Select cryptocurrency network
Show more details
Reset
Clear all entered and calculated values.
Create random numbers
Choose one of the methods.
Method 1 :
Auto generate cryptographically secure random numbers by pressing the "Generate" button or press the ESC key.
This tool uses two methods to generate cryptographic pseudorandom numbers depending if your browser supports it.
The random numbers below are
decimal values (0-255)
hexadecimal values (00-FF)
Method 2 :
Roll a 16 sided dice 64 times and enter its
decimal value (1-16)
hexadecimal value (0-F)
in sequential order:
Total number of combinations:
2^{(32*8)} = 2^{256} = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,
007,913,129,639,936 (78 digits or approximately 10^{77} )
The number of atoms in the entire observable universe is estimated to be within the range of 10^{78} to 10^{82}
A valid random number must be in the interval [1, n - 1], where:
n = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
See: secp256k1 elliptic curve domain parameters
If you use this method make sure the chosen numbers are truly random.
One way is to use a 16 sided dice.
If you only have one dice you need to roll it 64 times.
If you have four dices (dice color blue, green, yellow and black) you need to roll them 16 times.
Method 3 :
Enter password / passphrase.
This method is highly insecure. Hackers are able to steal your Bitcoins or other cryptocurrencies using this method.
Make it at least 16 characters long and use letters, numbers and special characters.
Random number = SHA256(SHA256(password / passphrase)))
PrivateKey in different formats
The random number is converted into a large hexadecimal value, 32 bytes or 64 characters (chars) long.
A valid PrivateKeyHex must be in the interval [1, n - 1], where:
n = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
See: secp256k1 elliptic curve domain parameters
Look at method 2 and append each hexadecimal value, this will form the PrivateKeyHex value.
The PrivateKeyHex value is used to create the PrivateKey Wallet Import Format (WIF) Uncompressed or
PrivateKey Wallet Import Format (WIF) Compressed .
PrivateKeyHex
chars
The PrivateKeyHex value can also be encoded into a Base58 value.
It is similar to Base64 but has been modified to avoid both non-alphanumeric characters and letters which might
look ambiguous when printed. Compared to Base64, the following letters have been omitted from the alphabet:
0 (zero), O (capital o), I (capital i) and l (lower case L) as well as the non-alphanumeric characters + (plus) and
/ (slash). This number is not used within this tool and is only displayed here for educational purpose.
PrivateKeyBase58
chars
The PrivateKeyHex value can also be encoded into a Base64 value.
This number is not used within this tool and is only displayed here for educational purpose.
PrivateKeyBase64
chars
The 32 random numbers can also be converted into a comma separated decimal value string.
This number is not used within this tool and is only displayed here for educational purpose.
PrivateKeyDec
The PrivateKeyHex value can also be encoded into a binary value.
This value will be used to calculate the public key.
PrivateKeyBin
chars
Calculate

PrivateKey Wallet Import Format (WIF) Uncompressed
Each cryptocurrency privateKey has their own prefix version number (Bitcoin= 0x80, Litecoin=0xB0, etc).
Prepend this version number in front of the PrivateKeyHex value.
The prefix version number is always 1 byte in size and the PrivateKeyHex is 32 bytes.
The PrivateKeyVersion value is always (1+32=) 33 bytes or 66 characters long.
PrivateKeyVersion = Version "

