Bitcoin memdump signatures

tldr: (signatures)

Unencrypted wallet.dat:

• public key :[01 03 6b 65 79 41] (key!)
• compressed private key: [30 81 D3 02 01 01 04 20]
• uncompressed private key: [30 82 01 13 02 01 01 04 20]

Encrypted wallet.dat

• ckey! [6D 6B 65 79]

• mkey [090001046d6b6579]

• mkey encrypted with passphrase [090001046d6b6579]
• ckey! encrypted with mkey

Extracting (eg)

memcpy(valbuf,”\xd6",1); // length
memcpy(valbuf+1, “\x30\x81\xD3\x02\x01\x01\x04\x20”, 8);
memcpy(valbuf+9, privkey, 32);
memcpy(valbuf+41, “\xa0\x81\x85\x30\x81\x82\x02\x01\x01\x30\x2c\x06\x07\x2a\x86\x48\xce\x3d\x01\x01\x02\x21\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xfc\x2f\x30\x06\x04\x01\x00\x04\x01\x07\x04\x21\x02\x79\xbe\x66\x7e\xf9\xdc\xbb\xac\x55\xa0\x62\x95\xce\x87\x0b\x07\x02\x9b\xfc\xdb\x2d\xce\x28\xd9\x59\xf2\x81\x5b\x16\xf8\x17\x98\x02\x21\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xba\xae\xdc\xe6\xaf\x48\xa0\x3b\xbf\xd2\x5e\x8c\xd0\x36\x41\x41\x02\x01\x01\xa1\x24\x03\x22\x00”, 141);
memcpy(valbuf+182, pubkey, 33);

Structure of a key block:

<pub signature><pubkey(33)><padding?(22)><priv signature><privkey(32)>

Public Keys:

• signature: [01 03 6b 65 79 41] -> [flag: “key!”]
• signature + 32 bytes
• 33? bytes following signature

Private Keys:

• signature: [01 01 04 20]
• 32 bytes following signature

Uncompressed:

• signature: [30 82 01 13 02 01 01 04 20]

Compressed:

• signature: [30 81 D3 02 01 01 04 20]
• Base54 compressed
• http://lenschulwitz.com/base58
• https://en.bitcoin.it/wiki/Base58Check_encoding

Private keys are always 32 bytes

Public keys are always 65 bytes

Compressed public keys are always 33 bytes

Public key hashes are always 20 bytes

Misc

• 00 01 07 6b 65 79 6d 65 74 61 (keymeta)
• 00 01 0a 64 65 66 61 75 6c 74 6b 65 79 (defaultkey)
• 00 01 0a 6d 69 6e 76 65 72 73 69 6f 6e (minversion)
• 00 01 09 62 65 73 74 62 6c 6f 63 6b (bestblock)
• 00 01 03 61 63 63 (acc) Account
• 00 01 03 6b 65 79 (key)
• 00 01 04 63 6b 65 79 (ckey) Encrypted key
• 00 01 04 6d 6b 65 79 (mkey) (Only in encrypted wallets)

{
'mkey':'\x09\x00\x01\x04mkey',
'ckey':'\x27\x00\x01\x04ckey',
'key':'\x00\x01\x03key',
}

https://casascius.wordpress.com/2013/01/26/bitcoin-address-utility/