Remove venv from previous commit

.gitignore

@@ -23,3 +23,6 @@ build/
 *.sqlite3
 *.db
 *.asc
+.venv/
+.wallet/
+.potentialfix.md

README.md

@@ -27,5 +27,5 @@ For detailed examples and security tips, see `playbook.md`.
 ## Security
 
 - Operates offline by default.
-- Use `--secure-mode` for high-security operations.
+- Use `--off-screen` for high-security operations.
 - Always verify PGP keys and run on trusted systems.

playbook.md

@@ -29,7 +29,7 @@ A command-line tool for generating and recovering HD wallets (BIP39) with suppor
 - **Private key export**: Export derived private keys in encrypted payloads.
 - **Solana profiles**: Multiple derivation paths for Solana compatibility.
 - **Self-testing**: Built-in tests to verify functionality.
-- **Secure mode**: Optional paranoid mode with memory zeroing, temp files, and no output printing for high-security use.
+- **Off-screen mode**: Optional paranoid mode with memory zeroing, temp files, and no output printing for high-security use.
 
 ## Installation
 
@@ -80,10 +80,10 @@ A command-line tool for generating and recovering HD wallets (BIP39) with suppor
    python ./src/pyhdwallet.py fetchkey "https://example.com/key.asc" --out mykey.asc
    ```
 
-4. Use secure mode for high-security operations:
+4. Use off-screen mode for high-security operations:
 
    ```bash
-   python ./src/pyhdwallet.py gen --secure-mode --pgp-pubkey-file key.asc --chains ethereum --addresses 1
+   python ./src/pyhdwallet.py gen --off-screen --pgp-pubkey-file key.asc --chains ethereum --addresses 1
    ```
 
 5. Run tests:
@@ -109,7 +109,7 @@ python ./src/pyhdwallet.py fetchkey <url> [--out FILE] [--timeout SECONDS]
 - `url`: URL to the ASCII-armored PGP key
 - `--out FILE`: Save the key to a file
 - `--timeout SECONDS`: Request timeout (default: 15)
-- `--secure-mode`: Enable secure mode (temp files, no extra output)
+- `--off-screen`: Enable off-screen mode (temp files, no extra output)
 
 **Example:**
 
@@ -131,7 +131,7 @@ python ./src/pyhdwallet.py gen [options]
 
 - `--words {12,15,18,21,24}`: Number of mnemonic words (default: 12)
 - `--dice-rolls "1 2 3 ..."`: Space-separated dice rolls for entropy
-- `--passphrase PASSPHRASE`: BIP39 passphrase
+- `--passphrase`: Prompt for BIP39 passphrase interactively
 - `--passphrase-hint HINT`: Hint for the passphrase
 - `--chains {ethereum,solana,bitcoin}`: Chains to derive (default: all)
 - `--addresses N`: Number of addresses per chain (default: 5)
@@ -143,7 +143,7 @@ python ./src/pyhdwallet.py gen [options]
 - `--export-private`: Include private keys in encrypted payload
 - `--include-source`: Include mnemonic in encrypted payload
 - `--unsafe-print`: Print mnemonic even when encrypting
-- `--secure-mode`: Enable secure mode (no printing, temp files, memory zeroing)
+- `--off-screen`: Enable off-screen mode (no printing, temp files, memory zeroing)
 
 **Examples:**
 
@@ -151,11 +151,11 @@ python ./src/pyhdwallet.py gen [options]
 # Basic generation
 python ./src/pyhdwallet.py gen
 
-# With secure mode
+# With off-screen mode
-python ./src/pyhdwallet.py gen --secure-mode --pgp-pubkey-file key.asc
+python ./src/pyhdwallet.py gen --off-screen --pgp-pubkey-file key.asc
 
 # With passphrase and encryption
-python ./src/pyhdwallet.py gen --passphrase "mysecret" --pgp-pubkey-file key.asc --export-private
+python ./src/pyhdwallet.py gen --passphrase --pgp-pubkey-file key.asc --export-private
 
 # JSON output to file
 python ./src/pyhdwallet.py gen --chains ethereum --addresses 10 --output json --file wallet.json
@@ -176,7 +176,7 @@ python ./src/pyhdwallet.py recover [options]
 - `--mnemonic MNEMONIC`: BIP39 mnemonic phrase
 - `--seed HEX_SEED`: 128-character hex seed
 - `--interactive`: Prompt for mnemonic/seed interactively
-- `--secure-mode`: Enable secure mode (no printing, temp files, memory zeroing)
+- `--off-screen`: Enable off-screen mode (no printing, temp files, memory zeroing)
 
 **Examples:**
 
@@ -198,12 +198,12 @@ Run minimal self-tests to verify functionality.
 **Usage:**
 
 ```bash
-python ./src/pyhdwallet.py test [--secure-mode]
+python ./src/pyhdwallet.py test [--off-screen]
 ```
 
 **Options:**
 
-- `--secure-mode`: Enable secure mode (no extra output)
+- `--off-screen`: Enable off-screen mode (no extra output)
 
 **Output:** Success/failure messages for derivation tests.
 
@@ -222,7 +222,7 @@ echo "-----BEGIN PGP MESSAGE-----..." | gpg -d
 ### 2. Recover from Mnemonic with Passphrase
 
 ```bash
-python ./src/pyhdwallet.py recover --mnemonic "word1 word2 ... word12" --passphrase "mypass" --chains ethereum --addresses 10 --output json
+python ./src/pyhdwallet.py recover --mnemonic "word1 word2 ... word12" --passphrase --chains ethereum --addresses 10 --output json
 ```
 
