From 81246f8000fa09099db5c3c0feaa54ed4516fe86 Mon Sep 17 00:00:00 2001
From: Sun Knudsen <hello@sunknudsen.com>
Date: Fri, 9 Apr 2021 13:57:09 -0400
Subject: [PATCH] Implemented Electrum mnemonic feature

---
 .../README.md                                 | 111 ++++++++++++++----
 ...reate-seed.py => create-bip39-mnemonic.py} |   0
 .../create-bip39-mnemonic.py.sig              |  16 +++
 .../create-seed.py.sig                        |  16 ---
 .../qr-backup.sh                              |  54 ++++++---
 .../qr-backup.sh.sig                          |  26 ++--
 .../qr-clone.sh.sig                           |  26 ++--
 .../qr-restore.sh.sig                         |  26 ++--
 .../secure-erase.sh.sig                       |  26 ++--
 ...ate-seed.py => validate-bip39-mnemonic.py} |   0
 .../validate-bip39-mnemonic.py.sig            |  16 +++
 .../validate-seed.py.sig                      |  16 ---
 12 files changed, 210 insertions(+), 123 deletions(-)
 rename how-to-create-encrypted-paper-backup/{create-seed.py => create-bip39-mnemonic.py} (100%)
 create mode 100644 how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig
 delete mode 100644 how-to-create-encrypted-paper-backup/create-seed.py.sig
 rename how-to-create-encrypted-paper-backup/{validate-seed.py => validate-bip39-mnemonic.py} (100%)
 create mode 100644 how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig
 delete mode 100644 how-to-create-encrypted-paper-backup/validate-seed.py.sig

diff --git a/how-to-create-encrypted-paper-backup/README.md b/how-to-create-encrypted-paper-backup/README.md
index f054f3f..e3354fc 100644
--- a/how-to-create-encrypted-paper-backup/README.md
+++ b/how-to-create-encrypted-paper-backup/README.md
@@ -94,9 +94,72 @@ $ echo -e "export GPG_TTY=\"\$(tty)\"\nexport PATH=\$PATH:/home/pi/.local/bin" >
 $ source ~/.bashrc
 ```
 
-### Step 5 (optional): install `screen` and [Trezor](https://trezor.io/)’s [trezorcrl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor)
+### Step 5 (optional): install [Electrum](https://electrum.org/#home) (required to generate Electrum mnemonic)
 
-> Heads-up: we will likely use `screen` and `trezorcrl` command line utilities in the future and this guide is designed to configure a [read-only](#step-12-make-filesystem-read-only) Raspberry Pi.
+#### Install Electrum dependencies
+
+```shell
+apt install -y libsecp256k1-0 python3-cryptography
+```
+
+#### Set Electrum release semver environment variable
+
+> Heads-up: replace `4.1.2` with [latest release](https://electrum.org/#download).
+
+```shell
+ELECTRUM_RELEASE_SEMVER=4.1.2
+```
+
+#### Download Electrum release and PGP signature
+
+```shell
+curl -O "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz"
+curl -O "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc"
+```
+
+#### Import ThomasV’s PGP public key
+
+```console
+$ curl https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc | gpg --import
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100  4739  100  4739    0     0  22459      0 --:--:-- --:--:-- --:--:-- 22459
+gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
+gpg: key 2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+```
+
+imported: 1
+
+👍
+
+#### Verify Electrum release using GnuPG (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
+
+```console
+$ gpg --verify Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc
+gpg: assuming signed data in 'Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz'
+gpg: Signature made Thu 08 Apr 2021 09:47:30 EDT
+gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
+gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
+gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
+gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
+```
+
+Good signature
+
+👍
+
+#### Install Electrum
+
+```shell
+pip3 install --user Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz
+```
+
+### Step 6 (optional): install `screen` and [trezorcrl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (required to validate integrity of [Trezor](https://trezor.io/) encrypted paper backups)
 
 ```console
 $ sudo apt install -y screen
@@ -106,47 +169,47 @@ $ pip3 install attrs trezor --user
 $ sudo curl https://data.trezor.io/udev/51-trezor.rules -o /etc/udev/rules.d/51-trezor.rules
 ```
 
-### Step 6: download [create-seed.py](./create-seed.py) ([PGP signature](./create-seed.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 7: download [create-bip39-mnemonic.py](./create-bip39-mnemonic.py) ([PGP signature](./create-bip39-mnemonic.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
-sudo curl -o /usr/local/sbin/create-seed.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-seed.py
+sudo curl -o /usr/local/sbin/create-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
 ```
 
