From 2c3d0ecae5a9f20c48dff285f26c825999e230c3 Mon Sep 17 00:00:00 2001 From: tcsenpai Date: Sat, 13 Jul 2024 18:49:17 +0200 Subject: [PATCH] first upload --- .gitignore | 2 + README.md | 28 + data/wordlist.txt | 2048 ++++++++++++++++++++++++++++++++++++++++++ libs/cred_manager.py | 42 + libs/word_gen.py | 22 + main.py | 132 +++ requirements.txt | 1 + 7 files changed, 2275 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 data/wordlist.txt create mode 100644 libs/cred_manager.py create mode 100644 libs/word_gen.py create mode 100644 main.py create mode 100644 requirements.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9c8b26e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +data/credential.pkl +__pycache__ diff --git a/README.md b/README.md new file mode 100644 index 0000000..776e37a --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# HMyWallet + +## Description +This is a small proof of concept yet functional and working utility to safely manage a 24 words mnemonic seed using a FIDO2 authenticator and a password. + +You can use it to reliably manage your mnemonic seed and to recover it later without having to remember it or to write it down. + +## Usage +The script will create a set of credentials from your FIDO2 authenticator during the first run. This set of credentials only works with your FIDO2 authenticator and must be in the data/credential.pkl file. If you lose your FIDO2 authenticator or your credential file, you will not be able to recover your mnemonic seed. + +The script will then ask you to enter your password to authenticate your FIDO2 authenticator. +As the password is not stored anywhere, it cannot be compromised by anyone with access to your computer. +For the same reason, you will lose access to your mnemonic seed if you lose your password. + +Using the provided password, the script will then generate a 24 words mnemonic seed and print it to the console. + +You can then use this mnemonic seed to access or recover your wallet anywhere. + +# How it works +The password is hashed using SHA256, and is used as a seed to generate a hmac_secret from the provided credential.pkl file. +This hmac_secret is then used to generate a 24 words mnemonic seed using a wordlist.txt file. +This way, both the password and the hmac_secret are only kept in memory until the mnemonic seed is generated, and are not stored anywhere. + +# Credits +This script is based on the fido2 library by Yubico. + +## Disclaimer +This script is provided as is and should be used with caution. It is not tested for usage in managing mnemonic seeds in a production environment. \ No newline at end of file diff --git a/data/wordlist.txt b/data/wordlist.txt new file mode 100644 index 0000000..942040e --- /dev/null +++ b/data/wordlist.txt @@ -0,0 +1,2048 @@ +abandon +ability +able +about +above +absent +absorb +abstract +absurd +abuse +access +accident +account +accuse +achieve +acid +acoustic +acquire +across +act +action +actor +actress +actual +adapt +add +addict +address +adjust +admit +adult +advance +advice +aerobic +affair +afford +afraid +again +age +agent +agree +ahead +aim +air +airport +aisle +alarm +album +alcohol +alert +alien +all +alley +allow +almost +alone +alpha +already +also +alter +always +amateur +amazing +among +amount +amused +analyst +anchor +ancient +anger +angle +angry +animal +ankle +announce +annual +another +answer +antenna +antique +anxiety +any +apart +apology +appear +apple +approve +april +arch +arctic +area +arena +argue +arm +armed +armor +army +around +arrange +arrest +arrive +arrow +art +artefact +artist +artwork +ask +aspect +assault +asset +assist +assume +asthma +athlete +atom +attack +attend +attitude +attract +auction +audit +august +aunt +author +auto +autumn +average +avocado +avoid +awake +aware +away +awesome +awful +awkward +axis +baby +bachelor +bacon +badge +bag +balance +balcony +ball +bamboo +banana +banner +bar +barely +bargain +barrel +base +basic +basket +battle +beach +bean +beauty +because +become +beef +before +begin +behave +behind +believe +below +belt +bench +benefit +best +betray +better +between +beyond +bicycle +bid +bike +bind +biology +bird +birth +bitter +black +blade +blame +blanket +blast +bleak +bless +blind +blood +blossom +blouse +blue +blur +blush +board +boat +body +boil +bomb +bone +bonus +book +boost +border +boring +borrow +boss +bottom +bounce +box +boy +bracket +brain +brand +brass +brave +bread +breeze +brick +bridge +brief +bright +bring +brisk +broccoli +broken +bronze +broom +brother +brown +brush +bubble +buddy +budget +buffalo +build +bulb +bulk +bullet +bundle +bunker +burden +burger +burst +bus +business +busy +butter +buyer +buzz +cabbage +cabin +cable +cactus +cage +cake +call +calm +camera +camp +can +canal +cancel +candy +cannon +canoe +canvas +canyon +capable +capital +captain +car +carbon +card +cargo +carpet +carry +cart +case +cash +casino +castle +casual +cat +catalog +catch +category +cattle +caught +cause +caution +cave +ceiling +celery +cement +census +century +cereal +certain +chair +chalk +champion +change +chaos +chapter +charge +chase +chat +cheap +check +cheese +chef +cherry +chest +chicken +chief +child +chimney +choice +choose +chronic +chuckle +chunk +churn +cigar +cinnamon +circle +citizen +city +civil +claim +clap +clarify +claw +clay +clean +clerk +clever +click +client +cliff +climb +clinic +clip +clock +clog +close +cloth +cloud +clown +club +clump +cluster +clutch +coach +coast +coconut +code +coffee +coil +coin +collect +color +column +combine +come +comfort +comic +common +company +concert +conduct +confirm +congress +connect +consider +control +convince +cook +cool +copper +copy +coral +core +corn +correct +cost +cotton +couch +country +couple +course +cousin +cover +coyote +crack +cradle +craft +cram +crane +crash +crater +crawl +crazy +cream +credit +creek +crew +cricket +crime +crisp +critic +crop +cross +crouch +crowd +crucial +cruel +cruise +crumble +crunch +crush +cry +crystal +cube +culture +cup +cupboard +curious +current +curtain +curve +cushion +custom +cute +cycle +dad +damage +damp +dance +danger +daring +dash +daughter +dawn +day +deal +debate +debris +decade +december +decide +decline +decorate +decrease +deer +defense +define +defy +degree +delay +deliver +demand +demise +denial +dentist +deny +depart +depend +deposit +depth +deputy +derive +describe +desert +design +desk +despair +destroy +detail +detect +develop +device +devote +diagram +dial +diamond +diary +dice +diesel +diet +differ +digital +dignity +dilemma +dinner +dinosaur +direct +dirt +disagree +discover +disease +dish +dismiss +disorder +display +distance +divert +divide +divorce +dizzy +doctor +document +dog +doll +dolphin +domain +donate +donkey +donor +door +dose +double +dove +draft +dragon +drama +drastic +draw +dream +dress +drift +drill +drink +drip +drive +drop +drum +dry +duck +dumb +dune +during +dust +dutch +duty +dwarf +dynamic +eager +eagle +early +earn +earth +easily +east +easy +echo +ecology +economy +edge +edit +educate +effort +egg +eight +either +elbow +elder +electric +elegant +element +elephant +elevator +elite +else +embark +embody +embrace +emerge +emotion +employ +empower +empty +enable +enact +end +endless +endorse +enemy +energy +enforce +engage +engine +enhance +enjoy +enlist +enough +enrich +enroll +ensure +enter +entire +entry +envelope +episode +equal +equip +era +erase +erode +erosion +error +erupt +escape +essay +essence +estate +eternal +ethics +evidence +evil +evoke +evolve +exact +example +excess +exchange +excite +exclude +excuse +execute +exercise +exhaust +exhibit +exile +exist +exit +exotic +expand +expect +expire +explain +expose +express +extend +extra +eye +eyebrow +fabric +face +faculty +fade +faint +faith +fall +false +fame +family +famous +fan +fancy +fantasy +farm +fashion +fat +fatal +father +fatigue +fault +favorite +feature +february +federal +fee +feed +feel +female +fence +festival +fetch +fever +few +fiber +fiction +field +figure +file +film +filter +final +find +fine +finger +finish +fire +firm +first +fiscal +fish +fit +fitness +fix +flag +flame +flash +flat +flavor +flee +flight +flip +float +flock +floor +flower +fluid +flush +fly +foam +focus +fog +foil +fold +follow +food +foot +force +forest +forget +fork +fortune +forum +forward +fossil +foster +found +fox +fragile +frame +frequent +fresh +friend +fringe +frog +front +frost +frown +frozen +fruit +fuel +fun +funny +furnace +fury +future +gadget +gain +galaxy +gallery +game +gap +garage +garbage +garden +garlic +garment +gas +gasp +gate +gather +gauge +gaze +general +genius +genre +gentle +genuine +gesture +ghost +giant +gift +giggle +ginger +giraffe +girl +give +glad +glance +glare +glass +glide +glimpse +globe +gloom +glory +glove +glow +glue +goat +goddess +gold +good +goose +gorilla +gospel +gossip +govern +gown +grab +grace +grain +grant +grape +grass +gravity +great +green +grid +grief +grit +grocery +group +grow +grunt +guard +guess +guide +guilt +guitar +gun +gym +habit +hair +half +hammer +hamster +hand +happy +harbor +hard +harsh +harvest +hat +have +hawk +hazard +head +health +heart +heavy +hedgehog +height +hello +helmet +help +hen +hero +hidden +high +hill +hint +hip +hire +history +hobby +hockey +hold +hole +holiday +hollow +home +honey +hood +hope +horn +horror +horse +hospital +host +hotel +hour +hover +hub +huge +human +humble +humor +hundred +hungry +hunt +hurdle +hurry +hurt +husband +hybrid +ice +icon +idea +identify +idle +ignore +ill +illegal +illness +image +imitate +immense +immune +impact +impose +improve +impulse +inch +include +income +increase +index +indicate +indoor +industry +infant +inflict +inform +inhale +inherit +initial +inject +injury +inmate +inner +innocent +input +inquiry +insane +insect +inside +inspire +install +intact +interest +into +invest +invite +involve +iron +island +isolate +issue +item +ivory +jacket +jaguar +jar +jazz +jealous +jeans +jelly +jewel +job +join +joke +journey +joy +judge +juice +jump +jungle +junior +junk +just +kangaroo +keen +keep +ketchup +key +kick +kid +kidney +kind +kingdom +kiss +kit +kitchen +kite +kitten +kiwi +knee +knife +knock +know +lab +label +labor +ladder +lady +lake +lamp +language +laptop +large +later +latin +laugh +laundry +lava +law +lawn +lawsuit +layer +lazy +leader +leaf +learn +leave +lecture +left +leg +legal +legend +leisure +lemon +lend +length +lens +leopard +lesson +letter +level +liar +liberty +library +license +life +lift +light +like +limb +limit +link +lion +liquid +list +little +live +lizard +load +loan +lobster +local +lock +logic +lonely +long +loop +lottery +loud +lounge +love +loyal +lucky +luggage +lumber +lunar +lunch +luxury +lyrics +machine +mad +magic +magnet +maid +mail +main +major +make +mammal +man +manage +mandate +mango +mansion +manual +maple +marble +march +margin +marine +market +marriage +mask +mass +master +match +material +math +matrix +matter +maximum +maze +meadow +mean +measure +meat +mechanic +medal +media +melody +melt +member +memory +mention +menu +mercy +merge +merit +merry +mesh +message +metal +method +middle +midnight +milk +million +mimic +mind +minimum +minor +minute +miracle +mirror +misery +miss +mistake +mix +mixed +mixture +mobile +model +modify +mom +moment +monitor +monkey +monster +month +moon +moral +more +morning +mosquito +mother +motion +motor +mountain +mouse +move +movie +much +muffin +mule +multiply +muscle +museum +mushroom +music +must +mutual +myself +mystery +myth +naive +name +napkin +narrow +nasty +nation +nature +near +neck +need +negative +neglect +neither +nephew +nerve +nest +net +network +neutral +never +news +next +nice +night +noble +noise +nominee +noodle +normal +north +nose +notable +note +nothing +notice +novel +now +nuclear +number +nurse +nut +oak +obey +object +oblige +obscure +observe +obtain +obvious +occur +ocean +october +odor +off +offer +office +often +oil +okay +old +olive +olympic +omit +once +one +onion +online +only +open +opera +opinion +oppose +option +orange +orbit +orchard +order +ordinary +organ +orient +original +orphan +ostrich +other +outdoor +outer +output +outside +oval +oven +over +own +owner +oxygen +oyster +ozone +pact +paddle +page +pair +palace +palm +panda +panel +panic +panther +paper +parade +parent +park +parrot +party +pass +patch +path +patient +patrol +pattern +pause +pave +payment +peace +peanut +pear +peasant +pelican +pen +penalty +pencil +people +pepper +perfect +permit +person +pet +phone +photo +phrase +physical +piano +picnic +picture +piece +pig +pigeon +pill +pilot +pink +pioneer +pipe +pistol +pitch +pizza +place +planet +plastic +plate +play +please +pledge +pluck +plug +plunge +poem +poet +point +polar +pole +police +pond +pony +pool +popular +portion +position +possible +post +potato +pottery +poverty +powder +power +practice +praise +predict +prefer +prepare +present +pretty +prevent +price +pride +primary +print +priority +prison +private +prize +problem +process +produce +profit +program +project +promote +proof +property +prosper +protect +proud +provide +public +pudding +pull +pulp +pulse +pumpkin +punch +pupil +puppy +purchase +purity +purpose +purse +push +put +puzzle +pyramid +quality +quantum +quarter +question +quick +quit +quiz +quote +rabbit +raccoon +race +rack +radar +radio +rail +rain +raise +rally +ramp +ranch +random +range +rapid +rare +rate +rather +raven +raw +razor +ready +real +reason +rebel +rebuild +recall +receive +recipe +record +recycle +reduce +reflect +reform +refuse +region +regret +regular +reject +relax +release +relief +rely +remain +remember +remind +remove +render +renew +rent +reopen +repair +repeat +replace +report +require +rescue +resemble +resist +resource +response +result +retire +retreat +return +reunion +reveal +review +reward +rhythm +rib +ribbon +rice +rich +ride +ridge +rifle +right +rigid +ring +riot +ripple +risk +ritual +rival +river +road +roast +robot +robust +rocket +romance +roof +rookie +room +rose +rotate +rough +round +route +royal +rubber +rude +rug +rule +run +runway +rural +sad +saddle +sadness +safe +sail +salad +salmon +salon +salt +salute +same +sample +sand +satisfy +satoshi +sauce +sausage +save +say +scale +scan +scare +scatter +scene +scheme +school +science +scissors +scorpion +scout +scrap +screen +script +scrub +sea +search +season +seat +second +secret +section +security +seed +seek +segment +select +sell +seminar +senior +sense +sentence +series +service +session +settle +setup +seven +shadow +shaft +shallow +share +shed +shell +sheriff +shield +shift +shine +ship +shiver +shock +shoe +shoot +shop +short +shoulder +shove +shrimp +shrug +shuffle +shy +sibling +sick +side +siege +sight +sign +silent +silk +silly +silver +similar +simple +since +sing +siren +sister +situate +six +size +skate +sketch +ski +skill +skin +skirt +skull +slab +slam +sleep +slender +slice +slide +slight +slim +slogan +slot +slow +slush +small +smart +smile +smoke +smooth +snack +snake +snap +sniff +snow +soap +soccer +social +sock +soda +soft +solar +soldier +solid +solution +solve +someone +song +soon +sorry +sort +soul +sound +soup +source +south +space +spare +spatial +spawn +speak +special +speed +spell +spend +sphere +spice +spider +spike +spin +spirit +split +spoil +sponsor +spoon +sport +spot +spray +spread +spring +spy +square +squeeze +squirrel +stable +stadium +staff +stage +stairs +stamp +stand +start +state +stay +steak +steel +stem +step +stereo +stick +still +sting +stock +stomach +stone +stool +story +stove +strategy +street +strike +strong +struggle +student +stuff +stumble +style +subject +submit +subway +success +such +sudden +suffer +sugar +suggest +suit +summer +sun +sunny +sunset +super +supply +supreme +sure +surface +surge +surprise +surround +survey +suspect +sustain +swallow +swamp +swap +swarm +swear +sweet +swift +swim +swing +switch +sword +symbol +symptom +syrup +system +table +tackle +tag +tail +talent +talk +tank +tape +target +task +taste +tattoo +taxi +teach +team +tell +ten +tenant +tennis +tent +term +test +text +thank +that +theme +then +theory +there +they +thing +this +thought +three +thrive +throw +thumb +thunder +ticket +tide +tiger +tilt +timber +time +tiny +tip +tired +tissue +title +toast +tobacco +today +toddler +toe +together +toilet +token +tomato +tomorrow +tone +tongue +tonight +tool +tooth +top +topic +topple +torch +tornado +tortoise +toss +total +tourist +toward +tower +town +toy +track +trade +traffic +tragic +train +transfer +trap +trash +travel +tray +treat +tree +trend +trial +tribe +trick +trigger +trim +trip +trophy +trouble +truck +true +truly +trumpet +trust +truth +try +tube +tuition +tumble +tuna +tunnel +turkey +turn +turtle +twelve +twenty +twice +twin +twist +two +type +typical +ugly +umbrella +unable +unaware +uncle +uncover +under +undo +unfair +unfold +unhappy +uniform +unique +unit +universe +unknown +unlock +until +unusual +unveil +update +upgrade +uphold +upon +upper +upset +urban +urge +usage +use +used +useful +useless +usual +utility +vacant +vacuum +vague +valid +valley +valve +van +vanish +vapor +various +vast +vault +vehicle +velvet +vendor +venture +venue +verb +verify +version +very +vessel +veteran +viable +vibrant +vicious +victory +video +view +village +vintage +violin +virtual +virus +visa +visit +visual +vital +vivid +vocal +voice +void +volcano +volume +vote +voyage +wage +wagon +wait +walk +wall +walnut +want +warfare +warm +warrior +wash +wasp +waste +water +wave +way +wealth +weapon +wear +weasel +weather +web +wedding +weekend +weird +welcome +west +wet +whale +what +wheat +wheel +when +where +whip +whisper +wide +width +wife +wild +will +win +window +wine +wing +wink +winner +winter +wire +wisdom +wise +wish +witness +wolf +woman +wonder +wood +wool +word +work +world +worry +worth +wrap +wreck +wrestle +wrist +write +wrong +yard +year +yellow +you +young +youth +zebra +zero +zone +zoo diff --git a/libs/cred_manager.py b/libs/cred_manager.py new file mode 100644 index 0000000..5b5ce3f --- /dev/null +++ b/libs/cred_manager.py @@ -0,0 +1,42 @@ + +import os +import pickle +import sys + +def create_credential(client, rp, user, challenge): + # Create a random challenge + challenge = os.urandom(16) + # Create a credential with a HmacSecret + result = client.make_credential( + { + "rp": rp, + "user": user, + "challenge": challenge, + "pubKeyCredParams": [{"type": "public-key", "alg": -7}], + "extensions": {"hmacCreateSecret": True}, + }, + ) + + # HmacSecret result: + if not result.extension_results.get("hmacCreateSecret"): + print("Failed to create credential with HmacSecret") + sys.exit(1) + + credential = result.attestation_object.auth_data.credential_data + print("New credential created, with the HmacSecret extension.") + # Saving credential to file with pickle + with open("credential.pkl", "wb") as f: + pickle.dump(credential, f) + return credential + +def load_credential(): + try: + with open("data/credential.pkl", "rb") as f: + print("Loading credential from file") + return pickle.load(f) + except FileNotFoundError: + print("No credential found, creating new one") + return None + except Exception as e: + print("Failed to load credential from file:", e) + return None diff --git a/libs/word_gen.py b/libs/word_gen.py new file mode 100644 index 0000000..1563ef2 --- /dev/null +++ b/libs/word_gen.py @@ -0,0 +1,22 @@ +import binascii + +# Can generate a mnemonic seed from data of 16, 20, 24, 28 or 32 bytes +def gen_from_data(data): + # Checking if the data length is correct + if len(data) not in [16, 20, 24, 28, 32]: + raise ValueError( + "Data length should be one of the following: [16, 20, 24, 28, 32], but it is not (%d).” % len(data)" + ) + + # Converting the data to binary + bindata = bin(int(binascii.hexlify(data), 16))[2:].zfill(8 * len(data)) + + # Opening