Solution for 2-of-3 paper wallets without multisig feature

This is a crosspost from as this works for Peercoin as well.

Currently no clients support multisig-transactions. Nevertheless I wanted 2of3 paper wallets for a part of my coins (no stake minting possible - of course)

This script generates a html file with three parts of one paper wallet. Two of those are needed to recover the private key.

I’ve tested it for bitcoin and peercoin. Whatever vanitygen can generate is supported.
Linux Dependencies: vanitygen ssss qrencode (zbar-tools)


generate 2 of 3 secret

#remove old keys if file exists
echo “” > paperwallet.keys

#generate new peercoin address
vanitygen -X 55 -q -o paperwallet.keys P

#generate QR code for peercoin address
echo “peercoin:” >
cat paperwallet.keys | sed ‘4d’ | sed ‘1,2d’ | sed ‘s/^Address: //’ >>
cat | tr -d ‘\n’| qrencode -o “”

#start html output
echo “” > paperwallet.html
echo “” >> paperwallet.html
echo " table {border-collapse:collapse; table-layout:fixed; width:800px}" >> paperwallet.html
echo " table td {border:solid 1px #fab; width:400px; word-wrap:break-word;}" >> paperwallet.html
echo “” >> paperwallet.html

#split private key into 3 keys
cat paperwallet.keys | sed ‘1,3d’ | sed ‘s/^Privkey: //’ | ssss-split -t 2 -n 3 -w privatekeypart -q | while read -r line; do
echo $line | qrencode -o “paperwallet.priv.part$CTR.png”

echo "This is <b>part $CTR</b> of a peercoin paper wallet. two of three parts are needed to recover the original secret<br>" >> paperwallet.html
echo "<table><tr><td>Public Key: " >> paperwallet.html
cat >> paperwallet.html	
echo "</td><td>" >> paperwallet.html
echo "Private Key (one among three): " >> paperwallet.html
echo $line >> paperwallet.html
echo "</td></tr><tr><td>" >> paperwallet.html
echo "<img width=150>" >> paperwallet.html
echo "</td><td>" >> paperwallet.html
echo "<img src=paperwallet.priv.part$CTR.png width=200>" >> paperwallet.html
echo "</td></tr></table>" >> paperwallet.html
echo "use linux command <i>ssss-combine -t 2</i> to recover original private key from two paper wallets<br><hr>" >> paperwallet.html


echo “” >> paperwallet.html[/code]

use the following lines to test recovery

zbarimg --raw -q paperwallet.priv.part1.png | tr -s '\n' > testjoin.part1 zbarimg --raw -q paperwallet.priv.part2.png | tr -s '\n' > testjoin.part2 cat testjoin.part1 testjoin.part2 | ssss-combine -q -t 2

be aware that the files generated contain your private key and are not cleaned up by this script. Only generate paper wallets on an offline computer running LiveCD.

Awesome work! Thanks for providing the code for it.

Very interesting and a good interim solution. However, this solution does reduce the strength of each part of the private key. I would prefer full strength private keys for each individual signature holder which e.g. hashes into a masterkey. Or better multiple layers of encryption on one key. That would also require an order during signing.

Multisig will mostly be used for transferring large amounts of money within companies, so the security needs to be of the highest standard.