block_io 1.2.1 → 3.0.2

data/lib/block_io/chainparams/BTCTEST.yml

@@ -0,0 +1,8 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "BTCTEST"
+address_version: "6f"
+p2sh_version: "c4"
+bech32_hrp: 'tb'
+privkey_version: "ef"
+extended_privkey_version: "04358394"
+extended_pubkey_version: "043587cf"

data/lib/block_io/chainparams/DOGE.yml

@@ -0,0 +1,8 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "DOGE"
+address_version: "1e"
+p2sh_version: "16"
+bech32_hrp: "doge"
+privkey_version: "9e"
+extended_privkey_version: "02fac398"
+extended_pubkey_version: "02facafd"

data/lib/block_io/chainparams/DOGETEST.yml

@@ -0,0 +1,8 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "DOGETEST"
+address_version: "71"
+p2sh_version: "c4"
+bech32_hrp: "tdge"
+privkey_version: "f1"
+extended_privkey_version: "0432a243"
+extended_pubkey_version: "0432a9a8"

data/lib/block_io/chainparams/LTC.yml

@@ -0,0 +1,8 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "LTC"
+address_version: "30"
+p2sh_version: "50"
+bech32_hrp: 'ltc'
+privkey_version: "b0"
+extended_privkey_version: "019d9cfe"
+extended_pubkey_version: "019da462"

data/lib/block_io/chainparams/LTCTEST.yml

@@ -0,0 +1,8 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "LTCTEST"
+address_version: "6f"
+p2sh_version: "3a"
+bech32_hrp: 'tltc'
+privkey_version: "ef"
+extended_privkey_version: "0436f6e1"
+extended_pubkey_version: "0436ef7d"

