Implemented Electrum mnemonic feature

2025-02-23 01:03:59 +00:00 · 2021-04-09 13:57:09 -04:00 · 2021-04-09 13:57:09 -04:00 · 81246f8000
commit 81246f8000
parent 3ca2601faa
12 changed files with 210 additions and 123 deletions
--- a/how-to-create-encrypted-paper-backup/README.md
+++ b/how-to-create-encrypted-paper-backup/README.md
@ -94,9 +94,72 @@ $ echo -e "export GPG_TTY=\"\$(tty)\"\nexport PATH=\$PATH:/home/pi/.local/bin" >
 $ source ~/.bashrc
 ```
-### Step 5 (optional): install `screen` and [Trezor](https://trezor.io/)’s [trezorcrl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor)
+### Step 5 (optional): install [Electrum](https://electrum.org/#home) (required to generate Electrum mnemonic)
-> Heads-up: we will likely use `screen` and `trezorcrl` command line utilities in the future and this guide is designed to configure a [read-only](#step-12-make-filesystem-read-only) Raspberry Pi.
+#### Install Electrum dependencies
 ```shell
 apt install -y libsecp256k1-0 python3-cryptography
 ```
 #### Set Electrum release semver environment variable
 > Heads-up: replace `4.1.2` with [latest release](https://electrum.org/#download).
 ```shell
 ELECTRUM_RELEASE_SEMVER=4.1.2
 ```
 #### Download Electrum release and PGP signature
 ```shell
 curl -O "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz"
 curl -O "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc"
 ```
 #### Import ThomasV’s PGP public key
 ```console
 $ curl https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc | gpg --import
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 100  4739  100  4739    0     0  22459      0 --:--:-- --:--:-- --:--:-- 22459
 gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
 gpg: key 2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1
 ```
 imported: 1
 👍
 #### Verify Electrum release using GnuPG (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
 ```console
 $ gpg --verify Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc
 gpg: assuming signed data in 'Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz'
 gpg: Signature made Thu 08 Apr 2021 09:47:30 EDT
 gpg:                using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
 gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
 gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
 ```
 Good signature
 👍
 #### Install Electrum
 ```shell
 pip3 install --user Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz
 ```
 ### Step 6 (optional): install `screen` and [trezorcrl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (required to validate integrity of [Trezor](https://trezor.io/) encrypted paper backups)
 ```console
 $ sudo apt install -y screen
@ -106,47 +169,47 @@ $ pip3 install attrs trezor --user
 $ sudo curl https://data.trezor.io/udev/51-trezor.rules -o /etc/udev/rules.d/51-trezor.rules
 ```
-### Step 6: download [create-seed.py](./create-seed.py) ([PGP signature](./create-seed.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 7: download [create-bip39-mnemonic.py](./create-bip39-mnemonic.py) ([PGP signature](./create-bip39-mnemonic.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
-sudo curl -o /usr/local/sbin/create-seed.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-seed.py
+sudo curl -o /usr/local/sbin/create-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
 ```
-### Step 7: download [validate-seed.py](./validate-seed.py) ([PGP signature](./validate-seed.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 8: download [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py) ([PGP signature](./validate-bip39-mnemonic.py.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
-sudo curl -o /usr/local/sbin/validate-seed.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-seed.py
+sudo curl -o /usr/local/sbin/validate-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
 ```
-### Step 8: download [qr-backup.sh](./qr-backup.sh) ([PGP signature](./qr-backup.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 9: download [qr-backup.sh](./qr-backup.sh) ([PGP signature](./qr-backup.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
 sudo curl -o /usr/local/sbin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh
 sudo chmod +x /usr/local/sbin/qr-backup.sh
 ```
-### Step 9: download [qr-restore.sh](./qr-restore.sh) ([PGP signature](./qr-restore.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 10: download [qr-restore.sh](./qr-restore.sh) ([PGP signature](./qr-restore.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
 sudo curl -o /usr/local/sbin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh
 sudo chmod +x /usr/local/sbin/qr-restore.sh
 ```
-### Step 10: download [qr-clone.sh](./qr-clone.sh) ([PGP signature](./qr-clone.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 11: download [qr-clone.sh](./qr-clone.sh) ([PGP signature](./qr-clone.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
 sudo curl -o /usr/local/sbin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh
 sudo chmod +x /usr/local/sbin/qr-clone.sh
 ```
-### Step 11: download [secure-erase.sh](./secure-erase.sh) ([PGP signature](./secure-erase.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
+### Step 12: download [secure-erase.sh](./secure-erase.sh) ([PGP signature](./secure-erase.sh.sig), [PGP public key](https://sunknudsen.com/sunknudsen.asc))
 ```shell
 sudo curl -o /usr/local/sbin/secure-erase.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh
 sudo chmod +x /usr/local/sbin/secure-erase.sh
 ```
-### Step 12: make filesystem read-only
+### Step 13: make filesystem read-only
 > Heads-up: shout-out to Nico Kaiser for his amazing [guide](https://gist.github.com/nicokaiser/08aa5b7b3958f171cf61549b70e8a34b) on how to configure a read-only Raspberry Pi.
