Working BIP-39 backup

Author: pjkundert

App.org

@@ -31,6 +31,8 @@ Bitcoin, Ethereum, etc. wallets.
 The best practice for using these wallets is to load this "Seed" into a secure hardware device, like
 a [[https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388][Trezor "Model T"]] hardware wallet.  SLIP-39 Mnemonic cards contain the recovery words, which are
 typed directly into the Trezor device to recover the Seed, and all of its Cryptocurrency accounts.
+For the [[https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f][Ledger Nano]] and other hardware wallets supporting only BIP-39 Mnemonics, you can now use the
+SLIP-39 App to securely and reliably back up these BIP-39 phrases.
 
 The [[https://github.com/pjkundert/python-slip39/releases/latest][macOS and win32 SLIP-39 App (download here -- .dmg for macOS, .msi for Windows)]] helps you
 generate Mnemonic cards and back up this Seed, securely and reliably, by distributing Mnemonic cards
@@ -147,16 +149,43 @@ related to the Seed.
    #+END_EXPORT
 
    #+BEGIN_EXPORT html
-   <!-- Javascript Ad Tag: 1083 -->
    <div id="trezor1083SycVfv"></div>
    <script src="http://trezor.go2cloud.org/aff_ad?campaign_id=1083&aff_id=10388&format=js&divid=trezor1083SycVfv" type="text/javascript"></script>
-   <!-- // End Ad Tag -->
    #+END_EXPORT
 
    We recommend the Trezor "Model T" for this reason.  No other hardware wallet yet supports direct,
    on-screen SLIP-39 Seed recovery.  This feature is, simply, so fundamentally important for
    Cryptocurrency Seed security and reliability that we consider it a necessity.
-   
+
+   If you already have one of the less expensive Trezor wallets that only support BIP-39 backup, we
+   also support those, using the same BIP-39 Seed Entropy backup via SLIP-39 as for the Ledger, and
+   other traditional hardware wallets.
+
+** Ledger
+
+   The Ledger hardware wallets are also very popular -- but they can be recovered only using BIP-39
+   Mnemonics.  However, you can now use the SLIP-39 App to backup your BIP-39 Seed Entropy!
+   Therefore, we now support the Ledger hardware wallets.  
+
+   If you already have a BIP-39 Mnemonic, and would like back it up using SLIP-39 for more security
+   and recovery reliability, you can use the Pro Controls to do so.  Later, when you need to recover
+   your BIP-39 Mnemonic, use the SLIP-39 App, select the Pro Controls, enter the SLIP-39 card
+   Mnemonics, and click "Using BIP-39" to reveal your original BIP-39 Mnemonic phrase.  Then,
+   proceed with Ledger wallet recovery as normal, using the BIP-39 Mnemonic.
+
+   The [[https://shop.ledger.com/pages/ledger-nano-s-plus?r=2cd1cb6ae51f][Ledger Nano S Plus]] has a large screen, at a reasonable price point, and connects via USB-C.
+
+   #+BEGIN_EXPORT html
+   <a href="https://shop.ledger.com/pages/ledger-nano-s-plus?r=2cd1cb6ae51f"><img width=728 height=90 src="http://affiliate.ledger.com/image/728/90"></a>
+   #+END_EXPORT
+
+   The [[https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f][Ledger Nano X]] has a large screen and supports connectivity via Bluetooth, for much easier
+   connectivity with mobile phone and laptop wallet software.
+
+   #+BEGIN_EXPORT html
+   <a href="https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f"><img width=728 height=90 src="http://affiliate.ledger.com/image/728/90"></a>
+   #+END_EXPORT
+
 ** Netcoins.app
 
    In Canada, one of the more highly regulatory-compliant Cryptocurrency exchanges is [[https://netcoins.app/r?ac=5YO1MZ][Netcoins.app

App.pdf

@@ -44,9 +44,10 @@ Table of Contents
 ..... 1. Walking-Around Money
 2. Affiliate Links
 .. 1. Trezor
-.. 2. Netcoins.app
-.. 3. Crypto.com
-.. 4. Protecting your SLIP-39 Cards
+.. 2. Ledger
+.. 3. Netcoins.app
+.. 4. Crypto.com
+.. 5. Protecting your SLIP-39 Cards
 3. Privacy Policy
 
 
@@ -186,12 +187,48 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
   feature is, simply, so fundamentally important for Cryptocurrency Seed
   security and reliability that we consider it a necessity.
 
