Title: xpub validation bug Last modified: August 31, 2016 --- # xpub validation bug * [mperklin](https://wordpress.org/support/users/mperklin/) * (@mperklin) * [10 years, 3 months ago](https://wordpress.org/support/topic/xpub-validation-bug/) * I have identified a validation bug with BIP32 extended keys. The regular expressions used by this plugin to validate BIP32 extended keys is overly restrictive and will only validate extended keys with a depth 0 despite the fact that extended keys with depths 1 and higher are perfectly valid. * Electrum v2.0 can make use of any BIP32 extended key, even children keys that are derived from a root. Despite this flexibility of Electrum, this plugin does not allow child keys. * The cause of this incompatibility has been identified as an overly-restrictive regular expression found in bwwc-bitcoin-gateway.php on line 130, and in bwwc- utils.php on line 1098. * Both of these lines are currently identical: `else if (!preg_match ('/^[a-f0- 9]{128}$/', $mpk) && !preg_match ('/^xpub661[a-zA-Z0-9]{104}$/', $mpk))` * The second regular expression requires that all BIP32 extended keys begin with the characters “xpub661” however according to the BIP32 serialization formatting standard outlined at [https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#serialization-format](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#serialization-format), the values “661” are not required for BIP32 extended keys. These characters represent two values in the underlying structure: child depth, and fingerprint. Extended Keys that are root keys will always have a 0 child depth and 0000 fingerprint which results in the “xpub661” prefix, however it’s completely valid to have extended keys that have child depths > 0 and fingerprints that are non-0. * I recommend the following change be made to both bwwc-bitcoin-gateway.php on line 130, and bwwc-utils.php on line 1098: `else if (!preg_match ('/^[a-f0-9]{ 128}$/', $mpk) && !preg_match ('/^xpub[a-zA-Z0-9]{107}$/', $mpk))` * This code will still validate root BIP32 extended keys, but will also validate child keys as well, successfully conforming to Electrum v2’s behaviour. * Thank you for making a great plugin. I hope my bug report helps make it even better. * –Michael Perklin * [https://wordpress.org/plugins/bitcoin-payments-for-woocommerce/](https://wordpress.org/plugins/bitcoin-payments-for-woocommerce/) Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [gesman](https://wordpress.org/support/users/gesman/) * (@gesman) * [10 years, 3 months ago](https://wordpress.org/support/topic/xpub-validation-bug/#post-7090634) * Thanks Michael, * Will push this update to next release. Appreciate the tip and analysis. * Thread Starter [mperklin](https://wordpress.org/support/users/mperklin/) * (@mperklin) * [10 years, 3 months ago](https://wordpress.org/support/topic/xpub-validation-bug/#post-7090637) * No problem gesman. * FYI I just found a 3rd place where the same regex should be replaced in bwwc- mpkgen.php line 42. * –MP Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘xpub validation bug’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/bitcoin-payments-for-woocommerce. svg) * [Bitcoin Payments for WooCommerce](https://wordpress.org/plugins/bitcoin-payments-for-woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/bitcoin-payments-for-woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/bitcoin-payments-for-woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/bitcoin-payments-for-woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bitcoin-payments-for-woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bitcoin-payments-for-woocommerce/reviews/) ## Tags * [invalid](https://wordpress.org/support/topic-tag/invalid/) * 2 replies * 2 participants * Last reply from: [mperklin](https://wordpress.org/support/users/mperklin/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/xpub-validation-bug/#post-7090637) * Status: not resolved