@ -210,13 +273,13 @@ sudo sed -i -e 's/vfat\s*defaults\s/vfat defaults,ro/' /etc/fstab
 sudo sed -i -e 's/ext4\s*defaults,noatime\s/ext4 defaults,noatime,ro,noload/' /etc/fstab
 ```
-### Step 13: disable Wi-Fi (if not using ethernet)
+### Step 14: disable Wi-Fi (if not using ethernet)
 ```shell
 echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt
 ```
-### Step 14: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug
+### Step 15: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug
 ```console
 $ sudo systemctl disable dhcpcd networking wpa_supplicant
@ -224,13 +287,13 @@ $ sudo systemctl disable dhcpcd networking wpa_supplicant
 $ sudo rm /etc/profile.d/wifi-check.sh
 ```
-### Step 15: delete macOS hidden files (if present)
+### Step 16: delete macOS hidden files (if present)
 ```shell
 sudo rm -fr /boot/.fseventsd /boot/.DS_Store /boot/.Spotlight-V100
 ```
-### Step 16: reboot
+### Step 17: reboot
 ```shell
 sudo systemctl reboot
@ -238,9 +301,9 @@ sudo systemctl reboot
 > WARNING: DO NOT CONNECT RASPBERRY PI TO NETWORK EVER AGAIN WITHOUT REINSTALLING RASPBERRY PI OS FIRST (DEVICE IS NOW "READ-ONLY" AND “COLD”).
-### Step 17 (optional): disable auto-mount of `boot` volume (on macOS)
+### Step 18 (optional): disable auto-mount of `boot` volume (on macOS)
-> Heads-up: done to prevent macOS from writing [hidden files](#step-15-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of micro SD card.
+> Heads-up: done to prevent macOS from writing [hidden files](#step-16-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of micro SD card.
 Insert micro SD card into macOS computer, run following and eject card.
@ -250,7 +313,7 @@ volume_uuid=$(diskutil info "$volume_path" | awk '/Volume UUID:/ { print $3 }')
 echo "UUID=$volume_uuid none msdos rw,noauto" | sudo tee -a /etc/fstab
 ```
-### Step 18 (optional): compute SHA512 hash of micro SD card and store in password manager (on macOS)
+### Step 19 (optional): compute SHA512 hash of micro SD card and store in password manager (on macOS)
 Run `diskutil list` to find disk ID of micro SD card with “Raspberry Pi OS Lite” installed (`disk2` in the following example).
@ -293,16 +356,16 @@ SHA512(/dev/rdisk2)= 353af7e9bd78d7d98875f0e2a58da3d7cdfc494f2ab5474b2ab4a8fd212
 ### Create encrypted paper backup
 > Heads-up: use `--bip39` to test secret against BIP39 [word list](https://raw.githubusercontent.com/bitcoin/bips/master/bip-0039/english.txt).
 ```console
 $ qr-backup.sh --help
 Usage: qr-backup.sh [options]
 Options:
-  --create-seed    create 24-word BIP39 seed
+  --create-bip39-mnemonic      create BIP39 mnemonic
-  --validate-seed  validate if secret is BIP39 seed
+  --create-electrum-mnemonic   create Electrum mnemonic
-  -h, --help       display help for command
+  --validate-bip39-mnemonic    validate if secret is valid BIP39 mnemonic
  --label <label>              print label after short hash
  -h, --help                   display help for command
 $ qr-backup.sh
 Format USB flash drive? (y or n)?
@ -336,7 +399,7 @@ The following image is now available on USB flash drive.
