Wallets and Keys — July 25, 2018
This time the blog looks at wallets and keys. After some introduction, most of the examples will be based on the Qtum Web wallet (https://qtumwallet.org/), which is a browser-based wallet like the Ethereum wallets MyEtherWallet / MyCrypto. The Qtum Web wallet runs in a browser and does not download the blockchain, but instead connects to the blockchain through dedicated full nodes.
The Web wallet is a powerful chameleon that offers many ways to restore other types of Qtum wallets. There is not a wallet that cannot be restored on the Web wallet (if you use the techniques from this blog). Note the Web wallet has a full QRC20 token capability.
CAUTIONARY NOTE: this blog and wallet recovery steps involve handling private keys and seed words. Before you try these steps, make sure you fully understand the process and are using computers free of malware and viruses. It is safer to simply send QTUM or tokens to a new wallet, rather than moving the private key, but sometimes sending the coins is not possible, for example, if you drop your mobile wallet phone in a toilet or leave it in the bar at the end of a long night. Never give your private keys or seed words to anyone because they will take your coins.
I am an independent researcher, occasional blogger, social moderator, and appreciate the technical guidance from the Qtum Team and discussions in the Community. If you have any comments or corrections for this article, please reach out on social media or comment below.
TL;DR: Qtum wallets are setup using randomly-generated private keys or seed words. By extracting the private keys or seed words you can move a Qtum address between various wallets. It is very important to keep your private keys and seed words secure — keep your privates private!
You know that wallets establish their identity on the blockchain using a Qtum address “Q…”. This address is derived from the public key which is in turn derived from the private key.
Satoshi chose the wrong name for the bitcoin “wallet” because the wallet does not actually store any coins or tokens, these are always stored on the blockchain. The proper name for the “wallet” would be “keystore” because the main job of the wallet is to store and manage the private keys and enable transactions with these private keys.
Private Keys and Seed Words
A private key is a humble text string, but it is the keys to the kingdom. The private key gives access (without a password) to QTUM stored at the address created from that private key. You need to be super-careful working with private keys because if anyone (hackers, malware, sweet-talking helpers in direct messages) can get your private key, they can get your coins.
Private keys can also be created from seed words. Typically, there are two lists of seed words used by wallets, bip-039 seed words used on desktop wallets or “dictionary” seed words used by mobile wallets. These two lists are incompatible and this difference is managed by the Web wallet which accepts both types by using “Restore from Mnemonic” for bip-039 seed words and “Restore from Mobile Wallet” for “dictionary” seed words.
Bitcoin Improvement Protocol 39 (bip-039) gives the requirements for generating private keys using 12 seed words derived from a list of 2,048 words [reference 1]. The “dictionary” words used by mobile wallets is a list of 4,216 words like the bip-039 words [reference 2].
Entering seed words to restore a wallet is risky because private keys are generated precisely from the seed word characters and a single typo or a single appended blank space will generate a different private key and a different Qtum address. If you miss-type the seed words, you will create an unexpected Qtum address for the wallet. If you send coins to that address there is an excellent chance you will never be able to enter that typo again and restore that same wallet address, which means your coins will be lost forever.
The drawing below shows all the Web wallet options for creating a wallet or restoring a wallet. The choices are:
1. Generate new Wallet — creates a random address and downloads a Key File
2. Create from Mnemonic — creates 12 random seed words and a random address
3. Restore from Mnemonic — restores an address from another wallet using 12 bip-039 seed words
4. Restore from WIF — restores an address from a private key
5. Restore from Mobile Wallet — restores an address from 12 “dictionary” seed words from a Qtum mobile wallet
6. Restore from Key File — restores an address from a Key File created by the Web wallet
7. Restore from Ledger — allows transactions using a private key securely stored in a Ledger hardware wallet
Let’s go through these options one-by-one in more detail.
1. Generate new Wallet
Generate new Wallet creates a random address and downloads a Key File with a name given by unix epoch time in milliseconds, for example “1532053935952.txt”, containing text encrypted by a password, such as:
Save this Key File in a known place on your computer and back it up on multiple USB thumb drives. The only way to relaunch/restore a wallet created with the “Generate new Wallet” option is to “Restore from Key File” (see step 6 below) by loading the Key File and entering the password.
Use a password that is long and strong, not a simple password like “12345”.
2. Create from Mnemonic
Create from Mnemonic creates a new wallet address from 12 random seed words. You will have to re-enter the 12 seed words exactly to confirm you have them saved.