+  If you already have one of the less expensive Trezor wallets that only
+  support BIP-39 backup, we also support those, using the same BIP-39
+  Seed Entropy backup via SLIP-39 as for the Ledger, and other
+  traditional hardware wallets.
+
 
 [Trezor "Model T"]
 <https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388>
 
 
-2.2 Netcoins.app
+2.2 Ledger
+──────────
+
+  The Ledger hardware wallets are also very popular – but they can be
+  recovered only using BIP-39 Mnemonics.  However, you can now use the
+  SLIP-39 App to backup your BIP-39 Seed Entropy!  Therefore, we now
+  support the Ledger hardware wallets.
+
+  If you already have a BIP-39 Mnemonic, and would like back it up using
+  SLIP-39 for more security and recovery reliability, you can use the
+  Pro Controls to do so.  Later, when you need to recover your BIP-39
+  Mnemonic, use the SLIP-39 App, select the Pro Controls, enter the
+  SLIP-39 card Mnemonics, and click "Using BIP-39" to reveal your
+  original BIP-39 Mnemonic phrase.  Then, proceed with Ledger wallet
+  recovery as normal, using the BIP-39 Mnemonic.
+
+  The [Ledger Nano S Plus] has a large screen, at a reasonable price
+  point, and connects via USB-C.
+
+  The [Ledger Nano X] has a large screen and supports connectivity via
+  Bluetooth, for much easier connectivity with mobile phone and laptop
+  wallet software.
+
+
+[Ledger Nano S Plus]
+<https://shop.ledger.com/pages/ledger-nano-s-plus?r=2cd1cb6ae51f>
+
+[Ledger Nano X]
+<https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f>
+
+
+2.3 Netcoins.app
 ────────────────
 
   In Canada, one of the more highly regulatory-compliant Cryptocurrency
@@ -208,7 +245,7 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
 <https://netcoins.app/r?ac=5YO1MZ>
 
 
-2.3 Crypto.com
+2.4 Crypto.com
 ──────────────
 
   Use my referral link for [Crypto.com (referral code: 2x4hk92dnf)] to
@@ -222,7 +259,7 @@ Windows)] <https://github.com/pjkundert/python-slip39/releases/latest>
 <https://crypto.com/app/2x4hk92dnf>
 
 
-2.4 Protecting your SLIP-39 Cards
+2.5 Protecting your SLIP-39 Cards
 ─────────────────────────────────
 
   Protect your printed SLIP-39 cards from water damage by laminating

App.txt

@@ -59,10 +59,10 @@ by entering the mnemonics right on the device.
 
 * Security with Availability
 
-  For both BIP-39 and SLIP-39, a 128-bit random "seed" is the source of an unlimited sequence of
-  Ethereum and Bitcoin HD (Heirarchical Deterministic) derived Wallet accounts.  Anyone who can
-  obtain this seed gains control of all Ethereum, Bitcoin (and other) accounts derived from it, so
-  it must be securely stored.
+  For both BIP-39 and SLIP-39, a 128- or 256-bit random "seed" is the source of an unlimited
+  sequence of Ethereum and Bitcoin HD (Heirarchical Deterministic) derived Wallet accounts.  Anyone
+  who can obtain this seed gains control of all Ethereum, Bitcoin (and other) accounts derived from
+  it, so it must be securely stored.
 
   Losing this seed means that all of the HD Wallet accounts are permanently lost.  It must be /both/
   backed up securely, /and/ be readily accessible.
@@ -78,15 +78,19 @@ by entering the mnemonics right on the device.
 
    [[https://github.com/satoshilabs/slips/blob/master/slip-0039.md][Satoshi Lab's (Trezor) SLIP-39]] uses SSSS to distribute the ability to recover the key to 1 or
    more "groups".  Collecting the mnemonics from the required number of groups allows recovery of
-   the seed.  For BIP-39, the number of groups is always 1, and the number of mnemonics required for
-   that group is always 1.
+   the seed.
 