 > Heads-up: use `--word-list` to split secret into word list.
 ```console
-$ qr-restore.sh
+$ qr-restore.sh --help
 Usage: qr-restore.sh [options]
 Options:
--- a/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
+++ b/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
--- a/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig
+++ b/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.sig
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlH8ACgkQH6dnhiu9
 EwWREg/+OmH/jkL8MpazXOVivugSF9p7mxAos2stMB/w1VTRoRWrIO5tLAwNVzcE
 FmqXiDE3mcuX/CdQamYKHdfuQ78hOGQFo+coTXyDeEhJzzB/ThDOsJw6d6JxV3xl
 tiT2OVdmo2HwOU8GZXXbsgWQArf7BwYU12YQe06JCOenfuo7ezrHmrAUjiBk2+AK
 RB4fhQ2wBiZQ4m2PjD6tJK9CCVNKWH2sSaP4jeZ2/7JHeykSKKpRUYglCVqP1gHP
 mF2Ii1Ox6lNCfkr822ZttuxX7NKO6mVnYlHSbFFOeW4VFl78CHqM529+BVNFOLCo
 LXi5TKl7HjGI9A3WAm1UkUdU5vmmAyvZSaON56bCk/6V3sZ1vbKkKL1TztxGm4l+
 M9GEtrDIFGcwtaFejxrQYvwC/KFHr96A3Cl4/qTCCrD8WsY1y9La07YTsgTj7zsB
 yQMbdou4Ixqh+pvXdhOujLnWuLLHVjveBPzJmIPT181GZ8vLMl8S+S63DAf+jPSz
 IQjLN0WNL717RE5J5DYOg4zpeO7v5GfUSCWANgXCJQZNKBJK4Bp/0mpHZ6keCBDQ
 Js34tKEV9DXkJHJV59WrdiW9JPIFtXsjSd6bbJBgsm7v7thO0EVCkBlOCel5oGPs
 Gj02RtcGJRQF8vK8kIciQF8jbYgVTuaMWI4ek4+gDsxsGGeBhhI=
 =i0UJ
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/create-seed.py.sig
+++ b/how-to-create-encrypted-paper-backup/create-seed.py.sig
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLujgACgkQH6dnhiu9
 EwXGtQ/9HlcJnAKUbRjDor7sWkZcVI3lXXGLn8hRBtTjDtLN6E8t9grPRSwx/62b
 fPAZpQlheKu9I34A4AKBsy8kx2PuT7J/jaiFqg+BPrt8u0um09x7dsvwj32gUs2N
 Dj5QTOkWV2WW8X1U8fTaaZIw6N5/Sa1XR7x+OyTCS0amtG5oCZC3Q6r89QltCJvR
 JETlf8laopLPQCuxZhIOZIuSbPNFz6uzPu83f4IzJ41ceWB9HsdnMTeArrOmcXBg
 7nNX6ghBaINzxVKVnoWkSkk0LMgcU80Hv00wwCo8OKcwEU0XZeGI8mdFlGdS5Ijq
 TjWCfcf99TxrG9EzetiAIzqAXujpRYjXhqUs5Vi1T+801r/TKGaEIeM+Z6CmZXV6
 oeLwxFbAjgjPHlUZtCgumKAbXRrSMtYoOI7kA8ue+n3/X9SYpUFs8pUUBVS9MkRY
 Xx32nPryihWbNHehlOnJuXXBBofdydSgGUITOZXbx/Hw5g8YG33D42hLvx+bNQo0
 fDc8y2iUsiy7dCX7r1EPnXdstAljWVibi/y++HYDNepa+8TILhgX5Q2IUH6yGnc2
 AHPlQ7GEwiDTF2QeIuO9OcW/w4/3OxaT7yHkmmiIt7qwFe8fvOl9l9WidkNie+af
 c3Wp3WbLcqC5GpwrZYA+UqtkMuv/iefTn4lWE95ifR8rEyxOYyU=
 =CNUb
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/qr-backup.sh
+++ b/how-to-create-encrypted-paper-backup/qr-backup.sh
@ -11,17 +11,28 @@ while [[ $# -gt 0 ]]; do
    "Usage: qr-backup.sh [options]" \