-### Step 7: download [validate-seed.py](./validate-seed.py) ([PGP signature](./validate-seed.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 8: download [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py) ([PGP signature](./validate-bip39-mnemonic.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
-sudo curl -o /usr/local/sbin/validate-seed.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-seed.py
+sudo curl -o /usr/local/sbin/validate-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
 ```
 
-### Step 8: download [qr-backup.sh](./qr-backup.sh) ([PGP signature](./qr-backup.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 9: download [qr-backup.sh](./qr-backup.sh) ([PGP signature](./qr-backup.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
 sudo curl -o /usr/local/sbin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh
 sudo chmod +x /usr/local/sbin/qr-backup.sh
 ```
 
-### Step 9: download [qr-restore.sh](./qr-restore.sh) ([PGP signature](./qr-restore.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 10: download [qr-restore.sh](./qr-restore.sh) ([PGP signature](./qr-restore.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
 sudo curl -o /usr/local/sbin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh
 sudo chmod +x /usr/local/sbin/qr-restore.sh
 ```
 
-### Step 10: download [qr-clone.sh](./qr-clone.sh) ([PGP signature](./qr-clone.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 11: download [qr-clone.sh](./qr-clone.sh) ([PGP signature](./qr-clone.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
 sudo curl -o /usr/local/sbin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh
 sudo chmod +x /usr/local/sbin/qr-clone.sh
 ```
 
-### Step 11: download [secure-erase.sh](./secure-erase.sh) ([PGP signature](./secure-erase.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 12: download [secure-erase.sh](./secure-erase.sh) ([PGP signature](./secure-erase.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 
 ```shell
 sudo curl -o /usr/local/sbin/secure-erase.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh
 sudo chmod +x /usr/local/sbin/secure-erase.sh
 ```
 
-### Step 12: make filesystem read-only
+### Step 13: make filesystem read-only
 
 > Heads-up: shout-out to Nico Kaiser for his amazing [guide](https://gist.github.com/nicokaiser/08aa5b7b3958f171cf61549b70e8a34b) on how to configure a read-only Raspberry Pi.
 
@@ -210,13 +273,13 @@ sudo sed -i -e 's/vfat\s*defaults\s/vfat defaults,ro/' /etc/fstab
 sudo sed -i -e 's/ext4\s*defaults,noatime\s/ext4 defaults,noatime,ro,noload/' /etc/fstab
 ```
 
-### Step 13: disable Wi-Fi (if not using ethernet)
+### Step 14: disable Wi-Fi (if not using ethernet)
 
 ```shell
 echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt
 ```
 
-### Step 14: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug
+### Step 15: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug
 
 ```console
 $ sudo systemctl disable dhcpcd networking wpa_supplicant
@@ -224,13 +287,13 @@ $ sudo systemctl disable dhcpcd networking wpa_supplicant
 $ sudo rm /etc/profile.d/wifi-check.sh
 ```
 
-### Step 15: delete macOS hidden files (if present)
+### Step 16: delete macOS hidden files (if present)
 
 ```shell
 sudo rm -fr /boot/.fseventsd /boot/.DS_Store /boot/.Spotlight-V100
 ```
 
-### Step 16: reboot
+### Step 17: reboot
 
 ```shell
 sudo systemctl reboot
@@ -238,9 +301,9 @@ sudo systemctl reboot
 
 > WARNING: DO NOT CONNECT RASPBERRY PI TO NETWORK EVER AGAIN WITHOUT REINSTALLING RASPBERRY PI OS FIRST (DEVICE IS NOW "READ-ONLY" AND “COLD”).
 
-### Step 17 (optional): disable auto-mount of `boot` volume (on macOS)
+### Step 18 (optional): disable auto-mount of `boot` volume (on macOS)
 
-> Heads-up: done to prevent macOS from writing [hidden files](#step-15-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of micro SD card.
+> Heads-up: done to prevent macOS from writing [hidden files](#step-16-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of micro SD card.
 
 Insert micro SD card into macOS computer, run following and eject card.
 
@@ -250,7 +313,7 @@ volume_uuid=$(diskutil info "$volume_path" | awk '/Volume UUID:/ { print $3 }')
 echo "UUID=$volume_uuid none msdos rw,noauto" | sudo tee -a /etc/fstab
 ```
 
-### Step 18 (optional): compute SHA512 hash of micro SD card and store in password manager (on macOS)
+### Step 19 (optional): compute SHA512 hash of micro SD card and store in password manager (on macOS)
 
 Run `diskutil list` to find disk ID of micro SD card with “Raspberry Pi OS Lite” installed (`disk2` in the following example).
 
@@ -293,16 +356,16 @@ SHA512(/dev/rdisk2)= 353af7e9bd78d7d98875f0e2a58da3d7cdfc494f2ab5474b2ab4a8fd212
 
 ### Create encrypted paper backup
 
-> Heads-up: use `--bip39` to test secret against BIP39 [word list](https://raw.githubusercontent.com/bitcoin/bips/master/bip-0039/english.txt).
-
 ```console
 $ qr-backup.sh --help
 Usage: qr-backup.sh [options]
 
