If you import secret.key without password setting, an error will occur at the time of remittance

thank you for your reply.

“b76536a4~” was extracted from the sqlite file by having Daedalus import the secret.key. However, something different from your master key came out.

How did you extract “b573~”?

The export-wallets tool can’t extract the private key without the status folder, right?

Sorry, I am not following you. Sqlite DB is for new key store mechanism.
The old Byron recover comes from secret.key files.

I created an extraction tool too for john (cardano2john.py) that extract the keys to john format.
Keep in mind, the john tool is about the old Daedalus secret.key file based recovery.

I do not know what you’re doing as you’re just dumps some hints here and there, but from which what I could decipher that those do not make sense for me.


$ cd john/run
$ pip3 install cbor2
$ ./cardano2john.py /tmp/iog_secret.key | tee wallet.john

$ ./john --wordlist=password_candidates.txt wallet.john

I have no clue how export-wallets works, as I have not used it at all.
You only need john, the secret.key file and the password candidates to decrypt the encrypted master secret key.
But, tbh, I have no clue what and how you do your things, but it clear that you have limited understanding of this topic (that’s not a problem as ppl who are capable of learning/growing can come over that limitation).

1 Like

Thanks ilap.

I did not get good results with the john tool. Because I am sure I updated my password more than once. Or because Daedalus updated around 2019 and I changed my password then.

But I have a limited password.
How can I try that?

I would like to know other ways.

For example, hashing the password and recovering it with API to test money transfer.

Thanks for sharing john and other tools.
I appreciate it very much.

That’s suck and there is no tool for that.
If I would you I would write a tool for that, but the problem is that there can be some issues in different updates of Daedalus versions. Might be once it required to heave a “\n” add the end of password which could have been removed in later version. So, to tackle down correctly, it would be required to imitate all the Daedalus updates’ behaviours with some off-line like tools, and very precisely track the events.

For example, Daedalus updates and the exact details you have done from 2017 till now. E.g., when did you change your password, or even did you set any at all at the beginning (as in the beginning the old Daedalus did not require a spending password and it was optional)?

So, I am not sure, it’s a quite complex issue.

1 Like

ilap,thanks for the reply. You are very kind.

I hope you will make that tool.

I was looking for a password hash that Daedalus can recognize.

For example, it will hash and recover “Secret1234”.

Once the Daedalus remittance password is set to “Secret1234”, you can test the remittance. I searched for that algorithm and found it.

// @flow

import blakejs from ‘blakejs’;

const bytesToB16 = (bytes) => Buffer.from(bytes).toString(‘hex’);

const blake2b = (data) => blakejs.blake2b(data, null, 32);

export const encryptPassphrase = (passphrase: string) => (



I am going to try this tonight to see if I can create a password hash with this and use it as a money transfer password in Daedalus. Is this possible?

I have the old Daedalus files so I have the LOG too.

I did not set a password on the first Daedalus.

I changed my password.“2019-05-08T10:33:39.476056”,“hasSpendingPassword”

Too bad the password hash was not recorded in secret.key.

Will the secret.key with the password changed in May 2019 work in john?

Why doesn’t john work if I change my password more than once?

The log starts from January 2018. I didn’t set a password when I created the wallet.

Updated to DAEDALUS 0.13.1 on May 8, 2019.

This is when I set the password for the first time.
(There is a possibility that it has been changed several times for confirmation here.)

Updated to DAEDALUAS 0.15.1 on January 14, 2020.

Until January 13, 2020, the wallet information was listed in the log. After updating to 0.15.1 Daedalus didn’t open until January 2021.

When I took out secreto.key and imported it, it was a wallet without a password.

I have several passwords. I think it’s one of them. But it doesn’t work for john. I would like to do a direct remittance test.

Are you making a tool now?

ilap, thank you as always.


I did not have any spare time for this. Though it should not be hard as it should be based on some permutations with repetition for all of your password candidates.



Check this. I created a recover.js for all possible permutations.
Repetation of the same password does not matter as it just decrypt/encrypts the same master key.
Meaning, using the same password twice will result the same encrypted master secret key, so no point of considering them.


ilap,thanks for the reply.

You are very kind.

Thank you for making it despite your busy schedule.

i will try tomorrow. I will also report the results!

Dear _ilap
Thanks for making the tool.
I haven’t been able to decrypt it yet, but I will try as many passwords as I can think of. I don’t want this tool to go to waste.
You are very kind. Thank you·

If you’re sure that the passwords were good, then it means that Daedalus could not handle the new lines in the passwords properly, like the \n or \r\n or similar, as encryption/decryption has not changed since 2017.

1 Like

That would be nice if somebody could have a secret.key with a valid mnemonic (but moved to a different mnemonic-based Shelley wallet/addresses by now) to test.

1 Like

Dear ilap

Does it mean that the private key is complicatedly encrypted by \n or \r\n?

>>>That would be nice if somebody could have a secret.key with a valid mnemonic (but moved to a different mnemonic-based Shelley wallet/addresses by now) to test.

I have an unfunded byron recovery phrase.

I found byron’s 12-word recovery word, although it’s not secret.key. Can you test it? How do we test it?

restore the wallet (byron) using the 12 words… you can restore on adalite.io (click on mnemonic and insert the 12 words)

1 Like

sorry. A recovery phrase without test funds.

Empty wallet recovery phrase for testing.


I cannot test it with only a recovery phase as need a corresponding secret.key and the password used to move the fund out from it, to figure out what other things have applied. Ofc, only if the passwords you have tried were the correct ones.

He is referring to an unfunded byron recovery phrase.


Thank you for your reply.

I also have a secret.key with the correct password. It gave the correct result with the john tool. But no recovery phrase.

Can you test with that secret.key?

I am confused. Is it an empty (non-funded) wallet’s secret.key which works with your password?
Then your password seems is the not correct one for the non-empty wallet’s secret.key, if it does not work with john.

Or is it the funded wallet’s secret.key and it works with your password using john? Then you can recover your funded wallet.

Can you clarify as it’s confusing me.

1 Like

Sorry for my poor explanation.

I have two secret.keys.

① Funded secret.key does not have a password hash. private key is encrypted. I can’t decrypt it with the john tool.

②Another secret.key is a secret.key with empty funds. I have the correct password.

You said
『That would be nice if somebody could have a secret.key with a valid mnemonic (but moved to a different mnemonic-based Shelley wallet/addresses by now) to test.』

That’s why I thought I needed ②.

Yeah, but the problem is that the ② works with john tool.
Meaning, there is no any changes in the encryption methods.
As I would test first with john too, and would figure out any additional stuffs if it would not work with it.

But anyway, you can attach the secret.key here as I would like to check its passwordHash too.

If you want send me it privately, then just send a PM to me and attach the secret.key and the old password.