" || PrivateKeyHex
chars
Hash the PrivateKeyVersion value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashA1 value is always 32 bytes or 64 characters long.
HashA1 = SHA256(PrivateKeyVersion)
chars
Hash the HashA1 value using the same cryptographic hash function SHA256.
The HashA2 value is always 32 bytes or 64 characters long.
HashA2 = SHA256(HashA1)
chars
Get the first 4 bytes (or first 8 characters) of the HashA2 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumA value is always 4 bytes or 8 characters long.
ChecksumA (first 4 bytes of HashA2)
chars
Append the ChecksumA value at the end of the PrivateKeyVersion value.
The PrivateKeyChecksum value is always (33+4=) 37 bytes or 74 characters long.
PrivateKeyChecksum = PrivateKeyVersion || ChecksumA
chars
The PrivateKey Wallet Import Format (WIF) Uncompressed is the PrivateKeyChecksum value encoded into a
Base58 value. The PrivateKeyWIFUncompressed value must be kept secret and can be converted into QR codes
and can be printed on paper wallets .
If your software uses the PrivateKeyWIFUncompressed value, it also means you are the using the
PublicKeyUncompressed .
It is recommended to always to use the compressed public key (PublicKeyCompressed ) and the compressed
private key (PrivateKeyWIFCompressed . If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed ) and uncompressed private key
(PrivateKeyWIFUncompressed ).
PrivateKeyWIFUncompressed = Base58(PrivateKeyChecksum)

chars
Calculate

PrivateKey Wallet Import Format (WIF) Compressed
Each cryptocurrency has their own prefix version number (Bitcoin= 0x80, Litecoin=0xB0, etc).
Prepend this version number in front of the PrivateKeyHex value and also append the value 0x01
to indicate that it correspond to a compressed public key. The prefix version number and compression flag
is always 1 byte in size and the PrivateKeyHex is 32 bytes.
The PrivateKeyVersionComp value is always (1+32+1=) 34 bytes or 68 characters long.
PrivateKeyVersionComp = Version "

" || PrivateKeyHex || "01"
chars
Hash the PrivateKeyVersionComp value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashB1 value is always 32 bytes or 64 characters long.
HashB1 = SHA256(PrivateKeyVersionComp)
chars
Hash the HashB1 value using the same cryptographic hash function SHA256.
The HashB2 value is always 32 bytes or 64 characters long.
HashB2 = SHA256(HashB1)
chars
Get the first 4 bytes (or first 8 characters) of the HashB2 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumB value is always 4 bytes or 8 characters long.
ChecksumB (first 4 bytes of HashB2)
chars
Append the ChecksumB value at the end of the PrivateKeyVersionComp value.
The PrivateKeyChecksumComp value is always (34+4=) 38 bytes or 76 characters long.
PrivateKeyChecksumComp = PrivateKeyVersionComp || ChecksumB
chars
The PrivateKey Wallet Import Format (WIF) Compressed is the PrivateKeyChecksumComp value encoded into a
Base58 value. The PrivateKeyWIFCompressed value must be kept secret and can be converted into QR codes
and can be printed on paper wallets .
If your software uses the PrivateKeyWIFCompressed value, it also means you are the using the
PublicKeyCompressed .
It is recommended to always to use the compressed public key (PublicKeyCompressed ) and the compressed
private key (PrivateKeyWIFCompressed . If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed ) and uncompressed private key
(PrivateKeyWIFUncompressed ).
PrivateKeyWIFCompressed = Base58(PrivateKeyChecksumComp)