    "" \
    "Options:" \
-    "  --create-seed    create 24-word BIP39 seed" \
+    "  --create-bip39-mnemonic      create BIP39 mnemonic" \
-    "  --validate-seed  validate if secret is BIP39 seed" \
+    "  --create-electrum-mnemonic   create Electrum mnemonic" \
-    "  -h, --help       display help for command"
+    "  --validate-bip39-mnemonic    validate if secret is valid BIP39 mnemonic" \
    "  --label <label>              print label after short hash" \
    "  -h, --help                   display help for command"
    exit 0
    ;;
-    --create-seed)
+    --create-bip39-mnemonic)
-    create_seed=true
+    create_bip39_mnemonic=true
    shift
    ;;
-    --validate-seed)
+    --create-electrum-mnemonic)
-    validate_seed=true
+    create_electrum_mnemonic=true
    shift
    ;;
    --validate-bip39-mnemonic)
    validate_bip39_mnemonic=true
    shift
    ;;
    --label)
    label=$2
    shift
    shift
    ;;
    *)
@ -70,9 +81,16 @@ if ! mount | grep $usb > /dev/null; then
  sudo mount $dev $usb -o uid=pi,gid=pi
 fi
-if [ "$create_seed" = true ]; then
+if [ "$create_bip39_mnemonic" = true ]; then
-  printf "%s\n" "Creating 24-word BIP39 seed…"
+  printf "%s\n" "Creating BIP39 mnemonic…"
-  secret=$(python3 $basedir/create-seed.py)
+  secret=$(python3 $basedir/create-bip39-mnemonic.py)
  echo $secret
  sleep 1
 fi
 if [ "$create_electrum_mnemonic" = true ]; then
  printf "%s\n" "Creating Electrum mnemonic…"
  secret=$(electrum make_seed --nbits 264 --offline)
  echo $secret
  sleep 1
 fi
@ -91,10 +109,10 @@ if [ -z "$secret" ]; then
  fi
 fi
-if [ "$validate_seed" = true ]; then
+if [ "$validate_bip39_mnemonic" = true ]; then
-  printf "%s\n" "Validate if secret is BIP39 seed…"
+  printf "%s\n" "Validating if secret is valid BIP39 mnemonic…"
-  if ! echo -n $secret | python3 $basedir/validate-seed.py; then
+  if ! echo -n $secret | python3 $basedir/validate-bip39-mnemonic.py; then
-    printf "$red%s$normal\n" "Invalid BIP39 seed"
+    printf "$red%s$normal\n" "Invalid BIP39 mnemonic"
    exit 1
  fi
 fi
@ -114,7 +132,13 @@ echo -n "$encrypted_secret" | qr --error-correction=H > "$tmp/secret.png"
 font_size=$(echo "$(convert "$tmp/secret.png" -format "%h" info:) / 8" | bc)
 text_offset=$(echo "$font_size * 1.5" | bc)
-convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$encrypted_secret_short_hash'" "$usb/$encrypted_secret_short_hash.jpg"
+if [ -z "$label" ]; then
  text="$encrypted_secret_short_hash"
 else
  text="$encrypted_secret_short_hash $label"
 fi
 convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$text'" "$usb/$encrypted_secret_short_hash.jpg"
 printf "%s\n" "Show SHA512 hash as QR code? (y or n)? "
--- a/how-to-create-encrypted-paper-backup/qr-backup.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-backup.sh.sig
@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLumEACgkQH6dnhiu9
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlEEACgkQH6dnhiu9
-EwW1rRAAjB4GeOUOA21hMmtcKRrqlDubwmTB/GGXVByHWInLGyyhSDdwTxqOx4lT
+EwVyThAAhOL3rmLVRKvfTlvabFGw1jUiyrcTmHThKOC1PIpDibNlwnR+Q78AiPnQ
-YAhMNr8ZKV64lYYTU3rrOIEEdlmBHghTabAOZu+uL533PPRB+oAv768Ro7UfN3tt
+Gyh8AU62uHOkRRaqV7qNo3wCS4SsOlN5XNEHWm/VoZ70ogG80vIaBdVgdvnrvMMp
-PQ9gxtPQxAJtVtwV3v1m2/O4Xhmn1BjcbfNLRpE6Ti6i9jBJDQNDyQchI6iTv36g
+zQC0gStyQ2Hjqz/5dDujl+u3Uiqr60b7lhvcILFB+Ado3L2hVN1UGiXOmZ9lAXzi
-UDFIkFEUnlsZ4cPejx6vpZnLd02CY6erEwu9V0JeYTQHkcNWI1dyq40bAGXF35Mx
+9pPWihL4S0N3jAsAf0iHRM234/hoFr6hTycTGcnJxTu63KcUbESJh6pWQlXnEcJN
-ROSmVFW5fOG9oHMU1zQtIqXJuKi7gsJxOAhkaSnivbNNeeD/LPVW1buqliYCmRmX
+vJzUk3IILkAmcQFhZCroJb9bCz2AztWaUYZn+acgp7LEU0QhmE1H8jdliDrjwYbh
-oGzb5RMZoxZKt+La8L91/UJI4ug5mpMztG4VIKM9Yz/CQctMdIgzRTMiNg+DEMu4
+p/zUR99LLHf+H6Qu0mjNgy3lckX6mJpEu6S1wbjtjRsr2uU+h2SQmzmE64rV5Hzl
-6IMmJvHQjSWUORc9Z7TTEWanuAPMI3PCiIrtdME306Vf424PE2ZTfurBVKrTOA1Z
+T+iGECNReaFobT8Sq9Rp1j10vd+8/x7BW4QsxUTTgFOOIicWgN3gyyL2u6fci47a
-2lzJFy71bi/Gy600xgYCIoA2Q3SDxsmW7uZTgoh4shz0hvoGq94ggfuQZx3tDNOK
+iO+md04jzb1U63YjYadX0HPtP8aI9v8uf+v0x+XyvKdIWjow/sqGJWuYJvOtXAiq
-8m06EOYvMw3zxC31C1n0Od1HVNeOqRJfnmTCyuNdsD/DRMFIh1pQy5n9a/G9eRPi
+EObChx6WjK2xWB8SkjQ4Y+pPHK+cnV+iG9nkuVnNyeIVNghhNlXIJaOwAARDBeNi
-9tWKPCmbjlymLGUaajQJqYz5ZVNAsZnWO1kkYifSr5CpDtfBq+IUi4j2NOk486bY
+5GEdfeCU7NncMWzz5yWD6hJUSngRC355EIg0hAam1fgYDp7GUOZ6RekFL2q0i0ke
-vZf6Ny6bEzOWjl+Jeo9KrNYJWfc9IMJvxRGNh35k4jdghdazIkQ=
+p3D/rTpu352dAY3Qbojm9FzH3nAuG0f+HmmKquG4o4o3TZJENI0=
-=8dhq
+=gAGQ
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/qr-clone.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-clone.sh.sig
@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLumsACgkQH6dnhiu9
