pjkundert
diff --git a/‎App.org‎
Lines changed: 16 additions & 12 deletions b/‎App.org‎
Lines changed: 16 additions & 12 deletions
diff --git a/‎App.pdf‎
31 Bytes b/‎App.pdf‎
31 Bytes
diff --git a/‎App.txt‎
Lines changed: 14 additions & 12 deletions b/‎App.txt‎
Lines changed: 14 additions & 12 deletions
diff --git a/‎GNUmakefile‎
Lines changed: 4 additions & 5 deletions b/‎GNUmakefile‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎README.org‎
Lines changed: 50 additions & 2 deletions b/‎README.org‎
Lines changed: 50 additions & 2 deletions
diff --git a/‎README.pdf‎
2.63 KB b/‎README.pdf‎
2.63 KB
@@ -222,35 +222,39 @@ related to the Seed.
    support a wide range of cryptocurrencies; presently, only BTC, ETH, XRP, LTC, BCH, USDC, and a
    few other lesser-known coins.
 
+   They also have a crypto-backed credit card which works well in Canada.
+
 ** Crypto.com
 
    Use my referral link for [[https://crypto.com/app/2x4hk92dnf][Crypto.com (referral code: 2x4hk92dnf)]] to sign up for Crypto.com and we
    both get $25 USD :)
 
    The Crypto.com exchange has many more coins available, as well as a crypto-funded credit card
-   that presently works in Canada.
+   that works in Canada.
 
 ** Protecting your SLIP-39 Cards
 
    Protect your printed SLIP-39 cards from water damage by laminating them in plastic or storing
-   them in [[https://amzn.to/3KxvQ1G][foil ziplock bags]] before [[https://amzn.to/3HCX8lv][mailing them]].
+   them in [[https://amzn.to/3EgdfGb][foil ziplock bags]] before [[https://amzn.to/3G5zOjk][mailing them]].
    #+BEGIN_EXPORT html
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B08G8JNLVX&linkId=ef9c22a5d125ab5b1a8d3f3cd27456fb"></iframe>
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B07WXMYX87&linkId=06e0f5d889c93f5427c379ddc5fa6857"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B08G8JNLVX&linkId=e584b2c9a1ab8e3b9451241d50e99994"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B07WXMYX87&linkId=d36eaab43ae10799576d1bf6aa06db48"></iframe>
    #+END_EXPORT
 
    Print the SLIP-39 cards and cut them out, and then lay them out with 1/2" margins (so you can cut
-   them out after lamination and retain 1/4" borders), either with [[https://amzn.to/3K6wp2p][self-adhesive full-page
-   laminating sheets]] - no machine required (or [[https://amzn.to/3vyyKPw][index-card size]] sheets), 
+   them out after lamination and retain 1/4" borders), either with [[https://amzn.to/3NRr9Tr][full-page self-adhesive]] (or
+   [[https://amzn.to/3G8NQ3w][index-card size]]) laminating sheets -- no machine required.
    #+BEGIN_EXPORT html
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B00007E7D2&linkId=608ce5dd44a7a227327c9000d6442c92"></iframe>
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B00ENFRAX8&linkId=4ef3861c37b523826fcf6d3a87349890"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B06ZY31ZB3&linkId=9450e15b915a57d90c9a3172194d5269"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B00ENFRAX8&linkId=2496ae94b1c07ac33bac10452ca754d1"></iframe>
    #+END_EXPORT
-   or with a [[https://amzn.to/3IyMkGt][heat-laminating machine]] in [[https://amzn.to/3C1N3NI][full-page pouches]] (or in [[https://amzn.to/35z7RA5][index-card size pouches]]).
+
+   Ideally, use a [[https://amzn.to/3UJqBkB][heat-laminating machine]] in [[https://amzn.to/3G4ZmNu][full-page pouches]] (or in [[https://amzn.to/3G4Zuws][index-card size pouches]]).  This is
+   the best option, in my opinion.
    #+BEGIN_EXPORT html
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B018UOYJZ4&linkId=12211cd757266604642e6fb78d04377d"></iframe>
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B00BWU3HNY&linkId=dcc0671406aa42d30b3e09a1cc08154f"></iframe>
-   <iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B001B0ES1K&linkId=6c8f34fe77e3b87e6f8c53e3485bf594"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B018UOYJZ4&linkId=0513e65d25ae54d508452fd8336bd981"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B00BWU3HNY&linkId=62ebedd04e75446cc7e35f6333886825"></iframe>
+   <iframe sandbox="allow-popups allow-scripts allow-modals allow-forms allow-same-origin" style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-na.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=pjkundert06-20&language=en_CA&o=15&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=B001B0ES1K&linkId=9561218d8582a651832712b8badd2e09"></iframe>
    #+END_EXPORT
 
 * Privacy Policy
 
@@ -285,6 +285,8 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   presently, only BTC, ETH, XRP, LTC, BCH, USDC, and a few other
   lesser-known coins.
 
