About Keys and Passphrases


Hi community, I hope somebody can helpme in clarifying some questions about corellation between private keys and passphrases. Please consider that this is just for testing, think about a Proof of Concept to show functionality without - or very low - security requirements.
I’m facing a problem with keys that I’ll try to explain here: if I just create key pairs, for example using some service a like this https://www.bitaddress.org, and use that public key to add an entry on my csv file (AKA roster), then how can I add the corresponding private key into the blockcerts wallet?, it just work with passphrases, there is no functionality for import the plain priv-key.
I already know that the process should be inverse and the recipient introduce himself and his public key to to the issuer using introductionURL, but let say that the issuer already knows the recipient and his public key, and that public key is a valid bitcoin address. On the other hand the reipient just has his private key and there is not any passphrase asociated with it (yet)… how can the recipient setup a blockcert wallet using just his priv keys?


  1. can I generate a passphrase from a given priv-key? if yes, how? I understand that the standar process is the inverse: randomness >> passphrase >> privkey
  2. the key pair used by blockcerts should be compatible with bitcoin key formats? if yes, why? as blockcerts is being postuled as a blockchain agnostic standar I supose that recipients keys never needs to be a part of some blockchain transaction, but maybe I’m a kind of confuse about that. For example generating key pairs for bitcoin testnet and mainet o ethereum would arrive to different formats, just for mention some supportd blockchains.
  3. the issuer must know the recipient’s public key in order to construt a certificate for him, but what exactly the issuer do with that public key?
    a- use that pubkey for encrypt the certificate in a way that just the owner of certificate can decrypt (ussing his privkey)?
    b- use that public key as a destination of some blockchain transaction?
    c- embeds that public key in blockcerts certificates? if yes, how exaclty?

Maybe some of these questions could be generalized to generic cryptocurrencies wallets and not just for blockcerts, because of that you can considere that this is not the correct forum. Sorry if that’s the case.


Not really. The BIP39 standard generates a seed/root key that is used to generate many deterministic priv-pub keypairs. I don’t think you can go back from a single private key to a root key, especially if it wasn’t generated through the standard in the first place. But maybe it’s possible? I’d encourage you to research that more yourself. Here’s some information on it: https://iancoleman.io/bip39/

The key-pair generated by the wallets are meant to be blockchain agnostic. It’s really just a signature suite that is also being used for Bitcoin. Any type of signature suite would work in theory, and the one we’re using is a pretty common one: https://w3c-dvcg.github.io/lds-koblitz2016/

I’m not sure if there’s any other reason for going with this one, but it’s a solid one that is also being used for bitcoin and ethereum.


You can see how it’s embedded here: https://www.blockcerts.org/blockcerts-playground.github.io/ - it’s part of the recipientProfile. We currently don’t have cross signing to prove that the certificate a recipient has is the one that is meant for that person, but if we did it would use the recipient’s public key specified there as part of the process.