Begin integrating Entropy Analysis, Licensing into GUI

Author: pjkundert

App.org

@@ -22,15 +22,15 @@ nil
 #+RESULTS:
 
 #+BEGIN_ABSTRACT
-Creating personal Ethereum, Bitcoin and other Cryptocurrency accounts is /urgently/ needed, but is
+Creating personal Ethereum, Bitcoin and other cryptocurrency accounts is /urgently/ needed, but is
 complex and fraught with potential for loss of funds.
 
 All Crypto wallets start with a "Seed": a large, random number used to derive all of your actual
 Bitcoin, Ethereum, etc. wallets.
 
 The best practice for using these wallets is to load this "Seed" into a secure hardware device, like
 a [[https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388][Trezor "Model T"]] hardware wallet.  SLIP-39 Mnemonic cards contain the recovery words, which are
-typed directly into the Trezor device to recover the Seed, and all of its Cryptocurrency accounts.
+typed directly into the Trezor device to recover the Seed, and all of its cryptocurrency accounts.
 For the [[https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f][Ledger Nano]] and other hardware wallets supporting only BIP-39 Mnemonics, you can now use the
 SLIP-39 App to securely and reliably back up these BIP-39 phrases.
 
@@ -40,7 +40,7 @@ for the Seed to partners, family and friends.  Also, encrypted "Paper Wallets" c
 support software cryptocurrency wallets such as Metamask, Brave or various mobile-phone and
 computer-based wallets.
 
-Later, if you (or your heirs!) need to recover *all* of your Cryptocurrency accounts, they can
+Later, if you (or your heirs!) need to recover *all* of your cryptocurrency accounts, they can
 collect a sufficient threshold of the cards and regain access to all of the cryptocurrency accounts
 related to the Seed.
 #+END_ABSTRACT
@@ -99,7 +99,7 @@ related to the Seed.
     stored in wallet addresses that can never be accessed because the corresponding "Private Key"
     has been lost, or the passphrase forgotten.
 
-    The statistical chances of anyone successfully passing a Cryptocurrency wallet Private Key +
+    The statistical chances of anyone successfully passing a cryptocurrency wallet Private Key +
     passphrase or Seed to their heirs over a 50-year period is therefore very low.  Since memory fades
     and "safe" storage places are lost, destroyed or forgotten, this risk actually increases
     exponentially over time.
@@ -146,7 +146,7 @@ related to the Seed.
     and can transfer the funds into their own wallet.
 
     If the Paper Wallet is ever lost, you can recover the Private Key (it was derived from your
-    Seed!), and transfer the Cryptocurrency back into one of your own wallets.
+    Seed!), and transfer the cryptocurrency back into one of your own wallets.
 
 * Recommended Vendors
 
@@ -157,7 +157,7 @@ related to the Seed.
 
    The [[https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388][Trezor "Model T"]] hardware wallet has built-in SLIP-39 generation and recovery capability.
    Enter the words on the SLIP-39 cards directly into the screen of the Trezor to recover your
-   Cryptocurrency accounts.
+   cryptocurrency accounts.
 
    #+BEGIN_EXPORT html
    <a href="https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388&file_id=534" target="_blank"><img src="https://media.go2speed.org/brand/files/trezor/15/20210707060206-T1TT_banner_728x90_3.png" width="728" height="90" border="0" /></a><img src="http://trezor.go2cloud.org/aff_i?offer_id=15&file_id=534&aff_id=10388" width="0" height="0" style="position:absolute;visibility:hidden;" border="0" />
@@ -170,7 +170,7 @@ related to the Seed.
 
    We recommend the Trezor "Model T" for this reason.  No other hardware wallet yet supports direct,
    on-screen SLIP-39 Seed recovery.  This feature is, simply, so fundamentally important for
-   Cryptocurrency Seed security and reliability that we consider it a necessity.
+   cryptocurrency Seed security and reliability that we consider it a necessity.
 
    If you already have one of the less expensive Trezor wallets that only support BIP-39 backup, we
    also support those, using the same BIP-39 Seed Entropy backup via SLIP-39 as for the Ledger, and
@@ -182,12 +182,6 @@ related to the Seed.
    Mnemonics.  However, you can now use the SLIP-39 App to backup your BIP-39 Seed Entropy!
    Therefore, we now support the Ledger hardware wallets.  
 
-   If you already have a BIP-39 Mnemonic, and would like back it up using SLIP-39 for more security
-   and recovery reliability, you can use the Pro Controls to do so.  Later, when you need to recover
-   your BIP-39 Mnemonic, use the SLIP-39 App, select the Pro Controls, enter the SLIP-39 card
-   Mnemonics, and click "Using BIP-39" to reveal your original BIP-39 Mnemonic phrase.  Then,
-   proceed with Ledger wallet recovery as normal, using the BIP-39 Mnemonic.
-
    The [[https://shop.ledger.com/pages/ledger-nano-s-plus?r=2cd1cb6ae51f][Ledger Nano S Plus]] has a large screen, at a reasonable price point, and connects via USB-C.
 
