I would like to add some security to my seed phrase storage for my existing wallet. I don’t want to make it absolutely secure, I just want to make it much harder for someone to access my funds if they find my seed phrase storage.
I am considering these approaches:
- Convert seed phrase to entropy
- Entropy encryption with password
- Convert the encrypted entropy into a new (longer) seed phrase.
- Save your encrypted seed phrase
Then, when necessary, we work backwards to retrieve the initial seed phrase.
I’ve included JS code below to demonstrate it. It’s not needed for decryption since I used AES CEB with no initial vector and an empty key salt.
I’m wondering if there’s a major flaw in my approach or code.
Please note that by using a password to secure your seed phrase vault, you increase the likelihood that you will lose access to your seed phrase vault if you forget your password.
import crypto from "crypto";
import bip39 from "bip39-light";
const algorithm = "aes-256-ecb";
const initialVector = null;
const keySize = 32;
const keySalt = "";
const inputPassword = ""; // password goes here
const inputMnemonic = ""; // 12 word seed phrase goes here
// encrypt 12-word input mnemonic to 24-word mnemonic
const encryptedMnemonic = encryptMnemonic(inputMnemonic, inputPassword);
// decrypt 24-word mnemonic back to 12-word mnemonic
const decryptedMnemonic = decryptMnemonic(encryptedMnemonic, inputPassword);
console.log( inputMnemonic, encryptedMnemonic, decryptedMnemonic );
function encryptMnemonic(mnemonic, password)
const key = crypto.scryptSync(password, keySalt, keySize);
const entropy = bip39.mnemonicToEntropy(mnemonic);
const cipher = crypto.createCipheriv(algorithm, key, initialVector);
let encryptedEntropy = cipher.update(entropy, "hex", "hex");
encryptedEntropy += cipher.final("hex");
let encryptedMnemonic = bip39.entropyToMnemonic(encryptedEntropy);
return encryptedMnemonic;
function decryptMnemonic(mnemonic, password)
const key = crypto.scryptSync(password, keySalt, keySize);
let encryptedEntropy = bip39.mnemonicToEntropy(mnemonic);
const decipher = crypto.createDecipheriv(algorithm, key, initialVector);
let decryptedEntropy = decipher.update(encryptedEntropy, "hex", "hex");
decryptedEntropy += decipher.final("hex");
let decryptedMnemonic = bip39.entropyToMnemonic(decryptedEntropy);
return decryptedMnemonic;