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlE4ACgkQH6dnhiu9
-EwXlEA//fcZeh3REgObQ1RC+ODxanLtQzDstb5kZLsomB4kVcjtkOqVmKiRsLZps
+EwU2VxAAmyz3lZPBFIz8PbZBTZD0OofU3cs/5gC3NX+isaBi/rKqCAmaI2mgPbM8
-PCfgcGII0uxUt/g8ZsqqNpjp+pP78ISAJZoGfbiCsStFcAbyFwiBU8FnwSgSq9BB
+d4IKMNI/wHXa+ph1N7THJWE2tM1G2VZBQsFsT9hAWYpJgpB0nJtNdnq8W7d0/BrL
-y9Q1blJAQinDGSY5U1KYlhRzcRZashpkzrJ2niLokBh9ih2F7mWMHEpZVU1iTop8
+3/vJC/uD4mOG5Bm53bsmHOFH/r37J/mF/IgIhSnMA3C+sMuqph/OIGhHus28Qz0O
-KLDUCcdmR2eP9kFe4zR7KI7LSiO738AcgM28zjV+59iHCx4XLDUiBfZ54TIPUzN1
+pIYDQVu2pb8SIUAEHB1Ui4fdVRn8Z9wJY6/+pOFH2FseD65gE/XEqt9F9ooC7puw
-Vyf4EC0A9+ylJ4FL9BENvWlrmOATNphbno/rrGWwy25fzGNYr4mQVNaIKAOSMKyN
+17ALoVeu24TncTjIlIvWeQVEHh2BQfNkHLP0Oz4fY6if1u+bQvUgbakNlMNQtN44
-ki1ReZJixNgj+hUqdKAMoOVwiFyEDpG0FrYBWo0aEEEen2yUdzviDd/6BKn2XiMa
+semaWd7jYgtNCcr/H9MZZXEyQzdI7sGFpQ6AFcFk+hlt2CW1WTKPv8J9F28s4QDn
-q9RhNUJ0LxO89jYaXrpmjHl9FIzXVO/guUy76C/ORfjhKziDTbXR9TjyYL459jyG
+0K3golSbzDnZxBphKsLiwL8d3SLCMURDUt00aPvgnphlDOaV5rvOlS6Uu6YNqysx
-qN1UUQKvQb7FWOpxUCuoT9jwO+q2sa6LBRjYE46LAgAljiMY0h5Xmf5s0AM4LE+z
+AS0FGtW/qhmZ8oLqHI49dtUyqoRpB2XGAOiAp25Jsh38MSdEi9bJGj5n3Do0ZnFk
-CwPof6DHCvF3yrnphXs8tx/C71BpkBTylSmWKTa6ypn1+0qpl3WZuRcrC9oROXO6
+VAovLOTp4l5xF1Z1pLFH7ZUHkOUtFTTd8LIUWOqol6kxloShAsZ8UXMchN6XQX5j
-TqWGscKq+exMepcg644fY1NOWz55t1kGm1ymTUjXFA3o4dyRrwZhMT3OwlsQ2c2s
+oQsPFGvgDAnGt2iXX4Wzj+61s3e6afvpg6SH2hp1MLrziDWTXikokYMMnFeZhOz0
-JOcx1hLAuxluVLGnOaL8C4enXugEV9SCkHH9jATnlL/wy9h24+o=
+QpPO3KutjsMRdRm2wPF3R5tQDWOXxbvoVONAOQc1sEPGmLgH+8w=
-=0hWc
+=8nFo
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/qr-restore.sh.sig
+++ b/how-to-create-encrypted-paper-backup/qr-restore.sh.sig
@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLunUACgkQH6dnhiu9
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlGIACgkQH6dnhiu9
-EwVSoA//dxCqcYcPhscWTmAcbXrnW/URtsw5qS9XQFHX2sZstVfy+SYnsWfJ/gpP
+EwXmIRAAkvOeg6JdP77p0PqtxPji4NkFed3IqMPQ2Ds4jNyJi04y47xDXtEonopB
-3bZ0LC0uiMTVmm7wb3DAsNWX85tWcEoGfmuEyzW72toxy+VQgXsHdxjNcl998i1e
+24GpfEwsiWUa0+JQ8+2w64le72HVBvsEueUpTHEGW0Z9a/n2dHf7eXqIq+U8N0eH
-HXtKkMzWo9qtzJfCD0K+K77YguHPUfSDFcduvUQr0qiwfvbqieWb/RMYXmZIQjTX
+enGLawf2DnHOtyEUV1g9eFkiyvKhq6QdVZfggIiRpJTqpuK2zk+jS+K1ESa1GTGM
-xfQMbDF5nnM+VuONrAOBZtyaFJU+l7QiIHR0hJkqvkeMKFNuccxPsZS0auijXW5w
+1w3ItrU80aflrSB9my2rKA46++Buhf1WN13Z7BQ5xrSX+NQQzmEnwnQfcc1bLkWK
