feat: GPG-encrypted seed phrase backup download on wallet create/import

- New seedphrase-backup.ts using openpgp.js for client-side symmetric encryption
- Auto-downloads wallet_<id>_seedphrase.txt.gpg on create and import
- Decrypt with: gpg --decrypt wallet_<id>_seedphrase.txt.gpg
- Added 'Download GPG Backup' button on SeedDisplay for manual re-download
- All encryption happens in browser — seed phrase never touches the server

Author: ralyodio

package.json

@@ -48,6 +48,7 @@
     "jsonwebtoken": "^9.0.2",
     "next": "16.1.0",
     "node-fetch": "^3.3.2",
+    "openpgp": "^6.3.0",
     "papaparse": "^5.5.3",
     "qrcode": "^1.5.3",
     "react": "^19.0.0",

pnpm-lock.yaml

@@ -8,14 +8,15 @@ import { PasswordInput } from '@/components/web-wallet/PasswordInput';
 import { SeedDisplay } from '@/components/web-wallet/SeedDisplay';
 import { ChainMultiSelect } from '@/components/web-wallet/ChainSelector';
 import { checkPasswordStrength } from '@/lib/web-wallet/client-crypto';
+import { downloadEncryptedSeedPhrase } from '@/lib/web-wallet/seedphrase-backup';
 
 type Step = 'password' | 'seed' | 'verify';
 
 const DEFAULT_CHAINS = ['BTC', 'BCH', 'ETH', 'POL', 'SOL', 'USDC_ETH', 'USDC_POL', 'USDC_SOL'];
 
 export default function CreateWalletPage() {
   const router = useRouter();
-  const { createWallet, isLoading, error, clearError } = useWebWallet();
+  const { createWallet, isLoading, error, clearError, walletId: contextWalletId } = useWebWallet();
 
   const [step, setStep] = useState<Step>('password');
   const [password, setPassword] = useState('');
@@ -39,6 +40,15 @@ export default function CreateWalletPage() {
     try {
       const result = await createWallet(password, { chains });
       setMnemonic(result.mnemonic);
+
+      // Auto-download GPG-encrypted seed phrase backup (client-side only)
+      try {
+        await downloadEncryptedSeedPhrase(result.mnemonic, password, result.walletId);
+      } catch (dlErr) {
+        console.warn('Seed phrase backup download failed:', dlErr);
+        // Non-fatal — user can still copy manually
+      }
+
       // Pick a random word index for verification
       const words = result.mnemonic.split(' ');
       setVerifyIndex(Math.floor(Math.random() * words.length));
@@ -139,7 +149,12 @@ export default function CreateWalletPage() {
       )}
 
       {step === 'seed' && mnemonic && (
-        <SeedDisplay mnemonic={mnemonic} onConfirmed={handleSeedConfirmed} />
+        <SeedDisplay
+          mnemonic={mnemonic}
+          onConfirmed={handleSeedConfirmed}
+          password={password}
+          walletId={contextWalletId}
+        />
       )}
 
       {step === 'verify' && (

src/app/web-wallet/create/page.tsx

@@ -8,6 +8,7 @@ import { PasswordInput } from '@/components/web-wallet/PasswordInput';
 import { SeedInput } from '@/components/web-wallet/SeedInput';
 import { ChainMultiSelect } from '@/components/web-wallet/ChainSelector';
 import { checkPasswordStrength } from '@/lib/web-wallet/client-crypto';
+import { downloadEncryptedSeedPhrase } from '@/lib/web-wallet/seedphrase-backup';
 
 const DEFAULT_CHAINS = ['BTC', 'BCH', 'ETH', 'POL', 'SOL', 'USDC_ETH', 'USDC_POL', 'USDC_SOL'];
 
@@ -42,7 +43,16 @@ export default function ImportWalletPage() {
     }
 
     try {
-      await importWallet(mnemonic.trim(), password, { chains });
+      const result = await importWallet(mnemonic.trim(), password, { chains });
+
+      // Auto-download GPG-encrypted seed phrase backup (client-side only)
+      try {
+        await downloadEncryptedSeedPhrase(mnemonic.trim(), password, result.walletId);
+      } catch (dlErr) {
+        console.warn('Seed phrase backup download failed:', dlErr);
+        // Non-fatal — user still has their phrase
+      }
+
       router.push('/web-wallet');
     } catch (err: unknown) {
       const message = err instanceof Error ? err.message : '';

src/app/web-wallet/import/page.tsx

@@ -1,15 +1,21 @@
 'use client';
 
 import { useState } from 'react';
+import { downloadEncryptedSeedPhrase } from '@/lib/web-wallet/seedphrase-backup';
 
 interface SeedDisplayProps {
   mnemonic: string;
   onConfirmed?: () => void;
+  /** Password for GPG-encrypting the backup download */
+  password?: string;
+  /** Wallet ID for the backup filename */
+  walletId?: string | null;
 }
 