data/lib/block_io/client.rb

@@ -0,0 +1,244 @@
+module BlockIo
+
+  class Client
+
+    attr_reader :api_key, :version, :network
+
+    def initialize(args = {})
+      # api_key
+      # pin
+      # version
+      # hostname
+      # proxy
+      # pool_size
+      # keys
+      
+      raise "Must provide an API Key." unless args.key?(:api_key) and args[:api_key].to_s.size > 0
+      
+      @api_key = args[:api_key]
+      @pin = args[:pin]
+      @version = args[:version] || 2
+      @hostname = args[:hostname] || "block.io"
+      @proxy = args[:proxy] || {}
+      @keys = {}
+
+      raise Exception.new("Must specify hostname, port, username, password if using a proxy.") if @proxy.keys.size > 0 and [:hostname, :port, :username, :password].any?{|x| !@proxy.key?(x)}
+
+      @conn = ConnectionPool.new(:size => args[:pool_size] || 5) { http = HTTP.headers(:accept => "application/json", :user_agent => "gem:block_io:#{VERSION}");
+        http = http.via(args.dig(:proxy, :hostname), args.dig(:proxy, :port), args.dig(:proxy, :username), args.dig(:proxy, :password)) if @proxy.key?(:hostname);
+        http = http.persistent("https://#{@hostname}");
+        http }
+      
+      # this will get populated after a successful API call
+      @network = nil
+
+    end
+
+    def method_missing(m, *args)
+      
+      method_name = m.to_s
+
+      raise Exception.new("Must provide arguments as a Hash.") unless args.size <= 1 and args.all?{|x| x.is_a?(Hash)}
+      raise Exception.new("Parameter keys must be symbols. For instance: :label => 'default' instead of 'label' => 'default'") unless args[0].nil? or args[0].keys.all?{|x| x.is_a?(Symbol)}
+      raise Exception.new("Cannot pass PINs to any calls. PINs can only be set when initiating this library.") if !args[0].nil? and args[0].key?(:pin)
+      raise Exception.new("Do not specify API Keys here. Initiate a new BlockIo object instead if you need to use another API Key.") if !args[0].nil? and args[0].key?(:api_key)
+
+      if method_name.eql?("prepare_sweep_transaction") then
+        # we need to ensure @network is set before we allow this
+        # we need to send only the public key, not the given private key
+        # we're sweeping from an address
+        internal_prepare_sweep_transaction(args[0], method_name)
+      else
+        api_call({:method_name => method_name, :params => args[0] || {}})
+      end
+      
+    end
+
+    def summarize_prepared_transaction(data)
+      # takes the response from prepare_transaction/prepare_dtrust_transaction/prepare_sweep_transaction
+      # returns the network fee being paid, the blockio fee being paid, amounts being sent
+
+      input_sum = data['data']['inputs'].map{|input| BigDecimal(input['input_value'])}.inject(:+)
+
+      output_values = [BigDecimal(0)]
+      blockio_fees = [BigDecimal(0)]
+      change_amounts = [BigDecimal(0)]
+
+      data['data']['outputs'].each do |output|
+        if output['output_category'] == 'blockio-fee' then
+          blockio_fees << BigDecimal(output['output_value'])
+        elsif output['output_category'] == 'change' then
+          change_amounts << BigDecimal(output['output_value'])
+        else
+          # user-specified
+          output_values << BigDecimal(output['output_value'])
+        end
+      end
+      
+      output_sum = output_values.inject(:+)
+      blockio_fee = blockio_fees.inject(:+)
+      change_amount = change_amounts.inject(:+)
+      
+      network_fee = input_sum - output_sum - blockio_fee - change_amount
+
+      {
+        'network' => data['data']['network'],
+        'network_fee' => '%0.8f' % network_fee,
+        "blockio_fee" => '%0.8f' % blockio_fee,
+        "total_amount_to_send" => '%0.8f' % output_sum
+      }
+      
+    end
+    
+    def create_and_sign_transaction(data, keys = [])
+      # takes data from prepare_transaction, prepare_dtrust_transaction, prepare_sweep_transaction
+      # creates the transaction given the inputs and outputs from data
+      # signs the transaction using keys (if not provided, decrypts the key using the PIN)
+      
+      set_network(data['data']['network']) if data['data'].key?('network')
+
+      raise "Data must be contain one or more inputs" unless data['data']['inputs'].size > 0
+      raise "Data must contain one or more outputs" unless data['data']['outputs'].size > 0
+      raise "Data must contain information about addresses" unless data['data']['input_address_data'].size > 0 # TODO make stricter
+
+      private_keys = keys.map{|x| Key.from_private_key_hex(x)}
+
+      # TODO debug all of this
+      
+      inputs = data['data']['inputs']
+      outputs = data['data']['outputs']
+
+      tx = Bitcoin::Tx.new
+
+      # populate the inputs
+      inputs.each do |input|
+        tx.in << Bitcoin::TxIn.new(:out_point => Bitcoin::OutPoint.from_txid(input['previous_txid'], input['previous_output_index']))
+      end
+
+      # populate the outputs
+      outputs.each do |output|