-   For SLIP-39, a "group_threshold" of how many groups must bet successfully collected to recover
-   the key.  Then key is (conceptually) split between 1 or more groups (not really; each group's
-   data alone gives away no information about the key).
+   For BIP-39, the number of groups is always 1, and the number of mnemonics required for that group
+   is always 1.  This selection is both insecure (easy to accidentally disclose) and unreliable
+   (easy to accidentally lose), but since most hardware wallets, *only* accept BIP-39 phrases, we
+   also provide a way to /backup your BIP-39 phrase/ using SLIP-39!
+
+   For SLIP-39, you specify a "group_threshold" of /how many/ of your groups must be successfully
+   collected, to recover the seed; this seed is (conceptually) split between 1 or more groups
+   (though not in reality -- each group's data /alone/ gives away /no information/ about the seed).
 
    For example, you might have First, Second, Fam and Frens groups, and decide that any 2 groups can
-   be combined to recover the key.  Each group has members with varying levels of trust and
+   be combined to recover the seed.  Each group has members with varying levels of trust and
    persistence, so have different number of Members, and differing numbers Required to recover that
    group's data:
 
@@ -103,17 +107,18 @@ by entering the mnemonics right on the device.
    The account owner might store their First and Second group data in their home and office safes.
    These are 1/1 groups (1 required, and only 1 member, so each of these are3 1-card groups.)
 
-   If the account needs to be recovered, collecting the First and Second cards from the home and
-   office safe is sufficient to recover the seed, and re-generate the HD Wallet accounts.
+   If the seed needs to be recovered, collecting the First and Second cards from the home and
+   office safe is sufficient to recover the seed, and re-generate all of the HD Wallet accounts.
 
-   Only 2 Fam member's cards must be collected to recover the Fam group's data.  So, if the HD
-   Wallet owner loses their home and First group card in a fire, they could get the Second group
-   card from the office safe, and 2 cards from Fam group members, and recover the wallet.
+   Only 2 Fam group member's cards must be collected to recover the Fam group's data.  So, if the HD
+   Wallet owner loses their home (and the one and only First group card) in a fire, they could get
+   the one Second group card from the office safe, and also 2 cards from Fam group members, and
+   recover the seed and all of their wallets.
 
-   If catastrophe strikes and the owner dies, and the heirs don't have access to either the First
-   (at home) or Second (at the office), they can collect 2 Fam cards and 3 Frens cards (at the
-   funeral, for example), completing the Fam and Frens groups' data, and recover the seed, and all
-   derived HD Wallet accounts.
+   If catastrophe strikes and the wallet owner dies, and the heirs don't have access to either the
+   First (at home) or Second (at the office) cards, they can collect 2 Fam cards and 3 Frens cards
+   (at the funeral, for example), completing the Fam and Frens groups' data, and recover the seed,
+   and all derived HD Wallet accounts.
 
    Since Frens are less likely to persist long term, we'll produce more (6) of these cards.
    Depending on how trustworthy the group is, adjust the Fren group's Required number higher (less

README.org

@@ -177,7 +177,7 @@ class RippleMainnet( cryptocurrencies.Cryptocurrency ):
         "HARDENED": True
     })
 
-    PUBLIC_KEY_ADDRESS = 0x00 # Results in the prefix r..., when used w/ the Ripple base-58 alphabet
+    PUBLIC_KEY_ADDRESS = 0x00  # Results in the prefix r..., when used w/ the Ripple base-58 alphabet
     SEGWIT_ADDRESS = cryptocurrencies.SegwitAddress({
         "HRP": None,
         "VERSION": 0x00
@@ -205,7 +205,7 @@ class RippleMainnet( cryptocurrencies.Cryptocurrency ):
     WIF_SECRET_KEY = 0x80
 
 
-class XRPHDWallet( hdwallet.HDWallet ) :
+class XRPHDWallet( hdwallet.HDWallet ):
     """The XRP address format uses the standard p2pkh_address formulation, from
     https://xrpl.org/accounts.html#creating-accounts:
 

slip39/api.py

@@ -1,7 +1,6 @@
 # -*- mode: python ; coding: utf-8 -*-
 import json
 import pytest
-import codecs
 
 try:
     import eth_account
@@ -52,7 +51,6 @@ def test_account():
     assert acct.path == "m/84'/0'/0'/0/0"
     assert acct.pubkey == '038f7fa5776f5359eb861994bee043f0b16a5ca24b66eb38696a7325d3e1717e72'
 