-export function SeedDisplay({ mnemonic, onConfirmed }: SeedDisplayProps) {
+export function SeedDisplay({ mnemonic, onConfirmed, password, walletId }: SeedDisplayProps) {
   const [revealed, setRevealed] = useState(false);
   const [copied, setCopied] = useState(false);
+  const [downloading, setDownloading] = useState(false);
   const words = mnemonic.split(' ');
 
   const handleCopy = async () => {
@@ -18,6 +24,18 @@ export function SeedDisplay({ mnemonic, onConfirmed }: SeedDisplayProps) {
     setTimeout(() => setCopied(false), 2000);
   };
 
+  const handleDownloadBackup = async () => {
+    if (!password || !walletId) return;
+    setDownloading(true);
+    try {
+      await downloadEncryptedSeedPhrase(mnemonic, password, walletId);
+    } catch (err) {
+      console.error('Backup download failed:', err);
+    } finally {
+      setDownloading(false);
+    }
+  };
+
   return (
     <div className="space-y-4">
       <div className="rounded-xl border border-yellow-500/30 bg-yellow-500/5 p-4">
@@ -53,12 +71,24 @@ export function SeedDisplay({ mnemonic, onConfirmed }: SeedDisplayProps) {
             ))}
           </div>
 
-          <button
-            onClick={handleCopy}
-            className="w-full rounded-lg border border-white/10 bg-white/5 px-4 py-2 text-sm text-gray-400 hover:bg-white/10 hover:text-white transition-colors"
-          >
-            {copied ? 'Copied!' : 'Copy to clipboard'}
-          </button>
+          <div className="flex gap-2">
+            <button
+              onClick={handleCopy}
+              className="flex-1 rounded-lg border border-white/10 bg-white/5 px-4 py-2 text-sm text-gray-400 hover:bg-white/10 hover:text-white transition-colors"
+            >
+              {copied ? 'Copied!' : 'Copy to clipboard'}
+            </button>
+
+            {password && walletId && (
+              <button
+                onClick={handleDownloadBackup}
+                disabled={downloading}
+                className="flex-1 rounded-lg border border-purple-500/30 bg-purple-500/10 px-4 py-2 text-sm text-purple-400 hover:bg-purple-500/20 hover:text-purple-300 transition-colors disabled:opacity-50"
+              >
+                {downloading ? 'Encrypting...' : '🔐 Download GPG Backup'}
+              </button>
+            )}
+          </div>
         </div>
       )}
 

src/components/web-wallet/SeedDisplay.tsx

@@ -0,0 +1,82 @@
+/**
+ * Seed Phrase GPG Backup
+ *
+ * Encrypts the seed phrase using OpenPGP symmetric encryption (AES-256)
+ * and triggers a browser download. The resulting .gpg file can be
+ * decrypted with: gpg --decrypt wallet_<id>_seedphrase.txt.gpg
+ *
+ * IMPORTANT: Everything runs client-side. The seed phrase never leaves
+ * the browser. No server calls are made.
+ */
+
+import * as openpgp from 'openpgp';
+
+/**
+ * Encrypt a seed phrase with the user's password using OpenPGP symmetric encryption
+ * and trigger a file download in the browser.
+ *
+ * @param mnemonic - The plaintext seed phrase
+ * @param password - The user's wallet password (used as GPG passphrase)
+ * @param walletId - The wallet ID (used in filename)
+ */
+export async function downloadEncryptedSeedPhrase(
+  mnemonic: string,
+  password: string,
+  walletId: string
+): Promise<void> {
+  const filename = `wallet_${walletId}_seedphrase.txt`;
+
+  // Create the plaintext content
+  const content = [
+    '# CoinPayPortal Wallet Seed Phrase Backup',
+    `# Wallet ID: ${walletId}`,
+    `# Created: ${new Date().toISOString()}`,
+    '#',
+    '# KEEP THIS FILE SAFE. Anyone with this phrase can access your funds.',
+    '# Decrypt with: gpg --decrypt ' + filename + '.gpg',
+    '',
+    mnemonic,
+    '',
+  ].join('\n');
+
+  // Encrypt using OpenPGP symmetric (password-based) encryption
+  const message = await openpgp.createMessage({ text: content });
+  const encrypted = await openpgp.encrypt({
+    message,
+    passwords: [password],
+    format: 'binary',
+    config: {
+      preferredSymmetricAlgorithm: openpgp.enums.symmetric.aes256,
+      preferredCompressionAlgorithm: openpgp.enums.compression.zlib,
+    },
+  });
+
+  // Convert to Blob and trigger download
+  const data = encrypted instanceof Uint8Array
+    ? encrypted
+    : new TextEncoder().encode(encrypted as string);
+  const blob = new Blob([new Uint8Array(data)], {
+    type: 'application/pgp-encrypted',
+  });
+
+  triggerDownload(blob, filename + '.gpg');
+}
+
+/**
+ * Trigger a browser file download from a Blob.
+ */
+function triggerDownload(blob: Blob, filename: string): void {
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement('a');
+  a.href = url;
+  a.download = filename;
+  a.style.display = 'none';
+  document.body.appendChild(a);
+  a.click();
+
+  // Cleanup
+  setTimeout(() => {
+    URL.revokeObjectURL(url);
+    document.body.removeChild(a);
+  }, 100);
+}