+        tx.out << Bitcoin::TxOut.new(:value => (BigDecimal(output['output_value']) * BigDecimal(100000000)).to_i, :script_pubkey => Bitcoin::Script.parse_from_addr(output['receiving_address']))
+      end
+
+
+      # some protection against misbehaving machines and/or code
+      raise Exception.new("Expected unsigned transaction ID mismatch. Please report this error to support@block.io.") unless (data['data']['expected_unsigned_txid'].nil? or
+                                                                                                                        data['data']['expected_unsigned_txid'] == tx.txid)
+
+      # extract key
+      encrypted_key = data['data']['user_key']
+
+      if !encrypted_key.nil? and !@keys.key?(encrypted_key['public_key']) then
+        # decrypt the key with PIN
+
+        raise Exception.new("PIN not set and no keys provided. Cannot sign transaction.") unless !@pin.nil? or @keys.size > 0
+
+        key = Helper.dynamicExtractKey(encrypted_key, @pin)
+
+        raise Exception.new("Public key mismatch for requested signer and ourselves. Invalid Secret PIN detected.") unless key.public_key_hex.eql?(encrypted_key["public_key"])
+
+        # store this key for later use
+        @keys[key.public_key_hex] = key
+        
+      end
+
+      # store the provided keys, if any, for later use
+      private_keys.each{|key| @keys[key.public_key_hex] = key}
+      
+      signatures = []
+      
+      if @keys.size > 0 then
+        # try to sign whatever we can here and give the user the data back
+        # Block.io will check to see if all signatures are present, or return an error otherwise saying insufficient signatures provided
+
+        i = 0
+        while i < inputs.size do
+          input = inputs[i]
+
+          input_address_data = data['data']['input_address_data'].detect{|d| d['address'] == input['spending_address']}
+          sighash_for_input = Helper.getSigHashForInput(tx, i, input, input_address_data) # in bytes
+
+          input_address_data['public_keys'].each do |signer_public_key|
+            # sign what we can and append signatures to the signatures object
+            
+            next unless @keys.key?(signer_public_key)
+            
+            signature = @keys[signer_public_key].sign(sighash_for_input).unpack("H*")[0] # in hex
+            signatures << {"input_index" => i, "public_key" => signer_public_key, "signature" => signature}
+            
+          end
+
+          i += 1 # go to next input
+        end
+        
+      end
+
+      # if we have everything we need for this transaction, just finalize the transaction
+      if Helper.allSignaturesPresent?(tx, inputs, signatures, data['data']['input_address_data']) then
+        Helper.finalizeTransaction(tx, inputs, signatures, data['data']['input_address_data'])
+        signatures = [] # no signatures left to append
+      end
+
+      # reset keys
+      @keys = {}
+      
+      # the response for submitting the transaction
+      {"tx_type" => data['data']['tx_type'], "tx_hex" => tx.to_hex, "signatures" => (signatures.size == 0 ? nil : signatures)}
+      
+    end
+
+    private
+
+    def internal_prepare_sweep_transaction(args = {}, method_name = "prepare_sweep_transaction")
+
+      # set the network first if not already known
+      api_call({:method_name => "get_balance", :params => {}}) if @network.nil?
+
+      raise Exception.new("No private_key provided.") unless args.key?(:private_key) and (args[:private_key] || "").size > 0
+
+      # ensure the private key never goes to Block.io
+      key = Key.from_wif(args[:private_key])
+      sanitized_args = args.merge({:public_key => key.public_key_hex})
+      sanitized_args.delete(:private_key)
+
+      @keys[key.public_key_hex] = key # store this in our set of keys for later use
+      
+      api_call({:method_name => method_name, :params => sanitized_args})
+      
+    end
+
+    def set_network(network)
+      # load the chain_params for this network
+      @network ||= network
+      Bitcoin.chain_params = @network unless @network.to_s.size == 0
+    end
+    
+    def api_call(args)
+
+      raise Exception.new("No connections left to perform API call. Please re-initialize BlockIo::Client with :pool_size greater than #{@conn.size}.") unless @conn.available > 0
+      
+      response = @conn.with {|http| http.post("/api/v#{@version}/#{args[:method_name]}", :json => args[:params].merge({:api_key => @api_key}))}
+
+      begin
+        body = Oj.safe_load(response.to_s)
+      rescue
+        body = {"status" => "fail", "data" => {"error_message" => "Unknown error occurred. Please report this to support@block.io. Status #{response.code}."}}
+      end
+
+      if !body["status"].eql?("success") then
+        # raise an exception on error for easy handling
+        # user can extract raw response using e.raw_data
+        e = APIException.new("#{body["data"]["error_message"]}")
+        e.set_raw_data(body)
+        raise e
+      end
+
+      set_network(body['data']['network']) if body['data'].key?('network')
+      
+      body
+      
+    end
+        
+  end
+  
+end

