I would like to add security to my existing wallet seed phrase storage. We’re not trying to make it absolutely safe. I just want to make it more difficult for someone to access my funds if they find my seed phrase storage.
I’m considering this approach:
- Convert seed phrase to entropy
- Encrypt entropy with a password
- Convert the encrypted entropy into a new (longer) seed phrase.
- Save encrypted seed phrase
Then, if necessary, reverse the operation to get your first seed phrase.
I’ve included the JS code to demonstrate it below. I used AES CEB without the initial vector and empty key salt so that it is not needed for decryption.
I suspect there is a major flaw in my approach or code.
I understand that using a password to increase the security of my Seed Phrase Storage increases the likelihood that I will not be able to access my Seed Phrase Storage if I forget my password.
import crypto from "crypto";
import bip39 from "bip39-light";
const algorithm = "aes-256-ecb";
const initialVector = null;
const keySize = 32;
const keySalt = "";
const inputPassword = ""; // password goes here
const inputMnemonic = ""; // 12 word seed phrase goes here
// encrypt 12-word input mnemonic to 24-word mnemonic
const encryptedMnemonic = encryptMnemonic(inputMnemonic, inputPassword);
// decrypt 24-word mnemonic back to 12-word mnemonic
const decryptedMnemonic = decryptMnemonic(encryptedMnemonic, inputPassword);
console.log({ inputMnemonic, encryptedMnemonic, decryptedMnemonic });
function encryptMnemonic(mnemonic, password) {
const key = crypto.scryptSync(password, keySalt, keySize);
const entropy = bip39.mnemonicToEntropy(mnemonic);
const cipher = crypto.createCipheriv(algorithm, key, initialVector);
let encryptedEntropy = cipher.update(entropy, "hex", "hex");
encryptedEntropy += cipher.final("hex");
let encryptedMnemonic = bip39.entropyToMnemonic(encryptedEntropy);
return encryptedMnemonic;
}
function decryptMnemonic(mnemonic, password) {
const key = crypto.scryptSync(password, keySalt, keySize);
let encryptedEntropy = bip39.mnemonicToEntropy(mnemonic);
const decipher = crypto.createDecipheriv(algorithm, key, initialVector);
let decryptedEntropy = decipher.update(encryptedEntropy, "hex", "hex");
decryptedEntropy += decipher.final("hex");
let decryptedMnemonic = bip39.entropyToMnemonic(decryptedEntropy);
return decryptedMnemonic;
}
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
