modified README
This commit is contained in:
LC mac
24
playbook.md
24
playbook.md
@@ -17,8 +17,8 @@ Repository structure (current):
|
||||
|
||||
- **Offline-first**: `gen`, `recover`, and `test` block network access (best-effort in-process guard).
|
||||
- **Multi-chain support**: Derives addresses for Ethereum, Solana, and Bitcoin.
|
||||
- **PGP encryption**: Encrypts a JSON payload to a PGP public key and outputs an ASCII-armored PGP message (typically saved as `.asc`). [web:46]
|
||||
- **AES-encrypted ZIP artifacts**: When `--file` is used, output is written as an AES-encrypted ZIP via `pyzipper`. [web:102]
|
||||
- **PGP encryption**: Encrypts a JSON payload to a PGP public key and outputs an ASCII-armored PGP message (typically saved as `.asc`).
|
||||
- **AES-encrypted ZIP artifacts**: When `--file` is used, output is written as an AES-encrypted ZIP via `pyzipper`.
|
||||
- **TTY safety guard + --force**: If stdout is piped/redirected (non-TTY), the tool refuses to print sensitive data unless `--force` is explicitly set (to avoid accidental leaks into logs/files). `isatty()` is the classic way to detect whether stdout is connected to a terminal.
|
||||
- **Off-screen mode**: `--off-screen` suppresses printing sensitive data to stdout.
|
||||
|
||||
@@ -42,9 +42,9 @@ python -m pip install -r requirements.txt
|
||||
### Dependencies (top-level intent)
|
||||
|
||||
- `bip-utils` — BIP39 + BIP derivation logic
|
||||
- `PGPy` — encryption to OpenPGP public keys [web:46]
|
||||
- `PGPy` — encryption to OpenPGP public keys
|
||||
- `pynacl` + `base58` — Solana seed/key handling
|
||||
- `pyzipper` — AES-encrypted ZIP writing (only needed when using `--file`) [web:102]
|
||||
- `pyzipper` — AES-encrypted ZIP writing (only needed when using `--file`)
|
||||
|
||||
---
|
||||
|
||||
@@ -97,7 +97,7 @@ python ./src/pyhdwallet.py test
|
||||
|
||||
### `--file` behavior (deterministic, secured output)
|
||||
|
||||
If `--file` is present, the tool writes **only** an AES-encrypted ZIP file (no raw `.json`/`.asc` file is left on disk). AES ZIP is implemented using `pyzipper`. [web:102]
|
||||
If `--file` is present, the tool writes **only** an AES-encrypted ZIP file (no raw `.json`/`.asc` file is left on disk). AES ZIP is implemented using `pyzipper`.
|
||||
|
||||
Default output folder:
|
||||
|
||||
@@ -119,7 +119,7 @@ Naming uses UTC timestamps (e.g. `20260106_161830Z`):
|
||||
- Optional: `--zip-password-mode auto` generates a Base58 password (length controlled by `--zip-password-len`).
|
||||
- If auto mode is used, password is shown **only if** `--show-generated-password` is set, and it prints to **stderr** (not stdout) to reduce accidental capture when stdout is redirected.
|
||||
|
||||
`pyzipper` supports AES encryption via `AESZipFile` and password-setting APIs. [web:102]
|
||||
`pyzipper` supports AES encryption via `AESZipFile` and password-setting APIs.
|
||||
|
||||
---
|
||||
|
||||
@@ -162,7 +162,7 @@ Core options:
|
||||
|
||||
PGP options:
|
||||
|
||||
- `--pgp-pubkey-file FILE` (encrypt payload to pubkey; `.asc` content) [web:46]
|
||||
- `--pgp-pubkey-file FILE` (encrypt payload to pubkey; `.asc` content)
|
||||
- `--pgp-ignore-usage-flags`
|
||||
|
||||
Artifact options:
|
||||
@@ -243,8 +243,8 @@ If running normally in your interactive terminal, stdout is a TTY and `--force`
|
||||
|
||||
- `gen` printing the mnemonic is intentionally “debug/test” behavior. Assume stdout can be recorded (scrollback, logging, screen recording, CI logs).
|
||||
- Prefer `--off-screen` for reduced exposure.
|
||||
- Prefer `--file` so artifacts go into `.wallet/` and are AES-encrypted via `pyzipper`. [web:102]
|
||||
- For stronger at-rest security: combine `--pgp-pubkey-file` + `--file` so the ZIP contains only an encrypted `.asc` payload. PGPy encryption style follows `PGPMessage.new(...)` then `pubkey.encrypt(...)`. [web:46]
|
||||
- Prefer `--file` so artifacts go into `.wallet/` and are AES-encrypted via `pyzipper`.
|
||||
- For stronger at-rest security: combine `--pgp-pubkey-file` + `--file` so the ZIP contains only an encrypted `.asc` payload. PGPy encryption style follows `PGPMessage.new(...)` then `pubkey.encrypt(...)`.
|
||||
|
||||
---
|
||||
|
||||
@@ -287,7 +287,7 @@ print("Extracted to", out_dir)
|
||||
PY
|
||||
```
|
||||
|
||||
AES ZIP support is the reason `pyzipper` is used. [web:102]
|
||||
AES ZIP support is the reason `pyzipper` is used.
|
||||
|
||||
---
|
||||
|
||||
@@ -295,8 +295,8 @@ AES ZIP support is the reason `pyzipper` is used. [web:102]
|
||||
|
||||
- **v1.0.5**
|
||||
- `--unsafe-print` removed; `gen` prints mnemonic by default (debug/test behavior).
|
||||
- `--output` removed; file payload is always JSON (unencrypted) or `.asc` (PGP encrypted). [web:46]
|
||||
- `--file` is now a boolean flag that writes **only** AES-encrypted ZIP artifacts (no raw output files). [web:102]
|
||||
- `--output` removed; file payload is always JSON (unencrypted) or `.asc` (PGP encrypted).
|
||||
- `--file` is now a boolean flag that writes **only** AES-encrypted ZIP artifacts (no raw output files).
|
||||
- Added: `--wallet-location`, `--zip-password-mode`, `--zip-password-len`, `--show-generated-password`.
|
||||
- Added: `--force` to override the non-TTY printing safety guard (use only when redirecting/piping).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user