kccleoc/pyhdwallet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4933168ae4c97cbe35121603d1fcb5a867d6a209
pyhdwallet/README.md
LC mac 4933168ae4 docs: update for multi-platform vendor support (v1.1.0) 
- Update README.md with 6 vendor directories (macOS/Linux x86/ARM + dev)
- Update playbook.md with complete air-gapped workflow
- Document auto-detection in install_offline.sh
- Add dev mode documentation (--dev flag)
- Add platform-specific checksum verification commands
- Add operational security checklist
- Add vendor architecture diagram
- Document macOS native vs Docker build requirements

Complete support for:
- macOS ARM64 (Apple Silicon)
- Linux x86_64 (Intel/AMD)
- Linux aarch64 (ARM64/Raspberry Pi/Mac containers)
2026-01-12 18:22:57 +08:00

194 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# pyhdwallet Secure HD Wallet Tool
**Deterministic BIP32/BIP39/BIP44 HD wallet generator** for Bitcoin, Ethereum, and other cryptocurrencies. Designed for **air-gapped, offline use** with multi-platform support.
## 📦 Installation
### **Quick Start (macOS/Linux with Internet)**
```bash
# Clone repository
git clone https://github.com/yourusername/hdwalletpy.git
cd hdwalletpy
# Install using automated script
./install_offline.sh
```
### **Air-Gapped Installation (No Internet)**
The project includes **pre-built vendored wheels** for offline installation on:
- **macOS ARM64** (Apple Silicon)
- **Linux x86_64** (Intel/AMD servers)
- **Linux aarch64** (ARM64 servers, Raspberry Pi, Mac containers)
**Steps:**
1. **On internet-connected machine:**
```bash
git clone https://github.com/yourusername/hdwalletpy.git
cd hdwalletpy
# Verify vendor checksums
cd vendor/macos-arm64 && shasum -a 256 -c SHA256SUMS # macOS
cd vendor/linux-x86_64 && sha256sum -c SHA256SUMS # Linux x86
cd vendor/linux-aarch64 && sha256sum -c SHA256SUMS # Linux ARM
```
2. **Transfer to USB/CD:**
```bash
# Copy entire repository to USB drive
cp -r hdwalletpy /Volumes/USB/
```
3. **On air-gapped machine:**
```bash
cd /path/to/hdwalletpy
# Ensure Python 3.12 is installed
python3.12 --version
# Run offline installer (auto-detects platform)
./install_offline.sh
# Activate virtual environment
source .venv/bin/activate
# Generate wallet
python src/pyhdwallet.py gen --help
```
### **Developer Installation (with Docker)**
Build wheels and run tests across all platforms:
```bash
# Build Docker image
make build-image
# Build vendor wheels for all platforms
make vendor-all # Runtime wheels only
make vendor-all-dev # Runtime + dev wheels (pytest)
# Install development environment
make install-dev-offline
# Run tests
make test
```
## ✅ Basic Usage
```bash
# Generate wallet (prints mnemonic - debug mode)
python src/pyhdwallet.py gen
# Generate with off-screen mode + encrypted ZIP
python src/pyhdwallet.py gen --file --zip
# Generate with PGP encryption + ZIP
python src/pyhdwallet.py gen --file --zip --pgp recipient@example.com
# Recover wallet from mnemonic
python src/pyhdwallet.py recover
# Fetch PGP public key (requires internet)
python src/pyhdwallet.py fetchkey keyserver.ubuntu.com recipient@example.com
# Run tests
python src/pyhdwallet.py test
```
## 🔐 Security Features
- ✅ **BIP39** 24-word mnemonic generation
- ✅ **BIP32** hierarchical deterministic wallet derivation
- ✅ **BIP44** multi-currency account structure
- ✅ **Air-gapped operation** with vendored dependencies
- ✅ **AES-256 encrypted ZIP** artifacts with password protection
- ✅ **PGP encryption** support for at-rest storage
- ✅ **Deterministic output** for reproducible wallet generation
- ✅ **Multi-platform** offline support (macOS, Linux x86/ARM)
- ✅ **Checksum verification** for vendored wheels
## 🛠️ Makefile Targets
### **Vendoring (Air-Gapped Deployment)**
```bash
make vendor-macos # Build macOS ARM64 wheels
make vendor-macos-dev # Build macOS dev wheels (pytest)
make vendor-linux # Build Linux x86_64 wheels (Docker)
make vendor-linux-dev # Build Linux x86_64 dev wheels
make vendor-linux-arm # Build Linux ARM64 wheels (Docker)
make vendor-linux-arm-dev # Build Linux ARM64 dev wheels
make vendor-all # Build runtime wheels for ALL platforms
make vendor-all-dev # Build dev wheels for ALL platforms
make verify-vendor # Test offline installation
```
### **Binary Distribution**
```bash
make binary # Build standalone binary for current platform
make binary-linux # Build Linux binary via Docker
make binary-all # Build binaries for all platforms
```
### **Development Workflow**
```bash
make install # Create venv and install dependencies
make install-offline # Install from vendor/ (offline)
make install-dev-offline # Install dev dependencies (offline)
make test # Run test suite
make clean # Remove venv, cache, vendor/
make clean-vendor # Remove vendor/ only
```
### **Release Management**
```bash
make release # Build complete release package
make release-test # Test release binaries
make clean-release # Remove release artifacts
```
## 📖 Full Documentation
See [playbook.md](./playbook.md) for:
- Detailed air-gapped security setup
- Multi-platform installation guide
- PGP key management
- Operational security checklist
- Troubleshooting guide
- Testing and development workflows
## 🔒 Recommended Air-Gapped Setup
1. **Build/verify on trusted internet machine**
2. **Transfer via USB/CD** to air-gapped machine
3. **Verify checksums** before installation
4. **Generate wallet offline** with PGP encryption
5. **Store encrypted artifacts** on separate media
6. **Test recovery process** before real use
**Threat model:** Protects against network-based attacks, remote exploitation, and keyloggers. Physical security and operational discipline required.
## 📝 License
MIT License - See [LICENSE](./LICENSE) for details.
## 🙏 Credits
Built with:
- [bip-utils](https://github.com/ebellocchia/bip_utils) - BIP32/39/44 implementation
- [PyInstaller](https://www.pyinstaller.org/) - Binary packaging
- Python 3.12 and cryptography libraries
Reference in New Issue View Git Blame Copy Permalink