data/lib/block_io/extended_bitcoinrb.rb

@@ -0,0 +1,127 @@
+require 'yaml'
+
+module Bitcoin
+
+  # set network chain params
+  def self.chain_params=(name)
+    raise "chain params for #{name} is not defined." unless %i(BTC DOGE LTC BTCTEST DOGETEST LTCTEST).include?(name.to_sym)
+    @current_chain = nil
+    @chain_param = name.to_sym
+  end
+  
+  # current network chain params.
+  def self.chain_params
+    return @current_chain if @current_chain
+    return (@current_chain = Bitcoin::ChainParams.get(@chain_param.to_s))
+  end
+  
+  class ChainParams
+    def self.get(network)
+      init(network)
+    end
+
+    def self.init(name)
+      i = YAML.load(File.open("#{__dir__}/chainparams/#{name}.yml"))
+      i.dust_relay_fee ||= Bitcoin::DUST_RELAY_TX_FEE
+      i
+    end
+  end
+
+  module Secp256k1
+    
+    module Ruby
+
+      module_function
+
+      def sign_ecdsa(data, privkey, extra_entropy)
+        privkey = privkey.htb
+        private_key = ECDSA::Format::IntegerOctetString.decode(privkey)
+        extra_entropy ||= ''
+        nonce = RFC6979.generate_rfc6979_nonce(privkey + data, extra_entropy)
+
+        # port form ecdsa gem.
+        r_point = GROUP.new_point(nonce)
+
+        point_field = ECDSA::PrimeField.new(GROUP.order)
+        r = point_field.mod(r_point.x)
+        return nil if r.zero?
+
+        e = ECDSA.normalize_digest(data, GROUP.bit_length)
+        s = point_field.mod(point_field.inverse(nonce) * (e + r * private_key))
+
+        # covert to low-s
+        s = GROUP.order - s if s > (GROUP.order / 2)
+
+        return nil if s.zero?
+
+        signature = ECDSA::Signature.new(r, s).to_der
+
+        # comment lines below lead to performance issues
+        #        public_key = Bitcoin::Key.new(priv_key: privkey.bth, :key_type => Bitcoin::Key::TYPES[:compressed]).pubkey # get rid of the key_type warning
+        #        raise 'Creation of signature failed.' unless Bitcoin::Secp256k1::Ruby.verify_sig(data, signature, public_key)
+        
+        signature
+      end
+      
+    end
+  end
+  
+  class Key
+
+    def initialize(priv_key: nil, pubkey: nil, key_type: nil, compressed: true, allow_hybrid: false)
+      # override so enforce compressed keys
+      
+      raise "key_type must always be Bitcoin::KEY::TYPES[:compressed]" unless key_type == TYPES[:compressed]
+      puts "[Warning] Use key_type parameter instead of compressed. compressed parameter removed in the future." if key_type.nil? && !compressed.nil? && pubkey.nil?
+      if key_type
+        @key_type = key_type
+        compressed = @key_type != TYPES[:uncompressed]
+      else
+        @key_type = compressed ? TYPES[:compressed] : TYPES[:uncompressed]
+      end
+      @secp256k1_module =  Bitcoin.secp_impl
+      @priv_key = priv_key
+      if @priv_key
+        raise ArgumentError, Errors::Messages::INVALID_PRIV_KEY unless validate_private_key_range(@priv_key)
+      end
+      if pubkey
+        @pubkey = pubkey
+      else
+        @pubkey = generate_pubkey(priv_key, compressed: compressed) if priv_key
+      end
+      raise ArgumentError, Errors::Messages::INVALID_PUBLIC_KEY unless fully_valid_pubkey?(allow_hybrid)
+    end
+
+    def public_key_hex
+      @pubkey
+    end
+
+    def private_key_hex
+      @priv_key
+    end
+    
+  end
+
+end
+
+module Bech32
+  # override so we can parse non-Bitcoin Bech32 addresses
+  
+  class SegwitAddr
+    
+    private
+    def parse_addr(addr)
+      @hrp, data, spec = Bech32.decode(addr)
+      raise 'Invalid address.' if hrp.nil? || data[0].nil? || !['bc', 'ltc', 'tb', 'tltc', 'doge', 'tdge'].include?(hrp) # HRP_MAINNET, HRP_TESTNET, HRP_REGTEST].include?(hrp)
+      @ver = data[0]
+      raise 'Invalid witness version' if @ver > 16
+      @prog = convert_bits(data[1..-1], 5, 8, false)
+      raise 'Invalid witness program' if @prog.nil? || @prog.length < 2 || @prog.length > 40
+      raise 'Invalid witness program with version 0' if @ver == 0 && (@prog.length != 20 && @prog.length != 32)
+      raise 'Witness version and encoding spec do not match' if (@ver == 0 && spec != Bech32::Encoding::BECH32) || (@ver != 0 && spec != Bech32::Encoding::BECH32M)
+    end
+        
+  end
+  
+end
+

