How to Generate a Bitcoin Address — Step by Step

Generating a Bitcoin address may seem like a complex cryptographic process, but understanding it reveals the elegant security and design behind the world’s most popular cryptocurrency. This guide walks you through each technical step—from private key creation to final address generation—using command-line tools on macOS (with principles applicable across platforms). Whether you're a developer, crypto enthusiast, or simply curious about blockchain technology, this hands-on tutorial demystifies how Bitcoin addresses are created securely using public-key cryptography.

Understanding the Basics: Public Key Cryptography

Bitcoin relies on asymmetric cryptography, also known as public key cryptography. This system uses mathematically linked key pairs:

• A private key—a secret number that proves ownership of funds.
• A public key—derived from the private key, used to receive funds.

The relationship is one-way: you can generate a public key from a private key, but not vice versa. This "trapdoor" function ensures security. Two major applications in Bitcoin include:

• Digital Signatures: Prove transaction authenticity without revealing your private key.
• Encryption & Verification: Enable secure peer-to-peer value transfer.

Think of your private key as the ultimate password to your digital assets. Lose it? You lose access forever. Share it? Anyone can spend your Bitcoin.

🔐 Core Insight: Private keys are 256-bit numbers—so vast in possible combinations (around 1.16 × 10⁷⁷) that guessing one at random is practically impossible. It's like finding one specific atom in all the Earths if every atom in your body were its own planet.

👉 Discover how secure crypto wallets protect your private keys automatically.

Step 1: Generate a Private Key

A valid Bitcoin private key is any 256-bit integer within a specific range defined by the elliptic curve secp256k1. While true randomness is ideal, we can simulate it for educational purposes.

One common method involves hashing a human-readable seed phrase using SHA-256, a cryptographic hash function that always outputs a 256-bit result.

Here’s how to generate a test private key via terminal:

$ echo "this is a group of words that should not be considered random anymore so never use this to generate a private key" | openssl sha256
a966eb6058f8ec9f47074a2faadd3dab42e2c60ed05bc34d39d6c0e1d32b8bdf

This hexadecimal string (a966...8bdf) is your private key. Though functional for learning, never use predictable phrases like this for real funds—always rely on cryptographically secure random number generators in practice.

⚠️ Reminder: This example uses an insecure seed. Real wallets use high-entropy sources (like hardware RNGs) to prevent predictability.

Step 2: Derive the Public Key

From the private key, we derive the public key using elliptic curve multiplication on the secp256k1 curve:

Public Key = Private Key × Generator Point (G)

The generator point G is a fixed coordinate on the curve. The operation is computationally irreversible—this is what makes Bitcoin secure.

Using OpenSSL (after installing libressl via Homebrew for full EC support), run:

$ openssl ec -inform DER -text -noout -in <(cat <(echo -n "302e0201010420") <(echo -n "a966eb6058f8ec9f47074a2faadd3dab42e2c60ed05bc34d39d6c0e1d32b8bdf") <(echo -n "a00706052b8104000a") | xxd -r -p) 2>/dev/null | tail -6 | head -5 | sed 's/[ :]//g' | tr -d '\n' && echo

Output:

043cba1f4d12d1ce0bced725373769b2262c6daa97be6a0588cfec8ce1a5f0bd092f56b5492adbfc570b15644c74cc8a4874ed20dfe47e5dce2e08601d6f11f5a4

This is an uncompressed public key, starting with 0x04, followed by X and Y coordinates on the curve.

Step 3: Compress the Public Key

To save space on the blockchain, most systems use compressed public keys. Since the Y coordinate can be derived from X using the curve equation $ y^2 = x^3 + 7 $, we only store X—and prefix it with:

• 0x02 if Y is even
• 0x03 if Y is odd

In our case, the Y value ends in 0xa4 (even), so we use 0x02.

Compressed public key:

023cba1f4d12d1ce0bced725373769b2262c6daa97be6a0588cfec8ce1a5f0bd09

This reduces data size by nearly half—an important efficiency for network scalability.