 Options:
-  --create-seed    create 24-word BIP39 seed
-  --validate-seed  validate if secret is BIP39 seed
-  -h, --help       display help for command
+  --create-bip39-mnemonic      create BIP39 mnemonic
+  --create-electrum-mnemonic   create Electrum mnemonic
+  --validate-bip39-mnemonic    validate if secret is valid BIP39 mnemonic
+  --label <label>              print label after short hash
+  -h, --help                   display help for command
 
 $ qr-backup.sh
 Format USB flash drive? (y or n)?
@@ -336,7 +399,7 @@ The following image is now available on USB flash drive.
 > Heads-up: use `--word-list` to split secret into word list.
 
 ```console
-$ qr-restore.sh
+$ qr-restore.sh --help
 Usage: qr-restore.sh [options]
 
 Options:
diff --git a/how-to-create-encrypted-paper-backup/create-seed.py b/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
similarity index 100%
rename from how-to-create-encrypted-paper-backup/create-seed.py
rename to how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
diff --git a/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig b/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig
new file mode 100644
index 0000000..b8e8921
--- /dev/null
+++ b/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlH8ACgkQH6dnhiu9
+EwWREg/+OmH/jkL8MpazXOVivugSF9p7mxAos2stMB/w1VTRoRWrIO5tLAwNVzcE
+FmqXiDE3mcuX/CdQamYKHdfuQ78hOGQFo+coTXyDeEhJzzB/ThDOsJw6d6JxV3xl
+tiT2OVdmo2HwOU8GZXXbsgWQArf7BwYU12YQe06JCOenfuo7ezrHmrAUjiBk2+AK
+RB4fhQ2wBiZQ4m2PjD6tJK9CCVNKWH2sSaP4jeZ2/7JHeykSKKpRUYglCVqP1gHP
+mF2Ii1Ox6lNCfkr822ZttuxX7NKO6mVnYlHSbFFOeW4VFl78CHqM529+BVNFOLCo
+LXi5TKl7HjGI9A3WAm1UkUdU5vmmAyvZSaON56bCk/6V3sZ1vbKkKL1TztxGm4l+
+M9GEtrDIFGcwtaFejxrQYvwC/KFHr96A3Cl4/qTCCrD8WsY1y9La07YTsgTj7zsB
+yQMbdou4Ixqh+pvXdhOujLnWuLLHVjveBPzJmIPT181GZ8vLMl8S+S63DAf+jPSz
+IQjLN0WNL717RE5J5DYOg4zpeO7v5GfUSCWANgXCJQZNKBJK4Bp/0mpHZ6keCBDQ
+Js34tKEV9DXkJHJV59WrdiW9JPIFtXsjSd6bbJBgsm7v7thO0EVCkBlOCel5oGPs
+Gj02RtcGJRQF8vK8kIciQF8jbYgVTuaMWI4ek4+gDsxsGGeBhhI=
+=i0UJ
+-----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/create-seed.py.sig b/how-to-create-encrypted-paper-backup/create-seed.py.sig
deleted file mode 100644
index 2e84716..0000000
--- a/how-to-create-encrypted-paper-backup/create-seed.py.sig
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLujgACgkQH6dnhiu9
-EwXGtQ/9HlcJnAKUbRjDor7sWkZcVI3lXXGLn8hRBtTjDtLN6E8t9grPRSwx/62b
-fPAZpQlheKu9I34A4AKBsy8kx2PuT7J/jaiFqg+BPrt8u0um09x7dsvwj32gUs2N
-Dj5QTOkWV2WW8X1U8fTaaZIw6N5/Sa1XR7x+OyTCS0amtG5oCZC3Q6r89QltCJvR
-JETlf8laopLPQCuxZhIOZIuSbPNFz6uzPu83f4IzJ41ceWB9HsdnMTeArrOmcXBg
-7nNX6ghBaINzxVKVnoWkSkk0LMgcU80Hv00wwCo8OKcwEU0XZeGI8mdFlGdS5Ijq