data/lib/block_io/helper.rb

@@ -0,0 +1,322 @@
+module BlockIo
+
+  class Helper
+
+    LEGACY_DECRYPTION_ALGORITHM = {
+      :pbkdf2_salt => "",
+      :pbkdf2_iterations => 2048,
+      :pbkdf2_hash_function => "SHA256",
+      :pbkdf2_phase1_key_length => 16,
+      :pbkdf2_phase2_key_length => 32,
+      :aes_iv => nil,
+      :aes_cipher => "AES-256-ECB",
+      :aes_auth_tag => nil,
+      :aes_auth_data => nil
+    }
+    
+    def self.allSignaturesPresent?(tx, inputs, signatures, input_address_data)
+      # returns true if transaction has all signatures present
+      
+      all_signatures_present = false
+
+      inputs.each do |input|
+        # check if each input has its required signatures
+        
+        spending_address = input['spending_address']
+        current_input_address_data = input_address_data.detect{|x| x['address'] == spending_address}
+        required_signatures = current_input_address_data['required_signatures']
+        public_keys = current_input_address_data['public_keys']
+
+        signatures_present = signatures.map{|x| x if x['input_index'] == input['input_index']}.compact.inject({}){|h,v| h[v['public_key']] = v['signature']; h}
+
+        # break the loop if all signatures are not present for this input
+        all_signatures_present = (signatures_present.keys.size >= required_signatures)
+        break unless all_signatures_present
+        
+      end
+
+      all_signatures_present
+
+    end
+
+    def self.isSegwitAddressType?(address_type)
+
+      case address_type
+      when /^P2WPKH(-over-P2SH)?$/
+        true
+      when /^P2WSH(-over-P2SH)?$/
+        true
+      when /^WITNESS_V(\d)$/
+        true
+      else
+        false
+      end
+        
+    end
+    
+    def self.finalizeTransaction(tx, inputs, signatures, input_address_data)
+      # append signatures to the transaction and return its hexadecimal representation
+      
+      inputs.each do |input|
+        # for each input
+
+        signatures_present = signatures.map{|x| x if x['input_index'] == input['input_index']}.compact.inject({}){|h,v| h[v['public_key']] = v['signature']; h}
+        address_data = input_address_data.detect{|x| x['address'] == input['spending_address']} # contains public keys (ordered) and the address type
+        input_index = input['input_index']
+        is_segwit = isSegwitAddressType?(address_data['address_type'])
+        script_stack = (is_segwit ? tx.in[input_index].script_witness.stack : tx.in[input_index].script_sig)
+        
+        if ['P2PKH', 'P2WPKH', 'P2WPKH-over-P2SH'].include?(address_data['address_type']) then
+          # P2PKH will use script_sig as script_stack
+          # P2WPKH input, or P2WPKH-over-P2SH input will use script_witness.stack as script_stack
+
+          current_public_key = address_data['public_keys'][0]
+          current_signature = signatures_present[current_public_key]
+
+          # no blank push necessary for P2PKH, P2WPKH, P2WPKH-over-P2SH
+          script_stack << ([current_signature].pack("H*") + [Bitcoin::SIGHASH_TYPE[:all]].pack('C'))
+          script_stack << [current_public_key].pack("H*")
+
+          # P2WPKH-over-P2SH required script_sig still
+          tx.in[input_index].script_sig << (
+            Bitcoin::Script.to_p2wpkh(