Using this option, you can restore the wallet from mnemonic (seed words) in step 3 below. You can also (should also) backup the wallet by creating a Key File using “Dump as Key File”. Now you have two ways to restore the wallet, using the seed words or the Key File. This effectively doubles your ability to restore the wallet but also means you need to securely store three things now (the password, the seed words, and the Key File).
Note that this mnemonic is different from the Core wallet passphrase (which is a free-form text passphrase and is not seed words).
3. Restore from Mnemonic
Restore from Mnemonic restores a wallet address from 12 seed words. When entering the seed words, they must match character-by-character with the original seed words. This means always lower case (never any UPPERCASE characters) because that is how the seed words were created. Also, make sure there is not a trailing blank space after the words. Any different or extra characters will create a different random address for the wallet which means it will show a zero balance and it is very dangerous to send any QTUM to this new address. Make sure you check the address and confirm that it is the address you are expecting. It may be safer after successfully restoring from mnemonic to save a Key File and restore the wallet using this Key File to open the wallet going forward.
4. Restore from WIF
WIF is Wallet Import Format, an error-correcting and shortened format for private keys [reference 3]. Most private keys you encounter will use WIF, typically with a length of 52 characters, while native private keys will have 64 hexadecimal characters. The Web wallet and Core wallets will provide private keys as WIF, and this option will allow restoring a wallet address from a WIF private key.
5. Restore from Mobile Wallet
Restore from Mobile Wallet restores a wallet address from 12 seed words from a Qtum mobile wallet. For this restore to work correctly, the mobile wallet seed words must be entered correctly for every character (does this sound familiar by now?). The words are always lower case and never have UPPERCASE characters. Also, do not enter a trailing blank space after any of the words, or you will generate a new random address which is very dangerous to use. Please verify the address created by this option matches the address in your mobile wallet (otherwise you entered the seed words incorrectly).
After selecting CONFIRM, choose the address to restore:
6. Restore from Key File
Restore from Key File restores a wallet address from a Key File as saved by the Web wallet. Load the Key File from your computer and enter the password to restore the wallet address.
7. Restore from Ledger
This option works differently from all the others. Restore from Ledger allows the Web wallet to make transactions with a private key secured in the Ledger hardware wallet. For this option private keys do not leave the hardware wallet, instead, the Ledger signs the transactions and allows manual verification and approval of transactions.
To use the Ledger hardware wallet, on the Web wallet select Restore from Ledger, connect your Ledger, sign in and launch the Qtum app, then select CONNECT and let the Web wallet connect to the Ledger.
Choose the Default path m/44’/88’/0’/0 and click on the green padlock button:
On the screen Default path m/44’/88’/0’/0 choose the desired address and click on the green padlock button:
This will launch the standard Web wallet info page except that because the private keys are still locked in the Ledger there is no private key available and the Dump to Key File button is not available.
Next are some real examples of restoring wallets by moving private keys or seed words between the various Qtum wallets. For this exercise, I use the Qtum Testnet, and if you need a refresher on Testnet, please, please see this blog.
I will also point out that some of the private keys and seed words in this blog present non-obfuscated real data, and I hope reading this blog will help you understand how wallets work with private keys well enough to make some interesting use of these keys (hint, hint). If you can find some use for these keys, please claim you bragging rights on social media.
Let me say I am really disappointed by the price development for Testnet QTUM. It seems like Testnet QTUM whales are manipulating this coin to suppress the price, which is so sad for Testnet QTUM hodlers. There has been no price appreciation, and this coin seems to be stuck forever at 0 satoshis. There are no trading pairs for Testnet QTUM on any major exchanges, or any minor exchanges, or any exchanges really. It is basically a worthless coin, and the only thing we can do with it is testing on Qtum Testnet, and so we do.
A. Mobile to Web wallet
To restore your Qtum Mobile wallet on the Web wallet, on the mobile go to Profile — Wallet Backup and enter your PIN to see the seed words (you should have also saved them previously). On the Web wallet select Restore from Mobile Wallet, enter the seed words exactly and then select CONFIRM. From the list of Qtum addresses (should be the top one unless you have chosen others on the mobile) find the desired Qtum address and select CHOOSE. Check that the address restored is the same as your mobile wallet address (if not, re-enter the seed words and double check all the characters). You may want to backup the Key File after successfully restoring using Dump as Key File.
B. Core to Web Wallet
On the Qtum Core wallet (qtum-qt shown) select Help — Debug window — Command and enter the dumpprivkey command with the address desired (see Reference 4 for information about multiple addresses). Copy the WIF private key, here “cPuz…”. On the Web wallet select Restore from WIF, paste in the private key and click CONFIRM. You may want to backup the Key File after successfully restoring using Dump as Key File.