 ### 3. Fetch and Use PGP Key
@@ -235,14 +235,14 @@ python ./src/pyhdwallet.py fetchkey "https://example.com/pubkey.asc" --out mykey
 python ./src/pyhdwallet.py recover --interactive --pgp-pubkey-file mykey.asc --export-private
 ```
 
-### 4. High-Security Operations with Secure Mode
+### 4. High-Security Operations with Off-Screen Mode
 
 ```bash
 # Generate without printing sensitive data
-python ./src/pyhdwallet.py gen --secure-mode --pgp-pubkey-file key.asc --chains ethereum --addresses 1
+python ./src/pyhdwallet.py gen --off-screen --pgp-pubkey-file key.asc --chains ethereum --addresses 1
 
-# Recover in secure mode
+# Recover in off-screen mode
-python ./src/pyhdwallet.py recover --secure-mode --interactive --pgp-pubkey-file key.asc --export-private
+python ./src/pyhdwallet.py recover --off-screen --interactive --pgp-pubkey-file key.asc --export-private
 ```
 
 ### 5. Solana-Specific Derivation
@@ -256,14 +256,14 @@ python ./src/pyhdwallet.py gen --chains solana --sol-profile phantom_bip44change
 - **Offline operation**: `gen`, `recover`, and `test` commands block network access.
 - **No plaintext secrets**: Mnemonics and private keys are never printed unless encrypted or `--unsafe-print` is used.
 - **PGP encryption**: Use for secure storage of sensitive data.
-- **Secure mode**: Use `--secure-mode` for paranoid operations—suppresses output, uses temp files with auto-deletion, and zeros memory.
+- **Off-screen mode**: Use `--off-screen` for paranoid operations—suppresses output, uses temp files with auto-deletion, and zeros memory.
 - **Passphrase handling**: Passphrases are not stored; only hints are included.
 - **Private key export**: Only export what's needed; treat encrypted payloads as sensitive.
 - **File permissions**: Output files are set to owner-only (0o600) for security.
 - **Memory zeroing**: In secure mode, sensitive variables are cleared after use.
 - **Best practices**:
   - Use `--interactive` to avoid command-line history exposure.
-  - Use `--secure-mode` for high-risk operations.
+  - Use `--off-screen` for high-risk operations.
   - Verify PGP fingerprints out-of-band.
   - Run on trusted, offline machines.
 
@@ -279,6 +279,6 @@ python ./src/pyhdwallet.py gen --chains solana --sol-profile phantom_bip44change
 ## Changelog
 
 - **v1.0.3**: Changed default behavior to always show help without subcommand; added README.md; updated documentation.
-- **v1.0.2**: Security patches - added --secure-mode, memory zeroing, file permission fixes, auto-deletion in secure mode, sanitized errors.
+- **v1.0.2**: Security patches - added --off-screen, memory zeroing, file permission fixes, auto-deletion in off-screen mode, sanitized errors.
 - **v1.0.1**: Renamed to pyhdwallet, added --version flag, updated documentation, excluded _toDelete in .gitignore.
 - **v1.0.0**: Initial release with gen, recover, fetchkey, and test commands.

requirements.in

@@ -1,2 +1,6 @@
-PGPy
+base58==2.1.1
-bip-utils
+bip-utils==2.10.0
+pgpy==0.6.0
+pip-chill==1.0.3
+pip-tools==7.5.2
+pyzipper==0.3.6

requirements.txt

@@ -4,14 +4,20 @@
 #
 #    pip-compile
 #
+base58==2.1.1
+    # via -r requirements.in
 bip-utils==2.10.0
     # via -r requirements.in
+build==1.3.0
+    # via pip-tools
 cbor2==5.8.0
     # via bip-utils
 cffi==2.0.0
     # via
     #   cryptography
     #   pynacl
+click==8.3.1
+    # via pip-tools
 coincurve==21.0.0
     # via bip-utils
 crcmod==1.7
@@ -22,8 +28,14 @@ ecdsa==0.19.1
     # via bip-utils
 ed25519-blake2b==1.4.1
     # via bip-utils
+packaging==25.0
+    # via build
 pgpy==0.6.0
     # via -r requirements.in
+pip-chill==1.0.3
+    # via -r requirements.in
+pip-tools==7.5.2
+    # via -r requirements.in
 py-sr25519-bindings==0.2.3
     # via bip-utils
 pyasn1==0.6.1
@@ -32,7 +44,21 @@ pycparser==2.23
     # via cffi
 pycryptodome==3.23.0
     # via bip-utils
+pycryptodomex==3.23.0
+    # via pyzipper
 pynacl==1.6.2
     # via bip-utils
+pyproject-hooks==1.2.0
+    # via
+    #   build
+    #   pip-tools
+pyzipper==0.3.6
+    # via -r requirements.in
 six==1.17.0
     # via ecdsa
+wheel==0.45.1
+    # via pip-tools
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools

test_output.json

@@ -1,16 +0,0 @@
-{
-  "master_fingerprint": "DD1449B7",
-  "passphrase_used": false,
-  "passphrase_hint": "",
-  "dice_rolls_used": false,
-  "solana_profile": "phantom_bip44change",
-  "addresses": {
-    "ethereum": [
-      {
-        "index": 0,
-        "path": "m/44'/60'/0'/0/0",
-        "address": "0x9d3e3540f4C507ca992035607326798130051e03"
-      }
-    ]
-  }
-}