+              Bitcoin::Key.new(:pubkey => current_public_key, :key_type => Bitcoin::Key::TYPES[:compressed]).hash160 # hash160 of the compressed pubkey
+            ).to_payload
+          ) if address_data['address_type'] == "P2WPKH-over-P2SH"
+                    
+        elsif ['P2SH', 'WITNESS_V0', 'P2WSH-over-P2SH'].include?(address_data['address_type']) then
+          # P2SH will use script_sig as script_stack
+          # P2WSH or P2WSH-over-P2SH input will use script_witness.stack as script_stack
+
+          script = Bitcoin::Script.to_p2sh_multisig_script(address_data['required_signatures'], address_data['public_keys'])
+
+          script_stack << '' # blank push for scripthash always
+
+          signatures_added = 0
+
+          address_data['public_keys'].each do |public_key|
+            next unless signatures_present.key?(public_key)
+
+            # append signatures, no sighash needed, in correct order of public keys
+            current_signature = signatures_present[public_key]
+            script_stack << ([current_signature].pack("H*") + [Bitcoin::SIGHASH_TYPE[:all]].pack('C'))
+
+            signatures_added += 1
+
+            # required signatures added? break loop and move on
+            break if signatures_added == address_data['required_signatures']
+          end
+
+          script_stack << script.last.to_payload
+
+          # P2WSH-over-P2SH needs script_sig populated still
+          tx.in[input_index].script_sig << Bitcoin::Script.to_p2wsh(script.last).to_payload if address_data['address_type'] == "P2WSH-over-P2SH"
+          
+        else
+          raise "Unrecognized input address: #{address_data['address_type']}"
+        end
+        
+      end
+
+      tx.to_hex
+      
+    end
+    
+    def self.getSigHashForInput(tx, input_index, input_data, input_address_data)
+      # returns the sighash for the given input in bytes
+      
+      address_type = input_address_data["address_type"]
+      input_value = (BigDecimal(input_data['input_value']) * BigDecimal(100000000)).to_i # in sats
+      sighash = nil
+      
+      if address_type == "P2SH" then
+        # P2SH addresses
+        
+        script = Bitcoin::Script.to_p2sh_multisig_script(input_address_data["required_signatures"], input_address_data["public_keys"])
+        sighash = tx.sighash_for_input(input_index, script.last)
+        
+      elsif address_type == "P2WSH-over-P2SH" or address_type == "WITNESS_V0" then
+        # P2WSH-over-P2SH addresses
+        # WITNESS_V0 addresses
+
+        script = Bitcoin::Script.to_p2sh_multisig_script(input_address_data["required_signatures"], input_address_data["public_keys"])
+        sighash = tx.sighash_for_input(input_index, script.last, amount: input_value, sig_version: :witness_v0)
+        
+      elsif address_type == "P2WPKH-over-P2SH" or address_type == "P2WPKH" then
+        # P2WPKH-over-P2SH addresses
+        # P2WPKH addresses
+        
+        pub_key = Bitcoin::Key.new(:pubkey => input_address_data['public_keys'].first, :key_type => Bitcoin::Key::TYPES[:compressed]) # compressed
+        script = Bitcoin::Script.to_p2wpkh(pub_key.hash160)
+        sighash = tx.sighash_for_input(input_index, script, amount: input_value, sig_version: :witness_v0)