-
     acct			= account( SEED_XMAS, crypto='Litecoin' )
     assert acct.address == 'ltc1qfjepkelqd3jx4e73s7p79lls6kqvvmak5pxy97'
     assert acct.path == "m/84'/2'/0'/0/0"
@@ -69,7 +67,6 @@ def test_account():
     assert acct.address == 'DQCnF49GwQ5auL3u5c2uow62XS57RCA2r1'
     assert acct.path == "m/44'/3'/0'/0/0"
 
-
     acct			= account( SEED_ONES, crypto='Ripple' )
     assert acct.path == "m/44'/144'/0'/0/0"  # Default
     assert acct.address == 'rsXwvDVHHPrSm23gogdxJdrJg9WBvqRE9m'
@@ -83,15 +80,15 @@ def test_account():
     assert acct.address == 'rDTXLQ7ZKZVKz33zJbHjgVShjsBnqMBhmN'
     acct.hdwallet.compressed	= lambda: '03e2b079e9b09ae8916da8f5ee40cbda9578dbe7c820553fe4d5f872eec7b1fdd4'
     assert acct.address == 'rhq549rEtUrJowuxQC2WsHNGLjAjBQdAe8'
-    acct.hdwallet.compressed	= lambda: '0282ee731039929e97db6aec242002e9aa62cd62b989136df231f4bb9b8b7c7eb2'    
+    acct.hdwallet.compressed	= lambda: '0282ee731039929e97db6aec242002e9aa62cd62b989136df231f4bb9b8b7c7eb2'
     assert acct.address == 'rKzE5DTyF9G6z7k7j27T2xEas2eMo85kmw'
     acct.hdwallet.compressed	= compressed_save
 
     # Test values from a Trezor "Model T" w/ root seed 'zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong' loaded.
     # The Trezor Suite UI produced the following account derivation path and public address for:
     acct.from_mnemonic( 'zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong' )
     assert acct.path == "m/44'/144'/0'/0/0"  # Default
-    assert acct.address == 'rUPzi4ZwoYxi7peKCqUkzqEuSrzSRyLguV'  # From Trezor "Model T" w/ 
+    assert acct.address == 'rUPzi4ZwoYxi7peKCqUkzqEuSrzSRyLguV'
     assert acct.pubkey == '039d65db4964cbf2049ad49467a6b73e7fec7d6e6f8a303cfbdb99fa21c7a1d2bc'
 
 

slip39/api_test.py

@@ -87,7 +87,7 @@
 LAYOUT				= 'Basic'
 LAYOUT_OPTIONS			= [
     'Basic',
-    'Extra',
+    'Recover',
     'Pro',
 ]
 

slip39/defaults.py

@@ -0,0 +1,50 @@
+#+title: Using BIP-39
+#+OPTIONS: toc:nil title:nil author:nil
+
+#+BEGIN_ABSTRACT
+SLIP-39 support for Hardware Wallets that require BIP-39 Mnemonics for Seed recovery.
+
+| Controls | Description                                                        |
+|----------+--------------------------------------------------------------------|
+| Basic    | Generate SLIP-39 Cards, "Using BIP-39" to recover hardware wallet  |
+| Recover  | Use SLIP-39 to recover Seed Entropy, then "Using BIP-39" on wallet |
+| Pro      | Convert existing BIP-39 Mnemonic to SLIP-39 Cards for safer backup |
+#+END_ABSTRACT
+
+* Using BIP-39
+
+  To support older or less expensive existing hardware wallets that *only* support BIP-39 recovery,
+  *or* to convert existing BIP-39 Mnemonic backups to SLIP-39 (to avoid moving all of your old
+  BIP-39 Seed derived wallets to new SLIP-39 Seed derived wallets), click the "Using BIP-39"
+  checkbox.
+
+  This will do two things:
+
+** Output BIP-39 Mnemonics
+
+   You will see your BIP-39 Mnemonic, which encodes the Seed Source (and optionally any Seed Extra
+   Randomness) you've specified.
+
+   We'll even include one BIP-39 card in the output PDF.  You can store this card (very safely and
+   securely), but we recommend you destroy it, and use the SLIP-39 App with your SLIP-39 Card
+   Mnemonics to recover it when needed, instead.
+   
+** Use BIP-39 Seed Generation
+
+   Any Cryptocurrency wallet QR codes and Paper Wallets will use BIP-39 Seed generation.
+
+   Since BIP-39 uses the Seed Entropy *differently* than SLIP-39 does, this produces *different*
+   wallets in the hardware wallet device!  In other words, exactly the same 128- or 256-bit entropy
+   produces different wallets in a [[https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388][Trezor "Model T"]] recovered directly from SLIP-39 Mnemonics,
+   compared to the same Trezor or [[https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f][Ledger Nano X]] recovered from BIP-39.
+
+   This is usually not a problem: just ensure that if you're intending to use a hardware wallet that
+   natively supports SLIP-39, *do not select* "Using BIP-39".  Then, the QR codes and Paper Wallets
+   printed will match those produced in the hardware wallet after SLIP-39 recovery.
+
+   If your hardware wallet only supports BIP-39 (or you're just backing up an existing BIP-39
+   Mnemonic using SLIP-39, and you want to continue using the original BIP-39 wallets), then *do
+   select* "Using BIP-39".  Then, when you recover your Trezor or Ledger from BIP-39, the printed QR
+   codes and Paper Wallets will use the BIP-39 Seed generation standard, and will match those
+   produced in the hardware after BIP-39 recovery.
+  

