build status Coverage Status Version

browser support

A JavaScript component that adheres to the BIP38 standard to secure your crypto currency private keys. Fully compliant with Node.js and the browser (via Browserify).


BIP38 is a standard process to encrypt Bitcoin and crypto currency private keys that is imprevious to brute force attacks thus protecting the user.

Package Info



npm install --save bip38



Constructor that creates a new Bip38 instance.


A field that accepts an object for the address version. This easily allows you to support altcoins. Defaults to Bitcoin values.


var Bip38 = require('bip38');

var privateKeyWif = '5KN7MzqK5wt2TP1fQCYyHBtDrXdJuXbUzm4A9rKAteGu3Qi5CVR';

var bip38 = new Bip38();
bip38.version = {private: 0x80, public: 0x0};
bip38.encrypt(privateKeyWif, "super-secret", "1Jq6MksXQVWzrznvZzxkV6oY57oWXD9TXB"});


A field that accepts an object with the follow properties: N, r, and p to control the scrypt. The BIP38 standard suggests N = 16384, r = 8, and p = 8. However, this may yield unacceptable performance on a mobile phone. If you alter these parameters, it wouldn't be wise to suggest to your users that your import/export encrypted keys are BIP38 compatible. If you do, you may want to alert them of your parameter changes.


bip38.scryptParams = {N: 8192, r: 8, p: 8};

encrypt(wif, passphrase, address)

A method that encrypts the private key. wif is the string value of the wallet import format key. passphrase the passphrase to encrypt the key with. address is the public address.

Returns the encrypted string.


var Bip38 = require('bip38');

var privateKeyWif = '5KN7MzqK5wt2TP1fQCYyHBtDrXdJuXbUzm4A9rKAteGu3Qi5CVR';

var bip38 = new Bip38();
var encrypted = bip38.encrypt(privateKeyWif, 'TestingOneTwoThree', "1Jq6MksXQVWzrznvZzxkV6oY57oWXD9TXB");
console.log(encrypted); // => 6PRVWUbkzzsbcVac2qwfssoUJAN1Xhrg6bNk8J7Nzm5H7kxEbn2Nh2ZoGg

decrypt(encryptedKey, passhprase)

A method that decrypts the encrypted string. encryptedKey is the string value of the encrypted key. passphrase is the passphrase to decrypt the key with.

var Bip38 = require('bip38');

var encryptedKey = '6PRVWUbkzzsbcVac2qwfssoUJAN1Xhrg6bNk8J7Nzm5H7kxEbn2Nh2ZoGg';

var bip38 = new Bip38();
var privateKeyWif = bip38.decrypt(encryptedKey, 'TestingOneTwoThree');
console.log(privateKeyWif); // =>  '5KN7MzqK5wt2TP1fQCYyHBtDrXdJuXbUzm4A9rKAteGu3Qi5CVR'

note: To check for an invalid password, you'll want to generate the public address from the output of the decrypt() function. If it doesn't equal the expected address or the address checksum, then chances are, it's an invalid password. The reason that this logic was not included is because it would have required a lot of dependencies: ECKey and Address. Currently, ECKey is pretty heavy on dependencies.