chars
Calculate

PublicKey
Cryptocurrencies like Bitcoin or Litecoin, etc uses the Elliptic Curve (EC) to calculate the public keys.
Elliptic Curve Cryptography (ECC) was invented by Neal Koblitz and Victor Miller in 1985.
A 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key thus less processing
power is required. Elliptic curves are called elliptic because of their relationship to elliptic
integrals in mathematics. Elliptic curves have nothing to do with ellipses. Ellipses are formed by quadratic
curves (x^{2} ). Elliptic curves are always cubic (x^{3} ).
Cryptocurrencies uses the following elliptic curve equation: y^{2} = x^{3} + ax + b
a
a is the constant that define the ellipc curve y^{2} = x^{3} + a x + b
a = 0
b
b is the constant that define the ellipc curve y^{2} = x^{3} + ax + b
b = 7
p
A finite field is a field with a finite number of elements, called its order (the size of the underlying set).
The number of elements is the prime number p.
F_{p} is called the prime field of order p, and is the field of residue classes modulo p, where the p elements are denoted 0, ..., p - 1.
This means prime number p should be used for all the finite field math operations (better known as modulo operation), for example:
y^{2} mod p = (x^{3} + ax + b) mod p
The output of the math operation should never be bigger than the p value.
p = 2^{256} - 2^{32} - 2^{9} - 2^{8} - 2^{7} - 2^{6} - 2^{4} - 1 =
2^{256} - 2^{32} - 977 =
Hexadecimal:
FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F
Decimal:
115792089237316195423570985008687907853269984665640564039457584007908834671663
G
The base point G is a predetermined point (x_{G} , y_{G} ) on the elliptic curve that everyone uses
to compute other points on the curve.
Often the base point G is displayed in two ways:
Compressed form (prefix 02)
02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
If the prefix is removed, the value is the x_{G} coordinate.
To get the y_{G} coordinate, calculate y_{G} = (x_{G} ^{3} + 7 )^{1/2}
Uncompressed form (prefix 04)
04
79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8
If the prefix is removed, the first half of the value is the x_{G} coordinate and the last half
is the y_{G} coordinate.
x_{G}
Hexadecimal:
79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
Decimal:
55066263022277343669578718895168534326250603453777594175500187360389116729240
y_{G}
Hexadecimal:
483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8
Decimal:
32670510020758816978083085130507043184471273380659243275938904335757337482424
n
The prime n which is the order of base point G.
The parameter n determines which is the maximum value that can be turned into a Bitcoin private key.
Any 256-bit number in the range [1, n - 1] is a valid private key.
Hexadecimal:
FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141
Decimal:
115792089237316195423570985008687907852837564279074904382605163141518161494337
Thus any 256-bit number from 0x1 to 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140
is a valid private key.
h
The cofactor: 01

Elliptic curve properties
If a line intersects two points P and Q, it intersects a third point on the curve -R.
If a line is tangent to the curve, it intersects another point on the curve.
All vertical lines intersects the curve at infinity.
Adding two distinct points P and Q on an elliptic curve (P ≠ Q)
Fig. 1 Geometry approach
Draw a straight line between P (x_{1} , y_{1} ) and Q (x_{2} , y_{2} ).
The line will intersect the elliptic curve at exactly one more point -R (x_{3} , -y_{3} ).
The reflection of the point -R with respect to x-axis gives the point R (x_{3} , y_{3} ), which is the results of
addition of points P and Q.
Mathematical approach
Doubling point P on an elliptic curve. Same as moving point Q to same location as point P (P = Q)
Fig. 2 Geometry approach
Draw a tangent line to the elliptic curve at point P.
The line intersects the elliptic curve at the point -R.
The reflection of the point -R with respect to x-axis gives the point R, which is the results of
doubling of point P.
Mathematical approach
Procedure to calculate x and y
1
Get the Generator point G (x_{G} , y_{G} )
Get the number of points in the field: n
Get the PrivateKeyHex
2
if ( PrivateKeyHex >= n ) {
Show error "PrivateKeyHex is too large."
} else {
Continue with step 3
}
3
Convert PrivateKeyHex to PrivateKeyBin
4
i = 0
x = x_{G}
y = y_{G}
5
Point R (x_{R} , y_{R} ) = ECDouble(x, y)
x = x_{R}
y = y_{R}
6
if ( PrivateKeyBin[ i ] == 1 ) {
Point R (x_{R} , y_{R} ) = ECAdd(x, y)
x = x_{R}
y = y_{R}
}
7
i = i + 1
8
if ( i < PrivateKeyBin.length ) {
continue with step 5
}
9
x = x_{R}
y = y_{R}

See Procedure to calculate x and y .
The x value is always 32 bytes or 64 characters long.
x
chars
See Procedure to calculate x and y .
The y value is always 32 bytes or 64 characters long.
y
chars
The PublicKey is the concatenation of the calculated x and y value.
The PublicKey is always 64 bytes or 128 characters long.
PublicKey = x || y
chars
Calculate