-TjWCfcf99TxrG9EzetiAIzqAXujpRYjXhqUs5Vi1T+801r/TKGaEIeM+Z6CmZXV6
-oeLwxFbAjgjPHlUZtCgumKAbXRrSMtYoOI7kA8ue+n3/X9SYpUFs8pUUBVS9MkRY
-Xx32nPryihWbNHehlOnJuXXBBofdydSgGUITOZXbx/Hw5g8YG33D42hLvx+bNQo0
-fDc8y2iUsiy7dCX7r1EPnXdstAljWVibi/y++HYDNepa+8TILhgX5Q2IUH6yGnc2
-AHPlQ7GEwiDTF2QeIuO9OcW/w4/3OxaT7yHkmmiIt7qwFe8fvOl9l9WidkNie+af
-c3Wp3WbLcqC5GpwrZYA+UqtkMuv/iefTn4lWE95ifR8rEyxOYyU=
-=CNUb
------END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/qr-backup.sh b/how-to-create-encrypted-paper-backup/qr-backup.sh
index 8f42821..b6c1ee7 100755
--- a/how-to-create-encrypted-paper-backup/qr-backup.sh
+++ b/how-to-create-encrypted-paper-backup/qr-backup.sh
@@ -11,17 +11,28 @@ while [[ $# -gt 0 ]]; do
     "Usage: qr-backup.sh [options]" \
     "" \
     "Options:" \
-    "  --create-seed    create 24-word BIP39 seed" \
-    "  --validate-seed  validate if secret is BIP39 seed" \
-    "  -h, --help       display help for command"
+    "  --create-bip39-mnemonic      create BIP39 mnemonic" \
+    "  --create-electrum-mnemonic   create Electrum mnemonic" \
+    "  --validate-bip39-mnemonic    validate if secret is valid BIP39 mnemonic" \
+    "  --label <label>              print label after short hash" \
+    "  -h, --help                   display help for command"
     exit 0
     ;;
-    --create-seed)
-    create_seed=true
+    --create-bip39-mnemonic)
+    create_bip39_mnemonic=true
     shift
     ;;
-    --validate-seed)
-    validate_seed=true
+    --create-electrum-mnemonic)
+    create_electrum_mnemonic=true
+    shift
+    ;;
+    --validate-bip39-mnemonic)
+    validate_bip39_mnemonic=true
+    shift
+    ;;
+    --label)
+    label=$2
+    shift
     shift
     ;;
     *)
@@ -70,9 +81,16 @@ if ! mount | grep $usb > /dev/null; then
   sudo mount $dev $usb -o uid=pi,gid=pi
 fi
 
-if [ "$create_seed" = true ]; then
-  printf "%s\n" "Creating 24-word BIP39 seed…"
-  secret=$(python3 $basedir/create-seed.py)
+if [ "$create_bip39_mnemonic" = true ]; then
+  printf "%s\n" "Creating BIP39 mnemonic…"
+  secret=$(python3 $basedir/create-bip39-mnemonic.py)
+  echo $secret
+  sleep 1
+fi
+
+if [ "$create_electrum_mnemonic" = true ]; then
+  printf "%s\n" "Creating Electrum mnemonic…"
+  secret=$(electrum make_seed --nbits 264 --offline)
   echo $secret
   sleep 1
 fi
@@ -91,10 +109,10 @@ if [ -z "$secret" ]; then
   fi
 fi
 
-if [ "$validate_seed" = true ]; then
-  printf "%s\n" "Validate if secret is BIP39 seed…"
-  if ! echo -n $secret | python3 $basedir/validate-seed.py; then
-    printf "$red%s$normal\n" "Invalid BIP39 seed"
+if [ "$validate_bip39_mnemonic" = true ]; then
+  printf "%s\n" "Validating if secret is valid BIP39 mnemonic…"
