seedpgp-web/public/README.md

SeedPGP Web App

Secure BIP39 mnemonic backup tool using OpenPGP encryption

🔗 Live App: https://kccleoc.github.io/seedpgp-web-app/

About

Client-side web application for encrypting cryptocurrency seed phrases (BIP39 mnemonics) using OpenPGP encryption with QR code generation and scanning capabilities.

✨ Features

• 🔐 OpenPGP Encryption - Curve25519Legacy (cv25519) encryption
• 📱 QR Code Generation - High-quality 512x512px PNG with download
• 📸 QR Code Scanner - Camera or image upload with live preview
• 🔄 Round-trip Flow - Encrypt → QR → Scan → Decrypt seamlessly
• ✅ BIP39 Support - 12/18/24-word mnemonics with optional passphrase
• 🔒 Symmetric Encryption - Optional password-only encryption (SKESK)
• 🎯 CRC16 Validation - Frame integrity checking
• 📦 Base45 Encoding - Compact QR-friendly format (RFC 9285)
• 🌐 100% Client-Side - No backend, no data transmission

🔒 Security Notice

⚠️ Your private keys and seed phrases never leave your browser

• Static web app with no backend server
• All cryptographic operations run locally in your browser
• No data transmitted to any server
• Camera access requires HTTPS or localhost
• Always verify you're on the correct URL before use

For Maximum Security

For production use with real funds:

• 🏠 Download and run locally (`bun run dev`)
• 🔐 Use on airgapped device
• 📥 Self-host on your own domain
• 🔍 Source code: https://github.com/kccleoc/seedpgp-web (private)

📖 How to Use

Backup Flow

1. Enter your 12/24-word BIP39 mnemonic
2. Add PGP public key and/or message password (optional)
3. Generate encrypted QR code
4. Download or scan QR code for backup

Restore Flow

1. Scan QR Code using camera or upload image
2. Provide private key and/or message password
3. Decrypt to recover your mnemonic

QR Scanner Features

• 📷 Camera Mode - Live scanning with environment camera (iPhone Continuity Camera supported on macOS)
• 📁 Upload Mode - Scan from saved images or screenshots
• ✅ Auto-validation - Verifies SEEDPGP1 format before accepting

🛠 Technical Stack

• TypeScript - Type-safe development
• React 18 - Modern UI framework
• Vite 6 - Lightning-fast build tool
• OpenPGP.js v6 - RFC 4880 compliant encryption
• html5-qrcode - QR scanning library
• TailwindCSS - Utility-first styling
• Lucide React - Beautiful icons

📋 Protocol Format

``` SEEDPGP1:0:ABCD:BASE45DATA

SEEDPGP1 - Protocol identifier + version 0 - Frame number (single frame) ABCD - CRC16-CCITT-FALSE checksum BASE45 - Base45-encoded OpenPGP binary message ```

🔐 Encryption Details

• Algorithm: AES-256 (preferred symmetric cipher)
• Curve: Curve25519Legacy for modern security
• Key Format: OpenPGP RFC 4880 compliant
• Error Correction: QR Level M (15% recovery)
• Integrity: CRC16-CCITT-FALSE frame validation

📱 Browser Compatibility

• ✅ Chrome/Edge (latest)
• ✅ Safari 16+ (macOS/iOS)
• ✅ Firefox (latest)
• 📷 Camera requires HTTPS or localhost

📦 Version

Current deployment: v1.2.0

Changelog

v1.2.0 (2026-01-29)

• ✨ Added QR scanner with camera/upload support
• 📥 Added QR code download with auto-naming
• 🔧 Split state for backup/restore tabs
• 🎨 Improved QR generation quality
• 🐛 Fixed Safari camera permissions
• 📱 Added Continuity Camera support

v1.1.0 (2026-01-28)

• 🎉 Initial public release
• 🔐 OpenPGP encryption/decryption
• 📱 QR code generation
• ✅ BIP39 validation

---

Last updated: 2026-01-29

Built with ❤️ using TypeScript, React, Vite, and OpenPGP.js

License: Private source code - deployment only