    #+BEGIN_EXPORT html
@@ -201,9 +195,27 @@ related to the Seed.
    <a href="https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f"><img width=728 height=90 src="http://affiliate.ledger.com/image/728/90"></a>
    #+END_EXPORT
 
+*** Recovering your BIP-39 Seed Phrase
+
+    If you already have a BIP-39 Mnemonic, and would like back it up using SLIP-39 for more security
+    and recovery reliability, you can use the SLIP-39 App's Backup Controls to do so.  After you
+    create your Seed Data (or enter an existing BIP-39 Seed Phrase), select "Using BIP-39".  This
+    will generate a set of SLIP-39 Mnemonic Cards that *backs up your existing BIP-39 Seed Phrase*.
+
+    Later, when you need to recover your BIP-39 Mnemonic (say, to initialize a fresh replacement
+    Ledger hardware wallet), use the SLIP-39 App, select the Recover Controls, and enter sufficient
+    SLIP-39 card Mnemonics -- and click "Using BIP-39" to reveal your original BIP-39 Seed Phrase.
+    Then, proceed with Ledger wallet recovery as normal, using the BIP-39 Mnemonic.
+
+    This may not /seem/ like an impressive feat.  But, it is unexpectedly important and powerful!
+    Your existing BIP-39 Seed Phrase is *extrememely* risky; it can /easily/ be lost or stolen.  By
+    using SLIP-39 to Backup your BIP-39 Seed Phrase, you can distribute the safe and reliable
+    SLIP-39 Mnemonic cards to friends and family, and reduce the risks of theft or loss of your
+    critical cryptocurrency accounts Seed data.
+
 ** Netcoins.app
 
-   In Canada, one of the more highly regulatory-compliant Cryptocurrency exchanges is [[https://netcoins.app/r?ac=5YO1MZ][Netcoins.app
+   In Canada, one of the more highly regulatory-compliant cryptocurrency exchanges is [[https://netcoins.app/r?ac=5YO1MZ][Netcoins.app
    (referral code: 5YO1MZ)]]; sign up with this referral link, and we both get some benefits.
 
    They have higher than typical Interac e-transfer limits, which is very nice.  However, they don't

App.pdf

@@ -8,7 +8,7 @@
                           2022-02-02 22:22:00
 
 
-Creating personal Ethereum, Bitcoin and other Cryptocurrency accounts is
+Creating personal Ethereum, Bitcoin and other cryptocurrency accounts is
 /urgently/ needed, but is complex and fraught with potential for loss of
 funds.
 
@@ -19,7 +19,7 @@ The best practice for using these wallets is to load this "Seed" into a
 secure hardware device, like a [Trezor "Model T"] hardware wallet.
 SLIP-39 Mnemonic cards contain the recovery words, which are typed
 directly into the Trezor device to recover the Seed, and all of its
-Cryptocurrency accounts.  For the [Ledger Nano] and other hardware
+cryptocurrency accounts.  For the [Ledger Nano] and other hardware
 wallets supporting only BIP-39 Mnemonics, you can now use the SLIP-39
 App to securely and reliably back up these BIP-39 phrases.
 
@@ -31,7 +31,7 @@ output, to support software cryptocurrency wallets such as Metamask,
 Brave or various mobile-phone and computer-based wallets.
 
 Later, if you (or your heirs!) need to recover *all* of your
-Cryptocurrency accounts, they can collect a sufficient threshold of the
+cryptocurrency accounts, they can collect a sufficient threshold of the
 cards and regain access to all of the cryptocurrency accounts related to
 the Seed.
 
@@ -48,6 +48,7 @@ Table of Contents
 2. Recommended Vendors
 .. 1. Trezor
 .. 2. Ledger
+..... 1. Recovering your BIP-39 Seed Phrase
 .. 3. Netcoins.app
 .. 4. Crypto.com
 .. 5. Protecting your SLIP-39 Cards
@@ -132,7 +133,7 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   passphrase forgotten.
 
   The statistical chances of anyone successfully passing a
-  Cryptocurrency wallet Private Key + passphrase or Seed to their heirs
+  cryptocurrency wallet Private Key + passphrase or Seed to their heirs
   over a 50-year period is therefore very low.  Since memory fades and
   "safe" storage places are lost, destroyed or forgotten, this risk
   actually increases exponentially over time.
@@ -190,7 +191,7 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   own wallet.
 
   If the Paper Wallet is ever lost, you can recover the Private Key (it
-  was derived from your Seed!), and transfer the Cryptocurrency back
+  was derived from your Seed!), and transfer the cryptocurrency back
   into one of your own wallets.
 