+  if ! echo -n $secret | python3 $basedir/validate-bip39-mnemonic.py; then
+    printf "$red%s$normal\n" "Invalid BIP39 mnemonic"
     exit 1
   fi
 fi
@@ -114,7 +132,13 @@ echo -n "$encrypted_secret" | qr --error-correction=H > "$tmp/secret.png"
 font_size=$(echo "$(convert "$tmp/secret.png" -format "%h" info:) / 8" | bc)
 text_offset=$(echo "$font_size * 1.5" | bc)
 
-convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$encrypted_secret_short_hash'" "$usb/$encrypted_secret_short_hash.jpg"
+if [ -z "$label" ]; then
+  text="$encrypted_secret_short_hash"
+else
+  text="$encrypted_secret_short_hash $label"
+fi
+
+convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$text'" "$usb/$encrypted_secret_short_hash.jpg"
 
 printf "%s\n" "Show SHA512 hash as QR code? (y or n)? "
 
diff --git a/how-to-create-encrypted-paper-backup/qr-backup.sh.sig b/how-to-create-encrypted-paper-backup/qr-backup.sh.sig
index 54f7da6..03acd6d 100644
--- a/how-to-create-encrypted-paper-backup/qr-backup.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-backup.sh.sig
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLumEACgkQH6dnhiu9
-EwW1rRAAjB4GeOUOA21hMmtcKRrqlDubwmTB/GGXVByHWInLGyyhSDdwTxqOx4lT
-YAhMNr8ZKV64lYYTU3rrOIEEdlmBHghTabAOZu+uL533PPRB+oAv768Ro7UfN3tt
-PQ9gxtPQxAJtVtwV3v1m2/O4Xhmn1BjcbfNLRpE6Ti6i9jBJDQNDyQchI6iTv36g
-UDFIkFEUnlsZ4cPejx6vpZnLd02CY6erEwu9V0JeYTQHkcNWI1dyq40bAGXF35Mx
-ROSmVFW5fOG9oHMU1zQtIqXJuKi7gsJxOAhkaSnivbNNeeD/LPVW1buqliYCmRmX
-oGzb5RMZoxZKt+La8L91/UJI4ug5mpMztG4VIKM9Yz/CQctMdIgzRTMiNg+DEMu4
-6IMmJvHQjSWUORc9Z7TTEWanuAPMI3PCiIrtdME306Vf424PE2ZTfurBVKrTOA1Z
-2lzJFy71bi/Gy600xgYCIoA2Q3SDxsmW7uZTgoh4shz0hvoGq94ggfuQZx3tDNOK
-8m06EOYvMw3zxC31C1n0Od1HVNeOqRJfnmTCyuNdsD/DRMFIh1pQy5n9a/G9eRPi
-9tWKPCmbjlymLGUaajQJqYz5ZVNAsZnWO1kkYifSr5CpDtfBq+IUi4j2NOk486bY
-vZf6Ny6bEzOWjl+Jeo9KrNYJWfc9IMJvxRGNh35k4jdghdazIkQ=
-=8dhq
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlEEACgkQH6dnhiu9
+EwVyThAAhOL3rmLVRKvfTlvabFGw1jUiyrcTmHThKOC1PIpDibNlwnR+Q78AiPnQ
+Gyh8AU62uHOkRRaqV7qNo3wCS4SsOlN5XNEHWm/VoZ70ogG80vIaBdVgdvnrvMMp
+zQC0gStyQ2Hjqz/5dDujl+u3Uiqr60b7lhvcILFB+Ado3L2hVN1UGiXOmZ9lAXzi
+9pPWihL4S0N3jAsAf0iHRM234/hoFr6hTycTGcnJxTu63KcUbESJh6pWQlXnEcJN
+vJzUk3IILkAmcQFhZCroJb9bCz2AztWaUYZn+acgp7LEU0QhmE1H8jdliDrjwYbh
+p/zUR99LLHf+H6Qu0mjNgy3lckX6mJpEu6S1wbjtjRsr2uU+h2SQmzmE64rV5Hzl
+T+iGECNReaFobT8Sq9Rp1j10vd+8/x7BW4QsxUTTgFOOIicWgN3gyyL2u6fci47a
+iO+md04jzb1U63YjYadX0HPtP8aI9v8uf+v0x+XyvKdIWjow/sqGJWuYJvOtXAiq
+EObChx6WjK2xWB8SkjQ4Y+pPHK+cnV+iG9nkuVnNyeIVNghhNlXIJaOwAARDBeNi
+5GEdfeCU7NncMWzz5yWD6hJUSngRC355EIg0hAam1fgYDp7GUOZ6RekFL2q0i0ke
+p3D/rTpu352dAY3Qbojm9FzH3nAuG0f+HmmKquG4o4o3TZJENI0=