wordlist + with open("data/wordlist.txt", "r") as f: + wordlist = [w.strip() for w in f.readlines()] + # Generating a seed from the binary data + seed = [] + for i in range(len(bindata)//11): + index = int(bindata[11*i:11*(i+1)],2) + seed.append(wordlist[index]) + return seed \ No newline at end of file diff --git a/main.py b/main.py new file mode 100644 index 0000000..f98cd1c --- /dev/null +++ b/main.py @@ -0,0 +1,132 @@ +# Copyright (c) 2018 Yubico AB +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +""" +Connects to the first FIDO device found which supports the HmacSecret extension, +creates a new credential for it with the extension enabled, and uses it to +derive two separate secrets. +""" +from fido2.hid import CtapHidDevice +from fido2.client import Fido2Client, UserInteraction +from getpass import getpass +import libs.word_gen as word_gen +import libs.cred_manager as cred_manager +import hashlib +import sys +import os + +# Utilities + +def sha256(data): + enc = hashlib.sha256() + enc.update(data.encode()) + return enc.digest() + +# FIDO2 + +try: + from fido2.pcsc import CtapPcscDevice +except ImportError: + CtapPcscDevice = None + + +def enumerate_devices(): + for dev in CtapHidDevice.list_devices(): + yield dev + if CtapPcscDevice: + for dev in CtapPcscDevice.list_devices(): + yield dev + +# Handle user interaction +class CliInteraction(UserInteraction): + def prompt_up(self): + print("\nTouch your authenticator device now...\n") + + def request_pin(self, permissions, rd_id): + return getpass("Enter PIN: ") + + def request_uv(self, permissions, rd_id): + print("User Verification required.") + return True + + def locate_device(): + # Locate a device + for dev in enumerate_devices(): + client = Fido2Client(dev, "https://localhost", user_interaction=CliInteraction()) + if "hmac-secret" in client.info.extensions: + break + else: + print("No Authenticator with the HmacSecret extension found!") + sys.exit(1) + return client + +# Main +if __name__ == "__main__": + # Prepare parameters for makeCredential and getAssertion + rp = {"id": "localhost", "name": "HMyWallet"} + user = {"id": b"1", "name": "HMyWalletUser"} + + # Locate a device + client = CliInteraction.locate_device() + + # Loading or creating a new credential + credential = cred_manager.load_credential() + if not credential: + credential = cred_manager.create_credential(client, rp, user) + + # Prepare parameters for getAssertion + challenge = os.urandom(16) # Use a new challenge for each call. + allow_list = [{"type": "public-key", "id": credential.credential_id}] + + # Ask user for password + password = getpass("[+] Enter your password: ") + # Generate a salt for HmacSecret: + password_hash = sha256(password) #os.urandom(32) + print("[OK] Password hashed and ready for authentication") + + # Authenticate the credential + result = client.get_assertion( + { + "rpId": rp["id"], + "challenge": challenge, + "allowCredentials": allow_list, + "extensions": {"hmacGetSecret": {"salt1": password_hash}}, + }, + ).get_response( + 0 + ) # Only one cred in allowList, only one response. + + secret = result.extension_results["hmacGetSecret"]["output1"] + print("[OK] Authenticated and secret retrieved") + + mnemonic_words = word_gen.gen_from_data(secret) + mnemonic_string = " ".join(mnemonic_words) + print("\nALERT: This is your mnemonic seed. Keep it in a safe place. You will need it to recover your wallet.") + print("If you lose it, you will lose access to your wallet. There is no way to recover it later.") + print("Anyone with access to your mnemonic seed can recover your wallet. Keep it in a secure location.") + print("For security reasons, it is adviced to not save it in plain text: you can use your password and this script to recover it.") + print("\nMnemonic words:\n", mnemonic_string) \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..50f79c6 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +fido2 \ No newline at end of file