+        
+      elsif address_type == "P2PKH" then
+        # P2PKH addresses
+
+        pub_key = Bitcoin::Key.new(:pubkey => input_address_data['public_keys'].first, :key_type => Bitcoin::Key::TYPES[:compressed]) # compressed
+        script = Bitcoin::Script.to_p2pkh(pub_key.hash160)
+        sighash = tx.sighash_for_input(input_index, script)
+
+      else
+        raise "Unrecognize address type: #{address_type}"
+      end
+
+      sighash
+      
+    end
+
+    def self.getDecryptionAlgorithm(user_key_algorithm = nil)
+      # mainly used so existing unit tests do not break
+      
+      algorithm = ({}).merge(LEGACY_DECRYPTION_ALGORITHM)
+
+      if !user_key_algorithm.nil? then
+        algorithm[:pbkdf2_salt] = user_key_algorithm['pbkdf2_salt']
+        algorithm[:pbkdf2_iterations] = user_key_algorithm['pbkdf2_iterations']
+        algorithm[:pbkdf2_hash_function] = user_key_algorithm['pbkdf2_hash_function']
+        algorithm[:pbkdf2_phase1_key_length] = user_key_algorithm['pbkdf2_phase1_key_length']
+        algorithm[:pbkdf2_phase2_key_length] = user_key_algorithm['pbkdf2_phase2_key_length']
+        algorithm[:aes_iv] = user_key_algorithm['aes_iv']
+        algorithm[:aes_cipher] = user_key_algorithm['aes_cipher']
+        algorithm[:aes_auth_tag] = user_key_algorithm['aes_auth_tag']
+        algorithm[:aes_auth_data] = user_key_algorithm['aes_auth_data']
+      end
+
+      algorithm
+      
+    end
+    
+    def self.dynamicExtractKey(user_key, pin)
+      # user_key object contains the encrypted user key and decryption algorithm
+
+      algorithm = self.getDecryptionAlgorithm(user_key['algorithm'])
+
+      aes_key = self.pinToAesKey(pin, algorithm[:pbkdf2_iterations],
+                                 algorithm[:pbkdf2_salt],
+                                 algorithm[:pbkdf2_hash_function],
+                                 algorithm[:pbkdf2_phase1_key_length],
+                                 algorithm[:pbkdf2_phase2_key_length])
+
+      decrypted = self.decrypt(user_key['encrypted_passphrase'], aes_key, algorithm[:aes_iv], algorithm[:aes_cipher], algorithm[:aes_auth_tag], algorithm[:aes_auth_data])
+      
+      Key.from_passphrase(decrypted)
+      
+    end
+    
+    def self.extractKey(encrypted_data, b64_enc_key)
+      # passphrase is in plain text
+      # encrypted_data is in base64, as it was stored on Block.io
+      # returns the private key extracted from the given encrypted data
+      
+      decrypted = self.decrypt(encrypted_data, b64_enc_key)
+      
+      Key.from_passphrase(decrypted)
+
+    end
+    
+    def self.sha256(value)
+      # returns the hex of the hash of the given value
+      OpenSSL::Digest::SHA256.digest(value).unpack("H*")[0]
+    end
+    
+    def self.pinToAesKey(secret_pin, iterations = 2048, salt = "", hash_function = "SHA256", pbkdf2_phase1_key_length = 16, pbkdf2_phase2_key_length = 32)
+      # converts the pincode string to PBKDF2
+      # returns a base64 version of PBKDF2 pincode
+
+      raise Exception.new("Unknown hash function specified. Are you using current version of this library?") unless hash_function == "SHA256"
+      
+      part1 = OpenSSL::PKCS5.pbkdf2_hmac(
+        secret_pin,
+        salt,
+        iterations/2,
