Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

BIP39 Compute Binary Seed from Mnemonic

See more Encryption Examples

Creates a binary seed from a mnemonic. Uses the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.BinData,
  Chilkat.Crypt2;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  crypt: TCrypt2;
  mnemonic: string;
  passphrase: string;
  expectedSeed: string;
  expectedMasterKey: string;
  bdSalt: TBinData;
  computedSeed: string;
  bdSeed: TBinData;
  hmacSha512_hex: string;
  bdHmac: TBinData;
  bdXprv: TBinData;
  bdHash: TBinData;
  secondHash: string;
  computedMasterKey: string;

begin
  //  This example assumes the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  crypt := TCrypt2.Create;

  //  Test with the test vectors at https://github.com/trezor/python-mnemonic/blob/master/vectors.json

  //  This is the 2nd test vector..
  mnemonic := 'legal winner thank year wave sausage worth useful legal winner thank yellow';
  passphrase := 'TREZOR';
  expectedSeed := '2e8905819b8723fe2c1d161860e5ee1830318dbf49a83bd451cfb8440c28bd6fa457fe1296106559a3c80937a1c1069be3a3a5bd381ee6260e8d9739fce1f607';
  expectedMasterKey := 'xprv9s21ZrQH143K2gA81bYFHqU68xz1cX2APaSq5tt6MFSLeXnCKV1RVUJt9FWNTbrrryem4ZckN8k4Ls1H6nwdvDTvnV7zEXs2HgPezuVccsq';

  //  The mnemonic sentence (in UTF-8 NFKD) used as the password.
  //  The string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
  //  The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function.
  //  The length of the derived key is 512 bits (= 64 bytes). 

  //  We want the computed seed to be lowercase hex, therefore our salt must also be hex.
  //  The seed is the keyword "mnemonic" + passphrase (in this case is "TREZOR") converted to hex.
  bdSalt := TBinData.Create;
  bdSalt.AppendString('mnemonic','utf-8');
  bdSalt.AppendString(passphrase,'utf-8');

  computedSeed := crypt.Pbkdf2(mnemonic,'utf-8','sha512',bdSalt.GetEncoded('hex_lower'),2048,512,'hex_lower');

  WriteLn('Expected: ' + expectedSeed);
  WriteLn('Computed: ' + computedSeed);

  //  To compute the hd_master_key, duplicate this Python code:

  //      def to_hd_master_key(seed: bytes, testnet: bool = False) -> str:
  //          if len(seed) != 64:
  //              raise ValueError("Provided seed should have length of 64")
  //  
  //          # Compute HMAC-SHA512 of seed
  //          seed = hmac.new(b"Bitcoin seed", seed, digestmod=hashlib.sha512).digest()
  //  
  //          # Serialization format can be found at: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Serialization_format
  //          xprv = b"\x04\x88\xad\xe4"  # Version for private mainnet
  //          if testnet:
  //              xprv = b"\x04\x35\x83\x94"  # Version for private testnet
  //          xprv += b"\x00" * 9  # Depth, parent fingerprint, and child number
  //          xprv += seed[32:]  # Chain code
  //          xprv += b"\x00" + seed[:32]  # Master key
  //  
  //          # Double hash using SHA256
  //          hashed_xprv = hashlib.sha256(xprv).digest()
  //          hashed_xprv = hashlib.sha256(hashed_xprv).digest()
  //  
  //          # Append 4 bytes of checksum
  //          xprv += hashed_xprv[:4]
  //  
  //          # Return base58
  //          return b58encode(xprv)

  //  First compute the HMAC-SHA512 of the computedSeed
  bdSeed := TBinData.Create;
  bdSeed.AppendEncoded(computedSeed,'hex_lower');
  crypt.EncodingMode := 'hex_lower';
  crypt.HashAlgorithm := 'sha512';
  crypt.SetMacKeyString('Bitcoin seed');
  hmacSha512_hex := crypt.MacBdENC(bdSeed);

  bdHmac := TBinData.Create;
  bdHmac.AppendEncoded(hmacSha512_hex,'hex_lower');

  bdXprv := TBinData.Create;
  bdXprv.AppendEncoded('0488ade4','hex_lower');
  bdXprv.AppendEncoded('000000000000000000','hex_lower');
  bdXprv.AppendEncoded(bdHmac.GetEncodedChunk(32,32,'hex_lower'),'hex_lower');
  bdXprv.AppendByte(0);
  bdXprv.AppendEncoded(bdHmac.GetEncodedChunk(0,32,'hex_lower'),'hex_lower');

  //  Double hash using SHA256
  crypt.EncodingMode := 'hex_lower';
  crypt.HashAlgorithm := 'sha256';

  bdHash := TBinData.Create;
  bdHash.AppendEncoded(crypt.HashBdENC(bdXprv),'hex_lower');
  secondHash := crypt.HashBdENC(bdHash);
  bdHash.Clear();
  bdHash.AppendEncoded(secondHash,'hex_lower');

  //  Append the 1st 4 bytes of the bdHash to bdXprv.
  bdXprv.AppendEncoded(bdHash.GetEncodedChunk(0,4,'hex_lower'),'hex_lower');

  //  Base58 encode bdXprv
  computedMasterKey := bdXprv.GetEncoded('base58');

  WriteLn('Expected Master Key: ' + expectedMasterKey);
  WriteLn('Computed Master Key: ' + computedMasterKey);


  crypt.Free;
  bdSalt.Free;
  bdSeed.Free;
  bdHmac.Free;
  bdXprv.Free;
  bdHash.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.