When you order a 2-factor item from me, you’re protecting it with a passphrase. The 2-factor system ensures that nobody (not even me) can redeem the value from the item unless they have the passphrase. That begs the question: how can I (as Casascius) create a 2-factor item for you (as the buyer) if I don’t know the passphrase?
The short answer: there is a way to do it, and it involves converting your passphrase to an “intermediate code”. The long technical answer is explained in BIP38.
The Intermediate Code preserves enough information about the passphrase to be able to create a public key and 2-factor bitcoin address from it, but not the private key.
I know of three ways to create an intermediate code:
1. At the website http://bit2factor.org. This is a web-based intermediate code generator. It will work on any computer, and I recommend using the Chrome browser as it is CPU-intensive. (It probably will not work on a mobile device, sorry)
2. Using Casascius Bitcoin Address Utility. This program is for Windows, but will also run on Mac/Linux using Mono (since it’s not a true x86 program, but rather, an application written with C#/.NET). Source can be found at https://github.com/casascius/Bitcoin-Address-Utility and binaries can be downloaded at https://casascius.com/btcaddress.zip.
3. Using an iPhone app I wrote, whose source code I have released, but I have not put the app in the App Store. This app is called PaperTool and can be found at https://github.com/casascius/PaperTool – if you can compile it.
Here is an example of what an intermediate code looks like:
Any time I send out a 2-factor product, I also include a confirmation code. This is a code that allows the Intermediate Code generator utility to mathematically confirm that the Bitcoin address I’ve asked you to fund is one that actually is protected by your passphrase. The confirmation code allows the utility to validate the correctness of both the passphrase and the Bitcoin address, but does not allow access to the private key or the spending of funds. You should always check the confirmation code – it also serves as verification that you have the correct passphrase to decrypt the item when the time comes.
In addition to the confirmation code, I typically send out one or more unused empty private keys that are encrypted with the same passphrase. You can use them to become better acquainted with the 2-factor system without ripping open your Casascius item. For example, you could send 0.01 BTC to one of the extra keys, and then test your ability to decrypt and redeem it.
Once you feel comfortable with the 2-factor system, check out my post on how to choose the best passphrase for a 2-factor Casascius item that you may later want to resell: https://casascius.wordpress.com/2013/05/16/suggestions-for-choosing-the-passphrase-for-your-two-factor-item/