey('xpub6CsrEMgU2f8uEGfFMvsPjKB9ekHuZiesLqSHLwCJuNFkP2uJGm7WjTo2gy95S4KEBc4etdodNQXAvn5Vsf4kupJQ1DKR4DMfcHwKdhQ3k6h')

const derivative = 0

// We can derive from it this path, but what is this path defined as? Are we back in BIP39 territory now?
const publicKey = hdPublicKey.deriveChild(`m/0/${derivative}`).publicKey

const address = new Mnemonic.bitcore.Address(publicKey)

console.log(address.toString()) // 12XyHwtmoq5w4VQ5mzcu6BQzdLqCLxUv5e

…and of course, I can increment the derivative as many times as I wish to create new addresses from the public key.

Whenever I wish to sign a transaction…

const codeUser = new Mnemonic('select scout crash enforce riot rival spring whale hollow radar rule sentence')
const hdUserPrivateKey = codeUser.toHDPrivateKey()
const derivative = 0

// BIP 44 derivation path for private key...
const privateKey = hdUserPrivateKey.deriveChild(`m/44'/0'/0'/0/${derivative}`).privateKey

Is this approach valid or am I dodging BIP44 standards?