 
@@ -206,12 +207,12 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
 
   The [Trezor "Model T"] hardware wallet has built-in SLIP-39 generation
   and recovery capability.  Enter the words on the SLIP-39 cards
-  directly into the screen of the Trezor to recover your Cryptocurrency
+  directly into the screen of the Trezor to recover your cryptocurrency
   accounts.
 
   We recommend the Trezor "Model T" for this reason.  No other hardware
   wallet yet supports direct, on-screen SLIP-39 Seed recovery.  This
-  feature is, simply, so fundamentally important for Cryptocurrency Seed
+  feature is, simply, so fundamentally important for cryptocurrency Seed
   security and reliability that we consider it a necessity.
 
   If you already have one of the less expensive Trezor wallets that only
@@ -232,14 +233,6 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   SLIP-39 App to backup your BIP-39 Seed Entropy!  Therefore, we now
   support the Ledger hardware wallets.
 
-  If you already have a BIP-39 Mnemonic, and would like back it up using
-  SLIP-39 for more security and recovery reliability, you can use the
-  Pro Controls to do so.  Later, when you need to recover your BIP-39
-  Mnemonic, use the SLIP-39 App, select the Pro Controls, enter the
-  SLIP-39 card Mnemonics, and click "Using BIP-39" to reveal your
-  original BIP-39 Mnemonic phrase.  Then, proceed with Ledger wallet
-  recovery as normal, using the BIP-39 Mnemonic.
-
   The [Ledger Nano S Plus] has a large screen, at a reasonable price
   point, and connects via USB-C.
 
@@ -254,11 +247,36 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
 [Ledger Nano X]
 <https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f>
 
+2.2.1 Recovering your BIP-39 Seed Phrase
+╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌
+
+  If you already have a BIP-39 Mnemonic, and would like back it up using
+  SLIP-39 for more security and recovery reliability, you can use the
+  SLIP-39 App's Backup Controls to do so.  After you create your Seed
+  Data (or enter an existing BIP-39 Seed Phrase), select "Using BIP-39".
+  This will generate a set of SLIP-39 Mnemonic Cards that *backs up your
+  existing BIP-39 Seed Phrase*.
+
+  Later, when you need to recover your BIP-39 Mnemonic (say, to
+  initialize a fresh replacement Ledger hardware wallet), use the
+  SLIP-39 App, select the Recover Controls, and enter sufficient SLIP-39
+  card Mnemonics – and click "Using BIP-39" to reveal your original
+  BIP-39 Seed Phrase.  Then, proceed with Ledger wallet recovery as
+  normal, using the BIP-39 Mnemonic.
+
+  This may not /seem/ like an impressive feat.  But, it is unexpectedly
+  important and powerful!  Your existing BIP-39 Seed Phrase is
+  *extrememely* risky; it can /easily/ be lost or stolen.  By using
+  SLIP-39 to Backup your BIP-39 Seed Phrase, you can distribute the safe
+  and reliable SLIP-39 Mnemonic cards to friends and family, and reduce
+  the risks of theft or loss of your critical cryptocurrency accounts
+  Seed data.
+
 
 2.3 Netcoins.app
 ────────────────
 
-  In Canada, one of the more highly regulatory-compliant Cryptocurrency
+  In Canada, one of the more highly regulatory-compliant cryptocurrency
   exchanges is [Netcoins.app (referral code: 5YO1MZ)]; sign up with this
   referral link, and we both get some benefits.
 

App.txt

@@ -953,7 +953,7 @@ recover your accounts to your Ledger (or other) hardware wallet.
     | strength | Or, the number of bits of Entropy to produce (Default: 128) |
     | language | Default is "english"                                        |
     #+LATEX: }
-    
+
 * Conversion from BIP-39 to SLIP-39
 
   If we already have a BIP-39 wallet, it would certainly be nice to be able to create nice, safe
@@ -1547,6 +1547,74 @@ recover your accounts to your Ledger (or other) hardware wallet.
      The MMC (Microsoft Management Console) is used to store your code-signing certificates.  
      See [[https://stackoverflow.com/questions/19879812/signing-exe-with-cer-file-what-is-my-certificates-name-that-signtool-exe-is][stackoverflow.com]] for how to enable its Certificate management.
 