+  They also have a crypto-backed credit card which works well in Canada.
+
 
 [Netcoins.app (referral code: 5YO1MZ)]
 <https://netcoins.app/r?ac=5YO1MZ>
@@ -297,7 +299,7 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   sign up for Crypto.com and we both get $25 USD :)
 
   The Crypto.com exchange has many more coins available, as well as a
-  crypto-funded credit card that presently works in Canada.
+  crypto-funded credit card that works in Canada.
 
 
 [Crypto.com (referral code: 2x4hk92dnf)]
@@ -312,25 +314,25 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   them].
   Print the SLIP-39 cards and cut them out, and then lay them out with
   1/2" margins (so you can cut them out after lamination and retain 1/4"
-  borders), either with [self-adhesive full-page laminating sheets] - no
-  machine required (or [index-card size] sheets),
-  or with a [heat-laminating machine] in [full-page pouches] (or in
-  [index-card size pouches]).
+  borders), either with [full-page self-adhesive] (or [index-card size])
+  laminating sheets – no machine required.
+  Ideally, use a [heat-laminating machine] in [full-page pouches] (or in
+  [index-card size pouches]).  This is the best option, in my opinion.
 
 
-[foil ziplock bags] <https://amzn.to/3KxvQ1G>
+[foil ziplock bags] <https://amzn.to/3EgdfGb>
 
-[mailing them] <https://amzn.to/3HCX8lv>
+[mailing them] <https://amzn.to/3G5zOjk>
 
-[self-adhesive full-page laminating sheets] <https://amzn.to/3K6wp2p>
+[full-page self-adhesive] <https://amzn.to/3NRr9Tr>
 
-[index-card size] <https://amzn.to/3vyyKPw>
+[index-card size] <https://amzn.to/3G8NQ3w>
 
-[heat-laminating machine] <https://amzn.to/3IyMkGt>
+[heat-laminating machine] <https://amzn.to/3UJqBkB>
 
-[full-page pouches] <https://amzn.to/3C1N3NI>
+[full-page pouches] <https://amzn.to/3G4ZmNu>
 
-[index-card size pouches] <https://amzn.to/35z7RA5>
+[index-card size pouches] <https://amzn.to/3G4Zuws>
 
 
 3 Privacy Policy
 
@@ -166,19 +166,18 @@ dist/slip39-$(VERSION)-py3-none-any.whl: build-check FORCE
 	@ls -last dist
 
 # Install from wheel, including all optional extra dependencies (except dev)
-install-dev:
-	$(PY3) -m pip install --upgrade -r requirements-dev.txt
-
 install:		dist/slip39-$(VERSION)-py3-none-any.whl FORCE
-	$(PY3) -m pip install --force-reinstall $<[gui,serial,wallet]
+	$(PY3) -m pip install --force-reinstall $<[gui,wallet,serial]
 
+install-dev:
+	$(PY3) -m pip install --upgrade -r requirements-dev.txt
 
 # Building / Signing / Notarizing and Uploading the macOS or win32 App
 # o TODO: no signed and notarized package yet accepted for upload by macOS App Store
 # 
 # Mac:  To build the .dmg installer, run:
 #    make clean
-#    make installer  # continue running every couple of minuts 'til the App is notarized
+#    make installer  # continue running every couple of minutes 'til the App is notarized
 #
 installer:		$(INSTALLER)
 
 
@@ -40,7 +40,7 @@ and documentation of [[https://wolovim.medium.com/ethereum-201-hd-wallets-11d0c9
 various SLIP-39 sharing parameters.  It generates the new random wallet seed, and generates the
 expected standard Ethereum account(s) (at [[https://medium.com/myetherwallet/hd-wallets-and-derivation-paths-explained-865a643c7bf2][derivation path]] =m/44'/60'/0'/0/0= by default) and Bitcoin
 accounts (at Bech32 derivation path =m/84'/0'/0'/0/0= by default), with wallet address and QR code
-(compatible with Trezor derivations).  It produces the required SLIP-39 phrases, and outputs a
+(compatible with Trezor and Ledger derivations).  It produces the required SLIP-39 phrases, and outputs a
 single PDF containing all the required printable cards to document the seed (and the specified
 derived accounts).
 