-95DYJAKKfQu0TU6UBN3EmlQgotTZ2/ThbX1Q53OZce6ckzv4DVqO7zDcq/5lDajP
+vvojpCs3L7cZC8mEiIIDYMDolvefuZN7/rr7lzbR2wazYdRHv31HGYKHAAFxdVTN
-5dwtCKEVfZ40sdF9LNkgAn3eW/WPzwVJ9FvE2xI9UsfXKLMkvWlIXI2KSjNWvug4
+a6CrQYsF4/xuDxOBsZZZ8nosaWywz7NVMLCDVRidaxkNgJ5reof1Hl6OA1oZEa6p
-JdblNM+iN+Mu0uaiQQywV25rgPsWmfzxmTWLLTCeF8Ekvn9coGGPFz2zYZDCbjV6
+PYiqzG8SRdHXaBAFXB+qkWubrStpgxJb6uIE5ye1p60fUKqCDFAMSKiMcvLk8ACG
-cSpOGqYFsnch5JyQ4CJfJNmmckAas3X1pfx0FS6zbThMp1bpsf8QhMF12tyWrIdX
+f3B7AqLsLtZC5Q4BMwQGruwUZ3aZlowGmHbS7kMLnU48l9i3/WcG4fccxU2TniQF
-UseaZuqjzkbaKcoEjQRwZWG45K4uDIZSmFGsDmeL7TyybolDbZxF7eiI/BjLICNy
+ViQh3eMV/wrO7lsrA2coY6adCUKTb0a80EZ7hjA9T4T1VPcE1GCpWnl2p3gdvuCn
-bgw+7IPjv5KfDYhOnt69s76FPnXp0P7gqrVgtE/KncVzVEAkCISAbetQUPdKsEZK
+0t3CMnTy4KkLvHW//7sZAoRazl+Fi+5n3+8eEiLjLhX5faXvwfT7JiT9/hcAWI6R
-8vWqFqlhP+s7MSm0wBUGG7uHbWsh7kfgI8OFCRI3A+bs2dQVSiw=
+gzjNauTZzARn/W7rcIrsMXMm+3tsVOqER4hxwsECuo9nj9T+/ac=
-=fNzy
+=QC/S
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/secure-erase.sh.sig
+++ b/how-to-create-encrypted-paper-backup/secure-erase.sh.sig
@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLuo0ACgkQH6dnhiu9
+iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlG4ACgkQH6dnhiu9
-EwUrKg/9HMnYyu2k3nf3CqtfpIJlogFQEP/BRn7ysEap0dYe105cm/PJVdEDmjlJ
+EwVFHw//arziCrzzNMrP/OdYbhWGmLcoF18g3GnuPnatXbnukBwzi2llzMTPb93H
-0Tioz0yhE5S4WFPjDRtkgxkgWzqxYBye0j+m2zCjAxCGbYYKhUQ724gQzMIqVN79
+D/P8ZaarUSyPOwgv29VdGjQQtr1FFbZ/7LCC+QJM9YFc26YJtI9DKqM/zkVnJLbl
-jZaeF3Uh3htcKZ20yDMPitnPcmaZJUhlfp/lyvT8QXtHN4LRvvgPoreUPK3WhqdI
+Q0zVjCvVNjeyxtDcyxs5gydce5uA3u5pyVaU6zYgP+ubi6GHScThGOb7HP5ObhJG
-As5sXDWKYfhQ1QwwCrI8qN46ryquIerF7VzTlm+lC7rU1vszhhHU/dScvOufHTs0
+Zc5Amkyp02RQg/BEhITZVaolkERtNoWE/UvKKTIsqNFNPMeFfsK8qB2aWswPYI6X
-IkNsgvGi55yJ6LaPxH8/kPido+uzyEbesQUxeI+20UoIO9DKfmG16b1OBXKymzTc
+GehGUN9HNIuLHWycw/uAaBtFrDjMqMtKR39aoNddW72TIyK/PBCF8/FVogbcBL6j
-ij7PSpechOaEqOnDa7knSreD1Q9yqF67kP755dONyzOAxhRap/x5MyYQYzIbHtYZ
+eWVkhwUMkHWU5clhI627snASAWGa1OsELviArbfpzWYjX7Q9NbSlBGAALn1/u99C
-XaPP86jWz3cx4icrB35cSiDO225Ra6NGP+mZuJJkrMOp7VUCty0JraOM47dDG49L
+AjObM34aTG3XSRe/AFCt3EF6ok901wPpCnGE1fllk9kzNKOMu8WOhO9d53gSX4zz
-D2t8x8qLUV4xzLDAjDJw8Ra44WDWdlcYxiymAttbzOwmn/zqzsl1UFcqlENeonbB
+EMSr9kMA5M0pBtFONsZekVhTGM2LxLZ10uLvCY6f/KCfzvzjeODsqICE8eeNFVqZ
-Ci4Tjn7sFxK0LRgHfxWAQEl7QvgpJj28A0xhFLxLTvKKuPXxxW2UwE963A6FcRGI
