You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Kevin Gorham
a4fc849111
|
4 years ago | |
|---|---|---|
| buildSrc | 4 years ago | |
| gradle/wrapper | 4 years ago | |
| lib | 4 years ago | |
| .gitignore | 4 years ago | |
| LICENSE | 4 years ago | |
| README.md | 4 years ago | |
| build.gradle | 4 years ago | |
| gradlew | 4 years ago | |
| gradlew.bat | 4 years ago | |
| settings.gradle | 4 years ago | |
README.md
kotlin-bip39
Introduction
A concise implementation of BIP-0039 in Kotlin for Android.
Only 30kB in total size. For comparison, the entire library is about 3X the size of this README file (because there are no dependencies)!
Motivation
- There are not many bip-39 implementations for android
- Most that do exist are not Kotlin
- or they are not idiomatic (because they are direct Java ports to Kotlin)
- or they have restrictive licenses
- No other implementation uses CharArrays, from the ground up, for added security and lower chances of accidentally logging sensitive info.
Consequently, this library strives to use both idiomatic Kotlin and CharArrays whenever possible. It also aims to be concise and thoroughly tested. As a pure kotlin library, it probably also works outside of Android but that is not an explicit goal (Update: confirmed to also work on a Ktor server).
Plus, it uses a permissive MIT license and no dependencies beyond Kotlin's stdlib!
Getting Started
Gradle
Add dependencies (see bintray badge, above, for latest version number such as 1.0.0-beta07):
dependencies {
implementation "cash.z.ecc.android:kotlin-bip39:${latestVersion}"
}
repository {
jcenter()
}
Usage
This library prefers CharArrays over Strings for added security.
Note: If strings or lists are desired, it is very easy (but not recommended) to convert to/from a CharArray via String(charArray) or String(charArray).split(' ').
- Create new 24-word mnemonic phrase
import cash.z.ecc.android.bip39.Mnemonics.MnemonicCode
val mnemonicCode: MnemonicCode = MnemonicCode(WordCount.COUNT_24)
// assert: mnemonicCode.wordCount == 24, mnemonicCode.languageCode == "en"
- Generate seed
val seed: ByteArray = mnemonicCode.toSeed()
- Generate seed from existing mnemonic
val preExistingPhraseString = "scheme spot photo card baby mountain device kick cradle pact join borrow"
val preExistingPhraseChars = validPhraseString.toCharArray()
// from CharArray
seed = MnemonicCode(preExistingPhraseChars).toSeed()
// from String
seed = MnemonicCode(preExistingPhraseString).toSeed()
- Generate seed with passphrase
// normal way
val passphrase = "bitcoin".toCharArray()
mnemonicCode.toSeed(passphrase)
// more private way (erase at the end)
charArrayOf('z', 'c', 'a', 's', 'h').let { passphrase ->
mnemonicCode.toSeed(passphrase)
passphrase.fill('0') // erased!
}
- Generate raw entropy for a corresponding word count
val entropy: ByteArray = WordCount.COUNT_18.toEntropy()
// this can be used to directly generate a mnemonic:
val mnemonicCode = MnemonicCode(entropy)
// note: that gives the same result as calling:
MnemonicCode(WordCount.COUNT_18)
- Validate pre-existing or user-provided mnemonic
(NOTE: mnemonics generated by the library "from scratch" are valid, by definition)
// throws a typed exception when invalid:
// ChecksumException - when checksum fails, usually meaning words are swapped
// WordCountException(count) - invalid number of words
// InvalidWordException(word) - contains a word not found on the list
mnemonicCode.validate()
- Iterate over words
// mnemonicCodes are iterable
for (word in mnemonicCode) {
println(word)
}
mnemonicCode.forEach { word ->
println(word)
}
- Clean up!
mnemonicCode.clear() // code words are deleted and no longer available for attacker
Advanced Usage
These generated codes are compatible with kotlin's scoped resource usage
- Leverage
useto automatically clean-up after use
MnemonicCode(WordCount.COUNT_24).use {
// Do something with the words (wordCount == 24)
}
// memory has been cleared at this point (wordCount == 0)
- Generate original entropy that was used to create the mnemonic
(or throw exception if the mnemonic is invalid).
- Note: Calling this function only succeeds when the entropy is valid so it also can be used, indirectly, for validation. In fact, currently, it is called as part of the
MnemonicCode::validate()function.
- Note: Calling this function only succeeds when the entropy is valid so it also can be used, indirectly, for validation. In fact, currently, it is called as part of the
val entropy: ByteArray = MnemonicCode(preExistingPhraseString).toEntropy()
- Mnemonics generated by the library do not need to be validated while creating the corresponding seed. That step can be skipped for a little added speed and security (because validation generates strings on the heap--which might get improved in a future release).
seed = MnemonicCode(WordCount.COUNT_24).toSeed(validate = false)
- Other languages are not yet supported but the API for them is in place. It accepts any
ISO 639-1language code. For now, using it with anything other than "en" will result in anUnsupportedOperationException.
// results in exception, for now
val mnemonicCode = MnemonicCode(WordCount.COUNT_24, languageCode = Locale.GERMAN.language)
// english is the only language that doesn't crash
val mnemonicCode = MnemonicCode(WordCount.COUNT_24, languageCode = Locale.ENGLISH.language)
Test Results
Credits
- zcash/ebfull - zcash core dev and BIP-0039 co-author who inspired me to create this library
- bitcoinj - Java implementation from which much of this code was adapted
- Trezor - for their OG test data set that has excellent edge cases
License
MIT