C. Web to Core wallet
This is just the opposite of B above. On the Web wallet select View Wallet Info, view the Private Key and COPY the Private Key. On the qtum-qt Core wallet select Help — Debug window — Console and enter the command importprivkey and paste the private key:
The Core wallet will sweep the blockchain for a minute or two and the Debug window header will show (Not Responding), then the Console response will be “null” and you should see the QTUM balance added for the new address. You should make a new backup of the wallet.dat file since it contains a new private key.
D. Mobile to Core wallet
Obviously, do A — Mobile to Web wallet and then C — Web to Core wallet.
E. Qbao to Web wallet
On Qbao go to Me — Mnemonic export — enter your PIN (password) and copy the mnemonic (12 seed words — you should have saved these previously). On the Web wallet select Restore from Mobile Wallet and carefully enter the 12 seed words (no extra blank spaces) and select CONFIRM. Pick the desired address from the Restore from Mobile Wallet list by selecting CHOOSE. You may want to save a Key File at this point using Dump as Key File.
F. Electrum to Web wallet
To transfer addresses from the Electrum wallet to the Web wallet using seed words, you need to have set Electrum to be compatible with Qtum Mobile seed words in the initial installation (and then actually restore the mobile wallet on Electrum, using the mobile wallet seed words). The Electrum configuration screen for this setting is:
After this screen, you enter the mobile wallet seed words (which are also compatible with the Web wallet Restore from Mobile Wallet option).
If you have not set the Electrum wallet to be compatible with the mobile wallet, you can restore the Electrum wallet on the Web wallet using a private key. On the Electrum wallet select Wallet — Private keys — Export and you will be able to export a file qtum-electrum-private-keys.csv or just copy a single private key. On the Web wallet select Restore from WIF, paste in the private key and select CONFIRM. Check that the wallet address is correct. You may want to save a Key File at this point using Dump as Key File.
F. Core to Core
See reference 4 below.
I hope this explanation about private keys and seed words helps your understanding of the wallets. Remember the wallets don’t ever store coins or tokens. Coins and tokens are always stored on the blockchain, but the wallets store private keys and manage transactions using the private keys. Please be very careful when working directly with private keys and seed words. Make sure your computer is virus and malware free, and never use online storage for private keys, seed words or passwords.
Stay safe online,
- bip-039 specifications. List of bip-039 seed words English. If your bip-039 seed words are not in this list, you wrote them down wrong!
2. List of dictionary seed words. If your seed words are not in this list, you wrote them down wrong!
3. Wallet Import Format, an example for bitcoin.
4. Moving a Private Key — Core to Core wallet (qtum-qt Desktop GUI Core Wallet shown)
It is a good idea to update your antivirus and run a complete antivirus scan before exporting the private key. Never give your private key to anyone, they can take your QTUM.
1. If you have an encrypted wallet, unlock the wallet (and not for staking only)
- Go to Settings — Unlock Wallet, uncheck “For staking only.”, enter your passphrase and press OK
- You should see the little padlock symbol hasp open up
2. Select the Qtum address for which you want to export the private key
- Go to File — Receiving addresses…, and copy a Qtum address to export the private key
- Select the address and press COPY, close that window
- If your wallet has multiple receiving addresses holding QTUM you can find out which addresses are holding QTUM, go to File — Debug window — Console and enter the command listaddressgroupings
scroll the list and copy the addresses that hold QTUM to export those private keys
3. Open the Console and enter the command to export the private key
- Go to Help — Debug window — Console
- At the bottom of the Console, start to enter the command dumpprivkey
- Then paste in the address you just copied. The command will look something like this:
- Enter the command
4. The private key will appear on the console as a text string with 52 characters.
- Copy this private key into a text file and keep it very safe. This is an unencrypted private key, and anyone with this private key can take your QTUM. Never give the private key to anyone.
5. To import this private key on a 2nd Qtum Core wallet, launch that wallet and unlock it (if it is encrypted)
6. Enter the importprivkey command in the console
- Go to Help — Debug window — Console, and at the bottom start to enter the command importprivkey
- Copy and paste the private key previously dumped. The command will look something like this:
- Enter the command
- The wallet will do a rescan of the local blockchain for about two minutes to find the transactions for this new address and during this time the Debug window header will show “Not Responding”
- and then respond with “null”
- You should see the value of the unspent transactions for the new private key added to the overall balance of the wallet.
You may want to send all the QTUM from the moved private key (it will be at the same address you started with in step 2) to another address since the private key has been exported and exposed outside an encrypted wallet (throw away this private key).