+=gAGQ
 -----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/qr-clone.sh.sig b/how-to-create-encrypted-paper-backup/qr-clone.sh.sig
index 28aa09a..68aeec9 100644
--- a/how-to-create-encrypted-paper-backup/qr-clone.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-clone.sh.sig
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLumsACgkQH6dnhiu9
-EwXlEA//fcZeh3REgObQ1RC+ODxanLtQzDstb5kZLsomB4kVcjtkOqVmKiRsLZps
-PCfgcGII0uxUt/g8ZsqqNpjp+pP78ISAJZoGfbiCsStFcAbyFwiBU8FnwSgSq9BB
-y9Q1blJAQinDGSY5U1KYlhRzcRZashpkzrJ2niLokBh9ih2F7mWMHEpZVU1iTop8
-KLDUCcdmR2eP9kFe4zR7KI7LSiO738AcgM28zjV+59iHCx4XLDUiBfZ54TIPUzN1
-Vyf4EC0A9+ylJ4FL9BENvWlrmOATNphbno/rrGWwy25fzGNYr4mQVNaIKAOSMKyN
-ki1ReZJixNgj+hUqdKAMoOVwiFyEDpG0FrYBWo0aEEEen2yUdzviDd/6BKn2XiMa
-q9RhNUJ0LxO89jYaXrpmjHl9FIzXVO/guUy76C/ORfjhKziDTbXR9TjyYL459jyG
-qN1UUQKvQb7FWOpxUCuoT9jwO+q2sa6LBRjYE46LAgAljiMY0h5Xmf5s0AM4LE+z
-CwPof6DHCvF3yrnphXs8tx/C71BpkBTylSmWKTa6ypn1+0qpl3WZuRcrC9oROXO6
-TqWGscKq+exMepcg644fY1NOWz55t1kGm1ymTUjXFA3o4dyRrwZhMT3OwlsQ2c2s
-JOcx1hLAuxluVLGnOaL8C4enXugEV9SCkHH9jATnlL/wy9h24+o=
-=0hWc
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlE4ACgkQH6dnhiu9
+EwU2VxAAmyz3lZPBFIz8PbZBTZD0OofU3cs/5gC3NX+isaBi/rKqCAmaI2mgPbM8
+d4IKMNI/wHXa+ph1N7THJWE2tM1G2VZBQsFsT9hAWYpJgpB0nJtNdnq8W7d0/BrL
+3/vJC/uD4mOG5Bm53bsmHOFH/r37J/mF/IgIhSnMA3C+sMuqph/OIGhHus28Qz0O
+pIYDQVu2pb8SIUAEHB1Ui4fdVRn8Z9wJY6/+pOFH2FseD65gE/XEqt9F9ooC7puw
+17ALoVeu24TncTjIlIvWeQVEHh2BQfNkHLP0Oz4fY6if1u+bQvUgbakNlMNQtN44
+semaWd7jYgtNCcr/H9MZZXEyQzdI7sGFpQ6AFcFk+hlt2CW1WTKPv8J9F28s4QDn
+0K3golSbzDnZxBphKsLiwL8d3SLCMURDUt00aPvgnphlDOaV5rvOlS6Uu6YNqysx
+AS0FGtW/qhmZ8oLqHI49dtUyqoRpB2XGAOiAp25Jsh38MSdEi9bJGj5n3Do0ZnFk
+VAovLOTp4l5xF1Z1pLFH7ZUHkOUtFTTd8LIUWOqol6kxloShAsZ8UXMchN6XQX5j
+oQsPFGvgDAnGt2iXX4Wzj+61s3e6afvpg6SH2hp1MLrziDWTXikokYMMnFeZhOz0
+QpPO3KutjsMRdRm2wPF3R5tQDWOXxbvoVONAOQc1sEPGmLgH+8w=
+=8nFo
 -----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/qr-restore.sh.sig b/how-to-create-encrypted-paper-backup/qr-restore.sh.sig
index 4245fb3..5043d67 100644
--- a/how-to-create-encrypted-paper-backup/qr-restore.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-restore.sh.sig
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLunUACgkQH6dnhiu9
-EwVSoA//dxCqcYcPhscWTmAcbXrnW/URtsw5qS9XQFHX2sZstVfy+SYnsWfJ/gpP
-3bZ0LC0uiMTVmm7wb3DAsNWX85tWcEoGfmuEyzW72toxy+VQgXsHdxjNcl998i1e
-HXtKkMzWo9qtzJfCD0K+K77YguHPUfSDFcduvUQr0qiwfvbqieWb/RMYXmZIQjTX
-xfQMbDF5nnM+VuONrAOBZtyaFJU+l7QiIHR0hJkqvkeMKFNuccxPsZS0auijXW5w
-95DYJAKKfQu0TU6UBN3EmlQgotTZ2/ThbX1Q53OZce6ckzv4DVqO7zDcq/5lDajP
-5dwtCKEVfZ40sdF9LNkgAn3eW/WPzwVJ9FvE2xI9UsfXKLMkvWlIXI2KSjNWvug4
-JdblNM+iN+Mu0uaiQQywV25rgPsWmfzxmTWLLTCeF8Ekvn9coGGPFz2zYZDCbjV6