👉 See how modern wallets streamline this entire process behind the scenes.

Step 4: Create a Bitcoin Address (P2PKH)

Now we convert the compressed public key into a usable Bitcoin address.

Hashing: SHA-256 + RIPEMD-160

First, hash the public key twice:

$ echo 023cba1f4d12d1ce0bced725373769b2262c6daa97be6a0588cfec8ce1a5f0bd09 | xxd -r -p | openssl sha256
(stdin)= 8eb001a42122826648e66005a549fc4b4511a7ad3fc378221aa1c73c5efe77ef

$ echo 8eb001a42122826648e66005a549fc4b4511a7ad3fc378221aa1c73c5efe77ef | xxd -r -p | openssl ripemd160
(stdin)= 3a38d44d6a0c8d0bb84e0232cc632b7e48c72e0e

The resulting 160-bit hash is called the Public Key Hash (PKH).

Base58Check Encoding

Next, prepare for final encoding:

1. Prepend version byte 0x00 (for P2PKH addresses).
2. Compute a 4-byte checksum via double-SHA-256.
3. Append checksum and encode with Base58Check.

$ echo 003a38d44d6a0c8d0bb84e0232cc632b7e48c72e0e | xxd -p -r | base58 -c && echo

Final P2PKH Address:

16JrGhLx5bcBSA34kew9V6Mufa4aXhFe9X

This is a standard legacy Bitcoin address starting with "1".

Step 5: Generate a Modern P2SH Address

Today, most wallets default to Pay-to-Script-Hash (P2SH) addresses, which support advanced features like multi-signature transactions and SegWit compatibility.

A common variant is P2WPKH nested in P2SH, which improves transaction efficiency and reduces fees.

To generate a P2SH address:

1. Create script: OP_0 <RIPEMD-160(SHA-256(pubKey))>
2. Hash script with SHA-256 then RIPEMD-160 → get script hash
3. Prepend 0x05 (P2SH version byte)
4. Apply Base58Check encoding

Commands:

$ echo 00143a38d44d6a0c8d0bb84e0232cc632b7e48c72e0e | xxd -r -p | openssl sha256
$ echo [output] | xxd -r -p | openssl ripemd160
$ echo 05[script_hash] | xxd -p -r | base58 -c && echo

Resulting P2SH Address:

34N3tf5m5rdNhW5zpTXNEJucHviFEa8KEq

Starts with "3", indicating a script-based address.

Frequently Asked Questions (FAQ)

Q: Can I generate a Bitcoin address without internet?
A: Yes! All steps use local cryptographic operations. No internet required—ideal for cold wallet setups.

Q: Is it safe to generate keys manually like this?
A: Only for learning. Real-world use demands secure, audited wallet software to avoid entropy flaws or exposure.

Q: What’s the difference between P2PKH and P2SH?
A: P2PKH sends to a public key hash (starts with "1"). P2SH sends to a script hash (starts with "3"), enabling advanced spending conditions.

Q: Why compress public keys?
A: Compression halves data size, reducing blockchain bloat and lowering transaction fees over time.

Q: Can I recover funds with just the private key?
A: Yes. Any standard wallet allows importing a private key (WIF format) to restore access to associated addresses.

Q: Are newer address types better?
A: Yes. SegWit (Bech32) addresses (starting with "bc1") offer lower fees and improved scalability. P2SH remains widely supported.

👉 Compare different Bitcoin address types and their benefits today.

Core Keywords

• Bitcoin address generation
• Private key
• Public key
• Elliptic curve cryptography
• SHA-256
• RIPEMD-160
• Base58Check encoding
• P2PKH vs P2SH

Understanding how Bitcoin addresses are built empowers you to make informed decisions about wallet security, transaction types, and long-term asset management. While modern tools automate these steps, knowing what happens under the hood builds trust in the decentralized financial ecosystem.