+        pbkdf2_phase1_key_length,
+        OpenSSL::Digest::SHA256.new
+      ).unpack("H*")[0]
+      
+      part2 = OpenSSL::PKCS5.pbkdf2_hmac(
+        part1,
+        salt,
+        iterations/2,
+        pbkdf2_phase2_key_length,
+        OpenSSL::Digest::SHA256.new
+      ) # binary
+
+      [part2].pack("m0") # the base64 encryption key
+
+    end
+
+    # Decrypts a block of data (encrypted_data) given an encryption key
+    def self.decrypt(encrypted_data, b64_enc_key, iv = nil, cipher_type = "AES-256-ECB", auth_tag = nil, auth_data = nil)
+
+      raise Exception.new("Auth tag must be 16 bytes exactly.") unless auth_tag.nil? or auth_tag.size == 32
+      
+      response = nil
+
+      begin
+        aes = OpenSSL::Cipher.new(cipher_type.downcase)
+        aes.decrypt
+        aes.key = b64_enc_key.unpack("m0")[0]
+        aes.iv = [iv].pack("H*") unless iv.nil?
+        aes.auth_tag = [auth_tag].pack("H*") unless auth_tag.nil?
+        aes.auth_data = [auth_data].pack("H*") unless auth_data.nil?
+        response = aes.update(encrypted_data.unpack("m0")[0]) << aes.final
+      rescue Exception => e
+        # decryption failed, must be an invalid Secret PIN
+        raise Exception.new("Invalid Secret PIN provided.")
+      end
+
+      response
+    end
+    
+    # Encrypts a block of data given an encryption key
+    def self.encrypt(data, b64_enc_key, iv = nil, cipher_type = "AES-256-ECB", auth_data = nil)
+      aes = OpenSSL::Cipher.new(cipher_type.downcase)
+      aes.encrypt
+      aes.key = b64_enc_key.unpack("m0")[0]
+      aes.iv = [iv].pack("H*") unless iv.nil?
+      aes.auth_data = [auth_data].pack("H*") unless auth_data.nil?
+      result = [aes.update(data) << aes.final].pack("m0")
+      auth_tag = (cipher_type.end_with?("-GCM") ? aes.auth_tag.unpack("H*")[0] : nil)
+
+      {:aes_auth_tag => auth_tag, :aes_cipher_text => result, :aes_iv => iv, :aes_cipher => cipher_type, :aes_auth_data => auth_data}
+      
+    end
+
+    # courtesy bitcoin-ruby
+    
+    def self.int_to_base58(int_val, leading_zero_bytes=0)
+      alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+      base58_val, base = "", alpha.size
+      while int_val > 0
+        int_val, remainder = int_val.divmod(base)
+        base58_val = alpha[remainder] << base58_val
+      end
+      base58_val
+    end
+    
+    def self.base58_to_int(base58_val)
+      alpha = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+      int_val, base = 0, alpha.size
+      base58_val.reverse.each_char.with_index do |char,index|
+        raise ArgumentError, "Value not a valid Base58 String." unless char_index = alpha.index(char)
+        int_val += char_index*(base**index)
+      end
+      int_val
+    end
+    
+    def self.encode_base58(hex)
+      leading_zero_bytes  = (hex.match(/^([0]+)/) ? $1 : "").size / 2
+      ("1"*leading_zero_bytes) << Helper.int_to_base58( hex.to_i(16) )
+    end
+    
+    def self.decode_base58(base58_val)
+      s = Helper.base58_to_int(base58_val).to_s(16)
+      s = (s.bytesize.odd? ? ("0" << s) : s)
+      s = "" if s == "00"
+      leading_zero_bytes = (base58_val.match(/^([1]+)/) ? $1 : "").size
+      s = ("00"*leading_zero_bytes) << s  if leading_zero_bytes > 0
+      s
+    end
+  end
+
+end