-cSpOGqYFsnch5JyQ4CJfJNmmckAas3X1pfx0FS6zbThMp1bpsf8QhMF12tyWrIdX
-UseaZuqjzkbaKcoEjQRwZWG45K4uDIZSmFGsDmeL7TyybolDbZxF7eiI/BjLICNy
-bgw+7IPjv5KfDYhOnt69s76FPnXp0P7gqrVgtE/KncVzVEAkCISAbetQUPdKsEZK
-8vWqFqlhP+s7MSm0wBUGG7uHbWsh7kfgI8OFCRI3A+bs2dQVSiw=
-=fNzy
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlGIACgkQH6dnhiu9
+EwXmIRAAkvOeg6JdP77p0PqtxPji4NkFed3IqMPQ2Ds4jNyJi04y47xDXtEonopB
+24GpfEwsiWUa0+JQ8+2w64le72HVBvsEueUpTHEGW0Z9a/n2dHf7eXqIq+U8N0eH
+enGLawf2DnHOtyEUV1g9eFkiyvKhq6QdVZfggIiRpJTqpuK2zk+jS+K1ESa1GTGM
+1w3ItrU80aflrSB9my2rKA46++Buhf1WN13Z7BQ5xrSX+NQQzmEnwnQfcc1bLkWK
+vvojpCs3L7cZC8mEiIIDYMDolvefuZN7/rr7lzbR2wazYdRHv31HGYKHAAFxdVTN
+a6CrQYsF4/xuDxOBsZZZ8nosaWywz7NVMLCDVRidaxkNgJ5reof1Hl6OA1oZEa6p
+PYiqzG8SRdHXaBAFXB+qkWubrStpgxJb6uIE5ye1p60fUKqCDFAMSKiMcvLk8ACG
+f3B7AqLsLtZC5Q4BMwQGruwUZ3aZlowGmHbS7kMLnU48l9i3/WcG4fccxU2TniQF
+ViQh3eMV/wrO7lsrA2coY6adCUKTb0a80EZ7hjA9T4T1VPcE1GCpWnl2p3gdvuCn
+0t3CMnTy4KkLvHW//7sZAoRazl+Fi+5n3+8eEiLjLhX5faXvwfT7JiT9/hcAWI6R
+gzjNauTZzARn/W7rcIrsMXMm+3tsVOqER4hxwsECuo9nj9T+/ac=
+=QC/S
 -----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/secure-erase.sh.sig b/how-to-create-encrypted-paper-backup/secure-erase.sh.sig
index d93b41f..7f1342c 100644
--- a/how-to-create-encrypted-paper-backup/secure-erase.sh.sig
+++ b/how-to-create-encrypted-paper-backup/secure-erase.sh.sig
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLuo0ACgkQH6dnhiu9
-EwUrKg/9HMnYyu2k3nf3CqtfpIJlogFQEP/BRn7ysEap0dYe105cm/PJVdEDmjlJ
-0Tioz0yhE5S4WFPjDRtkgxkgWzqxYBye0j+m2zCjAxCGbYYKhUQ724gQzMIqVN79
-jZaeF3Uh3htcKZ20yDMPitnPcmaZJUhlfp/lyvT8QXtHN4LRvvgPoreUPK3WhqdI
-As5sXDWKYfhQ1QwwCrI8qN46ryquIerF7VzTlm+lC7rU1vszhhHU/dScvOufHTs0
-IkNsgvGi55yJ6LaPxH8/kPido+uzyEbesQUxeI+20UoIO9DKfmG16b1OBXKymzTc
-ij7PSpechOaEqOnDa7knSreD1Q9yqF67kP755dONyzOAxhRap/x5MyYQYzIbHtYZ
-XaPP86jWz3cx4icrB35cSiDO225Ra6NGP+mZuJJkrMOp7VUCty0JraOM47dDG49L
-D2t8x8qLUV4xzLDAjDJw8Ra44WDWdlcYxiymAttbzOwmn/zqzsl1UFcqlENeonbB
-Ci4Tjn7sFxK0LRgHfxWAQEl7QvgpJj28A0xhFLxLTvKKuPXxxW2UwE963A6FcRGI
-rjz1HYLok9DsyLye37b/34DNN+Re0u726YEx4k0y2Fi7n9kZTHh7i6GoK7GubKlj
-gKjdUJ+JOueHMxbbbvqTGHiEoJFrFlUQ9o1YVrAvz1dA6L21gzs=
-=G617
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlG4ACgkQH6dnhiu9
+EwVFHw//arziCrzzNMrP/OdYbhWGmLcoF18g3GnuPnatXbnukBwzi2llzMTPb93H
+D/P8ZaarUSyPOwgv29VdGjQQtr1FFbZ/7LCC+QJM9YFc26YJtI9DKqM/zkVnJLbl
+Q0zVjCvVNjeyxtDcyxs5gydce5uA3u5pyVaU6zYgP+ubi6GHScThGOb7HP5ObhJG
+Zc5Amkyp02RQg/BEhITZVaolkERtNoWE/UvKKTIsqNFNPMeFfsK8qB2aWswPYI6X
+GehGUN9HNIuLHWycw/uAaBtFrDjMqMtKR39aoNddW72TIyK/PBCF8/FVogbcBL6j
+eWVkhwUMkHWU5clhI627snASAWGa1OsELviArbfpzWYjX7Q9NbSlBGAALn1/u99C