PublicKey Uncompressed
There are two types of PublickKeys, the compressed and uncompressed.
Prepend prefix value "04" in front of the PublickKey value to indicate that the PublickKey is uncompressed.
The prefix value is always 1 byte in size and the PublickKey is 64 bytes.
The PublicKeyVersion value is always (1+64=) 65 bytes or 130 characters long.
The public keys are either 33 bytes (PublicKey Compressed, PublicKeyVersionComp ) or 65 bytes long
(PublicKey Uncompressed, PublicKeyVersion ). Compressed keys only specify the x coordinate plus an 1 byte
flag indicating which side of the symmetrical curve the point is on, which allows y to be derived.
Uncompressed keys is represented by two coordinates (x , y ) and there is a 1 byte prefix added.
Bitcoin originally only used uncompressed public keys, but since v0.6 compressed are now used.
It is recommended to use the compressed public keys (PublicKeyVersionComp ) because they are smaller,
resulting in smaller transactions on the network, saving block chain size for everyone.
PublicKeyVersion = "04" || PublicKey
chars
Hash the PublicKeyVersion value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC1 value is always 32 bytes or 64 characters long.
HashC1 = SHA256(PublicKeyVersion)
chars
Hash the HashC1 value using the cryptographic hash function RIPEMD160.
The RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest) generates a 160-bit (20-byte) signature
which cannot be decrypted back to the original value (it is a one-way cryptographic function).
The HashC2 value is always 20 bytes or 40 characters long.
HashC2 = RIPEMD160(HashC1)
chars
Each cryptocurrency publicKey has their own prefix version number (Bitcoin= 0x00, Litecoin=0x30, etc).
Prepend this version number in front of the HashC2 value.
The prefix version number is always 1 byte in size and the HashC2 is 20 bytes.
The PublicKeyVersionHashC value is always (1+20=) 21 bytes or 42 characters long.
PublicKeyVersionHashC = Version "

" || HashC2
chars
Hash the PublicKeyVersionHashC value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC3 value is always 32 bytes or 64 characters long.
HashC3 = SHA256(PublicKeyVersionHashC)
chars
Hash the HashC3 value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC4 value is always 32 bytes or 64 characters long.
HashC4 = SHA256(HashC3)
chars
Get the first 4 bytes (or first 8 characters) of the HashC4 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumC value is always 4 bytes or 8 characters long.
ChecksumC (first 4 bytes of HashC4)
chars
Append the ChecksumC value at the end of the PublicKeyVersionHashC value.
The PublicKeyChecksumC value is always (21+4=) 25 bytes or 50 characters long.
PublicKeyChecksumC = PublicKeyVersionHashC || ChecksumC
chars
The Public Address Uncompressed is the PublicKeyChecksumC value encoded into a
Base58 value. The PublicKeyUncompressed value can be made public and can be converted into QR codes
and can be printed on paper wallets .
If your software uses the PrivateKeyWIFUncompressed value, it also means you are the using the
PublicKeyUncompressed.
It is recommended to always to use the compressed public key (PublicKeyCompressed ) and the compressed
private key (PrivateKeyWIFCompressed . If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed ) and uncompressed private key
(PrivateKeyWIFUncompressed ).
To check if a PublicKeyUncompressed has a valid checksum enter a new PublicKeyUncompressed address
and press the Validate button.
This button does not update previous values, for example PublicKeyChecksumC, ChecksumC, etc.
PublicKeyUncompressed = Base58(PublicKeyChecksumC)