slip39/gui/SLIP-39-AS-BIP.org

@@ -0,0 +1,66 @@
+SLIP-39 support for Hardware Wallets that require BIP-39 Mnemonics for
+Seed recovery.
+
+ Controls  Description                                                        
+------------------------------------------------------------------------------
+ Basic     Generate SLIP-39 Cards, "Using BIP-39" to recover hardware wallet  
+ Recover   Use SLIP-39 to recover Seed Entropy, then "Using BIP-39" on wallet 
+ Pro       Convert existing BIP-39 Mnemonic to SLIP-39 Cards for safer backup 
+
+
+1 Using BIP-39
+==============
+
+  To support older or less expensive existing hardware wallets that
+  *only* support BIP-39 recovery, *or* to convert existing BIP-39
+  Mnemonic backups to SLIP-39 (to avoid moving all of your old BIP-39
+  Seed derived wallets to new SLIP-39 Seed derived wallets), click the
+  "Using BIP-39" checkbox.
+
+  This will do two things:
+
+
+1.1 Output BIP-39 Mnemonics
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+  You will see your BIP-39 Mnemonic, which encodes the Seed Source (and
+  optionally any Seed Extra Randomness) you've specified.
+
+  We'll even include one BIP-39 card in the output PDF.  You can store
+  this card (very safely and securely), but we recommend you destroy it,
+  and use the SLIP-39 App with your SLIP-39 Card Mnemonics to recover it
+  when needed, instead.
+
+
+1.2 Use BIP-39 Seed Generation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+  Any Cryptocurrency wallet QR codes and Paper Wallets will use BIP-39
+  Seed generation.
+
+  Since BIP-39 uses the Seed Entropy *differently* than SLIP-39 does,
+  this produces *different* wallets in the hardware wallet device!  In
+  other words, exactly the same 128- or 256-bit entropy produces
+  different wallets in a [Trezor "Model T"] recovered directly from
+  SLIP-39 Mnemonics, compared to the same Trezor or [Ledger Nano X]
+  recovered from BIP-39.
+
+  This is usually not a problem: just ensure that if you're intending to
+  use a hardware wallet that natively supports SLIP-39, *do not select*
+  "Using BIP-39".  Then, the QR codes and Paper Wallets printed will
+  match those produced in the hardware wallet after SLIP-39 recovery.
+
+  If your hardware wallet only supports BIP-39 (or you're just backing
+  up an existing BIP-39 Mnemonic using SLIP-39, and you want to continue
+  using the original BIP-39 wallets), then *do select* "Using BIP-39".
+  Then, when you recover your Trezor or Ledger from BIP-39, the printed
+  QR codes and Paper Wallets will use the BIP-39 Seed generation
+  standard, and will match those produced in the hardware after BIP-39
+  recovery.
+
+
+[Trezor "Model T"]
+<https://shop.trezor.io/product/trezor-model-t?offer_id=15&aff_id=10388>
+
+[Ledger Nano X]
+<https://shop.ledger.com/pages/ledger-nano-x?r=2cd1cb6ae51f>