+* Licensing
+
+  Each installation of the SLIP-39 App requires an Ed25519 "Agent" identity, and cryptographically
+  signed license(s) to activate various python-slip39 features.  No license is required to use basic
+  features; advanced features require a license.
+
+** Create an Ed25519 "Agent" Key
+
+   The Ed25519 signing "Agent" identity is loaded at start-up, and (if necessary) is created
+   automatically on first execution.  This is similar to the =ssh-keygen -t ed25519= procedure.
+
+   Each separate installation must have a ~/.crypto-licensing/python-slip39.crypto-keypair.  This
+   contains the licensing "Agent" credentials: a passphrase-encrypted Ed25519 private key, and a
+   self-signed public key.  This shows that we actually had access to the private key and used it to
+   create a signature for the claimed public key and the supplied encrypted private key -- proving
+   that the public key is valid, and associated with the encrypted private key.
+
+** Validating an Advanced Feature License
+
+   When an advanced feature is used, all available =python-slip39.crypto-license= files are loaded.
+   They are examined, and if a license is found that is:
+
+     - Assigned to this Agent and Machine-ID
+     - Contains the required license authorizations
+
+   then the functionality is allowed to proceed.
+
+   If no license is found, instructions on how to obtain a license for this Agent on this Machine-ID
+   will be displayed.
+
+   If you've already obtained a "master" license on your primary machine's SLIP-39 installation, you
+   can use it to issue a sub-license to this installation (eg. for your air-gapped cryptocurrency
+   management machine).
+
+   Otherwise, a URL is displayed at which the required "master" license can be issued.
+
+*** Get a sub-license From Your "master" License
+
+    Typically, you'll be using python-slip39's advanced features on an air-gapped computer.  You do
+    not want to visit websites from this computer.  So, you obtain a sub-license from your primary
+    computer's python-slip39 installation, and place it on your secure air-gapped computer
+    (eg. using a USB stick).
+
+    Take note of the secondary machine's Agent ID (pubkey) and Machine ID.  On your primary
+    computer (with the "master" license), run:
+    : python3 -m slip39.sublicense <agent-pubkey> <machine-id>
+
+    Take the output, and place it in the file =~/.crypto-licensing/python-slip39.crypto-license= on
+    your air-gapped computer.
+    
+*** Obtaining an Advanced Feature "master" License
+
+    On your primary computer, open the provided URL in a browser.  The URL contains the details of
+    the advanced feature desired.
+
+    This URL's web page will request an Ed25519 "Agent" public key to issue your "master" license
+    to.  This should be your primary user account's Ed25519 "Agent" public key -- this master
+    "Agent" will be issuing sub-licenses to any of your other SLIP-39 installations.  You will be
+    redirected to a URL that is unique to the advanced feature plus your Agent ID.
+
+    An invoice will be generated with unique Bitcoin, Ethereum and perhaps other cryptocurrency
+    addresses.  Pay the required amount of cryptocurrency to one of the provided wallet addresses.
+    Within a few seconds, the cryptocurrency transfer will be confirmed.
+
+    Once the payment for the advanced feature is confirmed, the URL including your agent ID will
+    always allow you to re-download the license.  It is only usable by your Agent ID to issue
+    sub-licenses to your python-slip39 installations on your machines.
+
 * Dependencies
 
   Internally, python-slip39 project uses Trezor's [[https://gihub.com/trezor/python-shamir-mnemonic.git][python-shamir-mnemonic]] to encode the seed data to

README.org

@@ -50,9 +50,9 @@ coll = COLLECT(exe,
 app = BUNDLE(coll,
              name='SLIP-39.app',
              icon='images/SLIP-39.icns',
-             version='9.0.3',
+             version='9.1.0',
              info_plist={
-                 'CFBundleVersion':'9.0.3',
+                 'CFBundleVersion':'9.1.0',
                  'CFBundlePackageType':'APPL',
                  'LSApplicationCategoryType':'public.app-category.finance',
                  'LSMinimumSystemVersion':'10.15.0',

SLIP-39-macOS.spec

@@ -0,0 +1,18 @@
+#+title: Seed Extra Randomness - Ignore Bad Entropy
+#+OPTIONS: toc:nil title:nil author:nil
+
+#+BEGIN_ABSTRACT
+Bad Entropy is risk to Cryptocurrency HD Wallet Seed Secrets!
+
+Avoid Harmonic and Shannon Entropy Deficiencies:
+  - Use strong cryptographically secure randomness for your Seed Data
+  - Use Extra Randomness from good sources, eg. rolling 20 or so dice
+#+END_ABSTRACT
+
+#+BEGIN_EXAMPLE
+{update_seed_data.analysis}
+#+END_EXAMPLE
+
+#+BEGIN_EXAMPLE
+{update_seed_entropy.analysis}
+#+END_EXAMPLE

slip39/gui/SLIP-39-SE-SIGS.org

@@ -0,0 +1,13 @@
+Bad Entropy is risk to Cryptocurrency HD Wallet Seed Secrets!
+
+Avoid Harmonic and Shannon Entropy Deficiencies:
+• Use strong cryptographically secure randomness for your Seed Data
+• Use Extra Randomness from good sources, eg. rolling 20 or so dice
+
+┌────
+│ {update_seed_data.analysis}
+└────
+
+┌────
+│ {update_seed_entropy.analysis}
+└────