@@ -819,6 +819,54 @@ recover your accounts to your Ledger (or other) hardware wallet.
 
     #+LATEX: }
 
+*** Serial Port Connected Secure Seed Enclave
+
+    What if you or your company wants to accept Crypto payments, and needs to generate a sequence of
+    wallets unique to each client?  You *can* use an xpubkey and then generate a sequence of unique
+    addresses from that, which doesn't disclose any of your private key material:
+
+    #+LATEX: {\scriptsize
+    #+BEGIN_SRC bash :exports both :results output
+    ( python3 -m slip39.recovery --bip39 --mnemonic 'zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong' \
+        | python3 -m slip39.generator --secret - --xpub --path "../-2'" --crypto BTC
+    ) 2>&1
+    #+END_SRC
+
+    #+RESULTS:
+    :     0: [["BTC", "m/84'/0'/0'", "zpub6rD5AGSXPTDMSnpmczjENMT3NvVF7q5MySww6uxitUsBYgkZLeBywrcwUWhW5YkeY2aS7xc45APPgfA6s6wWfG2gnfABq6TDz9zqeMu2JCY"]]
+    :     1: [["BTC", "m/84'/0'/1'", "zpub6rD5AGSXPTDMUaSe3aGDqWk4uMTwcrFwytkKuDGmi3ofUkJ4dQxXHZwiXWbHHrELJAor8xGs61F8sbKS2JdQkLZRnu5PGktmr6F32nEBUBb"]]
+    :     2: [["BTC", "m/84'/0'/2'", "zpub6rD5AGSXPTDMYx2sQPuZgceniniRXDK5tELiREjxfSGJENNxuQD3u2yfpRqnNE1JeH14Pa7MVGrofDJtyXw252ws9HgRcd82X2M4KzkUfpZ"]]
+
+    #+LATEX: }
+
+    Since you have to generate such an xpubkey from a "hardened" path, such as with =slip39.generate
+    --xpub ...=, you *still* need to run that tool chain on some secure "air gapped" computer.  So,
+    how do you do that safely, knowing that you need to input your SLIP-39 or BIP-39 Mnemonics on
+    that computer?  Especially, if you want to do this under any kind of automation, and deliver the
+    output xpubkey to your insecure business computer systems?
+
+    One solution is to have the computer hosting your Seed or Mnemonic private key material *only*
+    connected to your business computer systems with a guaranteed *safe* mechanism.  Definitely
+    *not* with any kind of general purpose network system!
+
+    The solution: *The RS-232 Serial Port*
+
+    With USB to [[https://amzn.to/3DXSYol][DB-9 female]] to [[https://amzn.to/3toukby][DB-9 male]] serial adapters, any small computer with USB ports (such as
+    the [[https://amzn.to/3A6Gwlb][Raspberry Pi 400]]) can be connected serially and serve as your "secure" computer, storing
+    your Seed Mnemonic.
+
+    Remember to disable all other wired and wireless networking!
+
+    The RS-232 port on the "secure" computer can be protected from all incoming data transmissions,
+    make an exploit effectively impossible, while still allowing outgoing data (the generated
+    xpubkeys).
+
+    A DB-9 [[https://amzn.to/3EnLEEd][serial breakout]] board or custom serial adapter be easily constructed that disconnects pin
+    3 (TXD) on the "business" side from pin 2 (RXD) on the "secure" side, eliminating any chance of
+    data being sent to the "secure" side.  The only electronic connection that transmits data to the
+    "secure" side is the hardware flow control pin 7 (RTS) to pin 8 (CTS).  An exploit using this
+    single-bit approach vector is ... unlikely. :)
+
 ** The =slip39= module API
 
    Provide SLIP-39 Mnemonic set creation from a 128-bit master secret, and recovery of the secret
@@ -1652,7 +1700,7 @@ recover your accounts to your Ledger (or other) hardware wallet.
 
    To install from Pypi, including the optional requirements to run the PySimpleGUI/tkinter GUI,
    support serial I/O, and to support creating encrypted BIP-38 and Ethereum JSON Paper Wallets:
-   : $ python3 -m pip install slip39[gui,paper,serial]
+   : $ python3 -m pip install slip39[gui,wallet,serial]
 
 ** The =slip39= GUI