1

I am trying to make the child key derivation using the extended keys of the BIP32 document (https://en.bitcoin.it/wiki/BIP_0032). Assuming that an extended key is only a base58 encoded serialization of some data, i have decoded the extended keys that I find in "Test Vector 1":

bx-windows-x64-icu.exe base58-decode 
 xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw
 0488b21e013442193e8000000047fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141035a784662a4a20a65bf6aab9ae98a6c068a81c52e4b032c0fb5400c706cfccc56b8b9c580
bx-windows-x64-icu.exe base58-decode 
 xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7
 0488ade4013442193e8000000047fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae623614100edb2e14f9ee77d26dd93b4ecede8d16ed408ce149b6cd80b0715a2d911a0afea0a794dec

I decode the result obtained for the private key:

0488ade4 is "magic" field for xprv 
01 is "depth"
3442193e is "parentfingerprint"
80000000 is "key index"
47fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141 is chain code" 
00 edb2e14f9ee77d26dd93b4ecede8d16ed408ce149b6cd80b0715a2d911a0afea is "key"

What are the last bytes? (0a794dec)

In the next operation (HMAC-SHA512) I used the chain code obtained, the key and the next depth (80000002), but I'm not sure. 

HMAC-SHA512( 47fdacbd0f1097043b78c63c20c34ef4ed9a111d980047ad16282c7ae6236141, 
          00edb2e14f9ee77d26dd93b4ecede8d16ed408ce149b6cd80b0715a2d911a0afea0a794dec80000002 )

I got a 64 bytes result: the 32 bytes on the right become the child's chain code. I "added" the 32 bytes on the left to the parent's key.

3bf125923e89743b3414e76f30c662aae014e1cbd4f8251fea0d556758d66227+ edb2e14f9ee77d26dd93b4ecede8d16ed408ce149b6cd80b0715a2d911a0afea
= 29a406e1dd70f16211a89c5c1eaf341af96ed2f9c11c5cef315099b39a40d0d0

To get the fingerprint from the parent, I need to know the public key. Since it is in the form of a private key, we will have to multiply with the generator point.

Would anyone know how to recommend a Bx command or a tool to carry out this step?

MaXbeMan
  • 125
  • 6

1 Answers1

1

What are the last bytes? (0a794dec)

The checksum.

In the next operation (HMAC-SHA512) I used the chain code obtained, the key and the next depth (80000002), but I'm not sure.

Yep, that's it : I can see you also prepanded the 0x00 (because serialized privkeys are 32 bytes while serialized compressed public keys are 33 bytes).

I got a 64 bytes result: the 32 bytes on the right become the child's chain code. I "added" the 32 bytes on the left to the parent's key.

You need a proper tool to perform this addition : you need to compute this addition modulo the curve order.

Since you use bx, you might want to give ec-add-secrets a look.

Would anyone know how to recommend a Bx command or a tool to carry out this step?

You could use ec-multiply-secrets by passing G (the generator point) as the point parameter.

G = 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798

EDIT: As another tool if you know a bit of Python you might want to hack with https://github.com/darosior/python-bip32 . I tried to keep it minimal.

Antoine Poinsot
  • 5,881
  • 2
  • 11
  • 28