chars
the

PublicKeyUncompressed address on Blockchain.info.
Calculate

PublicKey Compressed
If y is even, prefix value 02 (1 byte) is appended to value x .
If y is odd, prefix value 03 (1 byte) is appended to value x .
y is odd or even
The prefix value (1 byte) is appended to value x .
PublicKeyVersionComp is always (1 + 32) = 33 bytes or 66 characters long.
The public keys are either 33 bytes (PublicKey Compressed, PublicKeyVersionComp) or 65 bytes long
(PublicKey Uncompressed, PublicKeyVersion ). Compressed keys only specify the x coordinate plus an 1 byte
flag indicating which side of the symmetrical curve the point is on, which allows y to be derived.
Uncompressed keys is represented by two coordinates (x , y ) and there is a 1 byte prefix added.
Bitcoin originally only used uncompressed public keys, but since v0.6 compressed are now used.
It is recommended to use the compressed public keys (PublicKeyVersionComp) because they are smaller,
resulting in smaller transactions on the network, saving block chain size for everyone.
PublicKeyVersionComp = Prefix || x
chars
Hash the PublicKeyVersionComp value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD1 value is always 32 bytes or 64 characters long.
HashD1 = SHA256(PublicKeyVersionComp)
chars
Hash the HashD1 value using the cryptographic hash function RIPEMD160.
The RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest) generates a 160-bit (20-byte) signature
which cannot be decrypted back to the original value (it is a one-way cryptographic function).
The HashD2 value is always 20 bytes or 40 characters long.
HashD2 = RIPEMD160(HashD1)
chars
Each cryptocurrency publicKey has their own prefix version number (Bitcoin= 0x00, Litecoin=0x30, etc).
Prepend this version number in front of the HashD2 value.
The prefix version number is always 1 byte in size and the HashD2 is 20 bytes.
The PublicKeyVersionHashD value is always (1+20=) 21 bytes or 42 characters long.
PublicKeyVersionHashD = Version "

" || HashD2
chars
Hash the PublicKeyVersionHashD value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD3 value is always 32 bytes or 64 characters long.
HashD3 = SHA256(PublicKeyVersionHashD)
chars
Hash the HashD3 value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD4 value is always 32 bytes or 64 characters long.
HashD4 = SHA256(HashD3)
chars
Get the first 4 bytes (or first 8 characters) of the HashD4 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumD value is always 4 bytes or 8 characters long.
ChecksumD (first 4 bytes of HashD4)
chars
Append the ChecksumD value at the end of the PublicKeyVersionHashD value.
The PublicKeyChecksumD value is always (21+4=) 25 bytes or 50 characters long.
PublicKeyChecksumD = PublicKeyVersionHashD || ChecksumD
chars
The Public Address Compressed is the PublicKeyChecksumD value encoded into a
Base58 value. The PublicKeyCompressed value can be made public and can be converted into QR codes
and can be printed on paper wallets .
If your software uses the PrivateKeyWIFCompressed value, it also means you are the using the
PublicKeyCompressed.
It is recommended to always to use the compressed public key (PublicKeyCompressed ) and the compressed
private key (PrivateKeyWIFCompressed . If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed ) and uncompressed private key
(PrivateKeyWIFUncompressed ).
To check if a PublicKeyCompressed has a valid checksum enter a new PublicKeyCompressed address
and press the Validate button.
This button does not update previous values, for example PublicKeyChecksumD, ChecksumD, etc.
PublicKeyCompressed = Base58(PublicKeyChecksumD)

chars
the

PublicKeyCompressed address on Blockchain.info.
Generate

Vanity PublicKey Uncompressed/Compressed
Vanity PublicKey Uncompressed/Compressed
The

publicKey starts with prefix "

"
followed by
ending with
vanity letters
The publicKey is
compressed
uncompressed
and the vanity letters are
case sensitive

Total iterations
Generated vanity publicKey
Public and Private keys QR codes
Make printer friendly page to create paper wallet

Share / Deposit / Verify

Secret

Share / Deposit / Verify

Secret

If you've found this tool useful feel free to send me a tip: BTC 15hHp8orzFTwQVc8S8xSFkwnamfJ5ZzZ8R
Disclaimer:
Use this tool at your own risk! All information on this page is provided "as is", without any warranty.
Generator.PrivateKeys.io will not be liable for any damages, loss of profits or any other kind of loss you may sustain by using this tool.