+AjObM34aTG3XSRe/AFCt3EF6ok901wPpCnGE1fllk9kzNKOMu8WOhO9d53gSX4zz
+EMSr9kMA5M0pBtFONsZekVhTGM2LxLZ10uLvCY6f/KCfzvzjeODsqICE8eeNFVqZ
+h0YMlrPCvh6rsiZb6JiPGiXtcOMozl9DOs5kfRFoXi9RiJmhWISkdWme+eWuW0VS
+WymBbrTTRuMx9LODhT+RGYe4AvEiQP5eVpGoQbfX0qzr8HGn51wSYmI16YF/LYxS
+W7VfuLmbbkoHqMIrYuELlECA6By2XYI2o/eBiqOrS6SZrqtB3lM=
+=vj1f
 -----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/validate-seed.py b/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
similarity index 100%
rename from how-to-create-encrypted-paper-backup/validate-seed.py
rename to how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
diff --git a/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig b/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig
new file mode 100644
index 0000000..70231cd
--- /dev/null
+++ b/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlIwACgkQH6dnhiu9
+EwVbrw//Tfteto+Qs0AmTqRxCoFmtU+NODNEqa9gWZNOJgQ76kk9c8AIuzq5WisW
+DbtLkraWJ+ajIoqOujNzc0u/EGraE4WtDQxG5XUUar6NiPhFIiy3C8oMo7tptI05
+hziIPVZU349Gh7zxC2UF3itwmQFJVrOe3DZ6+J0FUbVISBrNcC7siPAABFfSxGq6
+06JW6+M1U+nq0I/uTJ2/3G/iIUgd/zqnGNAFjMcgR5BnE957i93ztkoCkduNxw42
+Jg/c781sOEoJOCTJTWRjMg7WbmjOiTnyVfd7pP5XbGUz1ClwIC0rQ+LDfkQjKlh9
+ie9f1t8tUAPOK3wlRQ5wddJLiry5LHoSBx4oY0LUhPKgKyzNdKfpWKaU7sjOzgn8
+RbWnvJBblLKCmvFc2V2WmimiZNHg1Pc3lVX1r+cMP/UgaFu8yZhD/RwrpHPu/Vsd
+0GfYAJoT0nhSvmdz5dYN/HDQ2cs/Aj/rmcTpDDdv+OU9GL02VsQPkHnDtSVLtlxP
+PNjs4CO721VXDhc8EiWYpQ+hc3xrwO/FO5Hv2i5kCWX5rieLA4L99CvisZLz2z/o
+OldeSXK16G/VIlmsNyJ3d4V3xdgheHM7DDwcPODBgBiYJ19RL5nyd71XUq7fYhRQ
+mJvEAkEM/mQf/4H5gTHYOEO4Bz5ipP1YCZjeysxLGDNfcyqYmq8=
+=9kI6
+-----END PGP SIGNATURE-----
diff --git a/how-to-create-encrypted-paper-backup/validate-seed.py.sig b/how-to-create-encrypted-paper-backup/validate-seed.py.sig
deleted file mode 100644
index 08af268..0000000
--- a/how-to-create-encrypted-paper-backup/validate-seed.py.sig
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLuksACgkQH6dnhiu9
-EwV6Hw//ftbx1gh7yNno9CrrtM30T89JeDAwYkubj5R6vFweAJb2NQJD0Ak6vBk3
-u/0Qyj21ay7XSL+zueswLa+S33LoAv3tvZDy3MdJcPubBoxCFJtrWUh1H1t6Pf4j
-PhAQv1kIRFhddEj8Xk25ZrDUfp/ChhYKGBiSVJnMEVYdC7rEKtpHZne8X4MR7LFp
-yzr7Hw4WUBeq7VtkNp6DJvJgkEoY1mqvzB0gVqfnLKmyb2LM0LBZgocku+6wCVYL
-AmvRirRK0E68Ch3fi6chYPzSCTQ7EeZYuXYX/p9zeKcxSrXx3/tihIuSvWHyyJai
-EVI+rilRbRHGAuNpuZfFJ2D+Uu4KwzXG/G5lMQcHesRbS9vLL2R/cxLS8g6zT2au
-MZHy6rwfjQHKnHaxnT5rXLjF2ycbIKfdug0XxvHFD3+O7rPxeIREeXO/nNY/JUX2
-Nek6UE8xuD4rzurVESdtcPJpDbdoAPJKu5MLq/4ib4rwgWo0Sr005uZKb4y1jlYy
-r75QC2yqJjPIUbmB6q329RqhTOLoZcTJ1B0/NE0onFbw+fh3H3sYtZ2io2qEHBPF
-6zzyQ57AHJeSt33TrteCuiAL/AcSnPr549Q3qPTzlG0gdVJEta2lhQZlF8dP0ylQ
-hEq8FFeeFYVwwm2gxMQkFQR7xCljHNYDo5CKyS6Zm8JMdSEaE0I=
-=q6nx
------END PGP SIGNATURE-----