+h0YMlrPCvh6rsiZb6JiPGiXtcOMozl9DOs5kfRFoXi9RiJmhWISkdWme+eWuW0VS
-rjz1HYLok9DsyLye37b/34DNN+Re0u726YEx4k0y2Fi7n9kZTHh7i6GoK7GubKlj
+WymBbrTTRuMx9LODhT+RGYe4AvEiQP5eVpGoQbfX0qzr8HGn51wSYmI16YF/LYxS
-gKjdUJ+JOueHMxbbbvqTGHiEoJFrFlUQ9o1YVrAvz1dA6L21gzs=
+W7VfuLmbbkoHqMIrYuELlECA6By2XYI2o/eBiqOrS6SZrqtB3lM=
-=G617
+=vj1f
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
+++ b/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
--- a/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig
+++ b/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.sig
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBwlIwACgkQH6dnhiu9
 EwVbrw//Tfteto+Qs0AmTqRxCoFmtU+NODNEqa9gWZNOJgQ76kk9c8AIuzq5WisW
 DbtLkraWJ+ajIoqOujNzc0u/EGraE4WtDQxG5XUUar6NiPhFIiy3C8oMo7tptI05
 hziIPVZU349Gh7zxC2UF3itwmQFJVrOe3DZ6+J0FUbVISBrNcC7siPAABFfSxGq6
 06JW6+M1U+nq0I/uTJ2/3G/iIUgd/zqnGNAFjMcgR5BnE957i93ztkoCkduNxw42
 Jg/c781sOEoJOCTJTWRjMg7WbmjOiTnyVfd7pP5XbGUz1ClwIC0rQ+LDfkQjKlh9
 ie9f1t8tUAPOK3wlRQ5wddJLiry5LHoSBx4oY0LUhPKgKyzNdKfpWKaU7sjOzgn8
 RbWnvJBblLKCmvFc2V2WmimiZNHg1Pc3lVX1r+cMP/UgaFu8yZhD/RwrpHPu/Vsd
 0GfYAJoT0nhSvmdz5dYN/HDQ2cs/Aj/rmcTpDDdv+OU9GL02VsQPkHnDtSVLtlxP
 PNjs4CO721VXDhc8EiWYpQ+hc3xrwO/FO5Hv2i5kCWX5rieLA4L99CvisZLz2z/o
 OldeSXK16G/VIlmsNyJ3d4V3xdgheHM7DDwcPODBgBiYJ19RL5nyd71XUq7fYhRQ
 mJvEAkEM/mQf/4H5gTHYOEO4Bz5ipP1YCZjeysxLGDNfcyqYmq8=
 =9kI6
 -----END PGP SIGNATURE-----
--- a/how-to-create-encrypted-paper-backup/validate-seed.py.sig
+++ b/how-to-create-encrypted-paper-backup/validate-seed.py.sig
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmBLuksACgkQH6dnhiu9
 EwV6Hw//ftbx1gh7yNno9CrrtM30T89JeDAwYkubj5R6vFweAJb2NQJD0Ak6vBk3
 u/0Qyj21ay7XSL+zueswLa+S33LoAv3tvZDy3MdJcPubBoxCFJtrWUh1H1t6Pf4j
 PhAQv1kIRFhddEj8Xk25ZrDUfp/ChhYKGBiSVJnMEVYdC7rEKtpHZne8X4MR7LFp
 yzr7Hw4WUBeq7VtkNp6DJvJgkEoY1mqvzB0gVqfnLKmyb2LM0LBZgocku+6wCVYL
 AmvRirRK0E68Ch3fi6chYPzSCTQ7EeZYuXYX/p9zeKcxSrXx3/tihIuSvWHyyJai
 EVI+rilRbRHGAuNpuZfFJ2D+Uu4KwzXG/G5lMQcHesRbS9vLL2R/cxLS8g6zT2au
 MZHy6rwfjQHKnHaxnT5rXLjF2ycbIKfdug0XxvHFD3+O7rPxeIREeXO/nNY/JUX2
 Nek6UE8xuD4rzurVESdtcPJpDbdoAPJKu5MLq/4ib4rwgWo0Sr005uZKb4y1jlYy
 r75QC2yqJjPIUbmB6q329RqhTOLoZcTJ1B0/NE0onFbw+fh3H3sYtZ2io2qEHBPF
 6zzyQ57AHJeSt33TrteCuiAL/AcSnPr549Q3qPTzlG0gdVJEta2lhQZlF8dP0ylQ
 hEq8FFeeFYVwwm2gxMQkFQR7xCljHNYDo5CKyS6Zm8JMdSEaE0I=
 =q6nx
 -----END PGP SIGNATURE-----