How to Recover your Strongcoin.com Wallet from Its Paper Backup

Strongcoin.com was the first hybrid online Bitcoin wallet. One of the nice features of the wallet is that it provides each user with a PDF that can be printed to provide an encrypted paper wallet. In this article, we walk through the process of recovering your funds from that backup.

What Does a Strongcoin Paper Wallet Look Like?

Here’s an example, taken from Strongcoin’s website:

In this case, a single user has 6 different private keys. The paper wallet includes a public address, and encrypted version of the private key and a balance at the time that the paper wallet was generated. 

You could enter the public address into a blockchain explorer to get the current balance stored on each private key.

There’s a column for “Clue” as well – it isn’t clear (today) whether this was intended for users to simply write in a password clue, or whether you could add a clue from within the Strongcoin.com website and have it print on your paper wallet.

Is the Strongcoin Paper Wallet a BIP38 Encrypted Paper Wallet?

No – the Strongcoin wallet format predates the BIP38 protocol, and it uses a different encryption scheme.

What If I have Forgotten the Password to My Strongcoin Wallet?

Everything that follows assumes that you know the password to your paper wallet. If you don’t know the password – and you have tried the most likely candidates – then you probably need professional help.

Crypto Asset Recovery can take your paper wallet and your password guesses, and expand them into hundreds of millions, billions or more password variations. We’ll then test each one against your encrypted private key until we find the right password.

If we don’t recover funds, you don’t owe us any money. (If we do recover funds we take 20% of funds recovered). Interested in more information?  Please contact us.

How is the Private Key Encrypted?

Strongcoin explained how they encrypt the private keys in their paper wallet back in October of 2011.

Strongcoin uses the highly-regarded open source encryption software called OpenSSL to encrypt private keys in the paper wallet. You can decrypt your private keys using the same software.

OpenSSL offers support for more than 100 different cryptographic algorithms, or ciphers. 

A cipher is used to transform data, making it unreadable and secure from unauthorized access. It involves a series of well-defined steps that involve substitution, transposition, or both to convert plain text into encrypted text (ciphertext) and vice versa. 

Strongcoin used a cipher called AES-256-CBC. The Advanced Encryption Standard (AES) is a widely-used symmetric encryption algorithm. AES-256-CBC, in particular, refers to a 256-bit key size and the Cipher Block Chaining (CBC) mode of operation. The 256-bit key size offers a high level of security, while the CBC mode ensures that even identical plaintext blocks are encrypted differently, providing an additional layer of security against pattern recognition attacks. 

Let’s imagine for a second, that you have a Strongcoin.com wallet, and that your unencrypted private key is: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

You would like to encrypt that private key with the password: OpenSesame

Once you installed the OpenSSL libraries on your computer, you could create an encrypted private key with the following command:

echo "5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF" | openssl enc -e -aes-256-cbc -a -k OpenSesame

U2FsdGVkX1+m4PKpcBfkuRmmklQ5nA2WFq17zKEfJndwrvSb6Hb5ACsVgkw4J+wc
vaiFfwQ9AaQaFTa6dUx51gMuCv+Rtz2iycvZWYP0Rrw=

The two lines beginning with “U2Fs” and “vaiF” represent your encrypted private key.  

For fun, execute that same command a second time, and notice how the encrypted private key has changed! That’s the magic of CBC mode:

echo "5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF" | openssl enc -e -aes-256-cbc -a -k OpenSesame

U2FsdGVkX18D+Cljo/dm2es1MeBMUR4BStRbYsciKLBCObM4xR9tzeIUsLHwIF6d
CxircUKMIAUMSKZXXRtIWyEMQsea/uglA6c1Y37gM14=

I’m going to ignore that second encrypted private key away now – the point was just to show CBC in action.

For full compatibility with the Strongcoin paper wallet, you’d need to break that two-line private key into four lines after character 31 on each line:

U2FsdGVkX1+m4PKpcBfkuRmmklQ5nA2
WFq17zKEfJndwrvSb6Hb5ACsVgkw4J+wc
vaiFfwQ9AaQaFTa6dUx51gMuCv+Rtz2
iycvZWYP0Rrw=

Let’s store that encrypted private key in a text file called: key.txt

Now, using this sample data, let’s decrypt it and make sure that we get the unencrypted private key that we started with:

openssl enc -d -aes-256-cbc -in key.txt -a -k OpenSesame

5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

Perfect! We have now encrypted and decrypted a private key using the methodology that Strongcoin uses.

How Do I Move My Funds Out Of My Paper Wallet?

Security Considerations

It’s worth mentioning that anyone that has your unencrypted private key can take all of your funds. So, you should take some basic precautions:

1. Have a plan for how you’re going to move your funds before you begin. (Load this article in your web browser).
2. Turn off your internet connection (turn off wifi, disconnect internet / CAT5 cables)
3. Do this work somewhere private (internet cafes with their myriad of people and cameras probably aren’t the safest options)
4. If you want an extremely secure approach, follow these instructions.

Prerequisites

1. You probably need to do this on a laptop or desktop computer. While it may be possible to do this on a smart phone, it’s going to be much harder.
2. Know the Bitcoin address of the wallet that you want to send funds to.
3. Get OpenSSL installed and working first.
4. Following the instructions in the previous section, encrypt and decrypt the sample private key.
5. Install the Electrum wallet from Electrum.org

Steps for Moving Funds

1. Make sure that you’re in a private location (no cameras or people watching you) and that you have disconnected your computer from any internet connection.
2. Use OpenSSL to unencrypt your private key:
3. Create an empty text file named key.txt (the actual name doesn’t matter – but, if you choose a different name, you’ll need to update the openssl command below).
4. If you’re working from a paper copy, you need to very carefully type each character of the encrypted private key from your paper wallet into a text file. (If you get even 1 character wrong, this process will fail). If you have a digital (PDF) copy of this wallet backup, you can simply copy / paste the private key
5. Once you have saved the encrypted private key to the key.txt file, you can close the file.
6. Execute the following command at the command line:
   openssl enc -d -aes-256-cbc -in key.txt -a -k [enter your password without brackets]
7. The resulting text should be your unencrypted private key 
8. Open Electrum and click:
9. File => New/Restore
10. Give your wallet a name, like: Strongcoin Paper Wallet
11. Select “Import Bitcoin addresses or private keys” and click “Next”
12. Paste your unencrypted private key, and click Next
13. Re-connect your computer to the internet
14. Assign and confirm a password for your wallet
15. When Electrum has finished sychronizing your wallet, you should be able to send your funds to your Bitcoin wallet
16. Security
17. There is some risk to this approach – there will be a time when the private key is exposed while your computer is connected to the internet. Theoretically, this could get stolen – but, the risk is fairly small
18. However, do not leave your funds in Electrum. Immediately move all the funds to another wallet.

A Few Final Notes

1. Remember that if you have forgotten the password to your wallet, we can help you recover it. You can contact us here: https://cryptoassetrecovery.com/contact/
2. If you owned Bitcoin in your Strongcoin wallet before August 2017, your private key also controls Bitcoin Cash that was air-dropped to it on Aug 1, 2017. 

If you have any questions, feel free to contact CryptoAssetRecovery.com.