Sample code for 30+ languages & platforms
Tcl

BIP39 Compute Binary Seed from Mnemonic

See more Encryption Examples

Creates a binary seed from a mnemonic. Uses the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set crypt [new_CkCrypt2]

# Test with the test vectors at https://github.com/trezor/python-mnemonic/blob/master/vectors.json

# This is the 2nd test vector..
set mnemonic "legal winner thank year wave sausage worth useful legal winner thank yellow"
set passphrase "TREZOR"
set expectedSeed "2e8905819b8723fe2c1d161860e5ee1830318dbf49a83bd451cfb8440c28bd6fa457fe1296106559a3c80937a1c1069be3a3a5bd381ee6260e8d9739fce1f607"
set expectedMasterKey "xprv9s21ZrQH143K2gA81bYFHqU68xz1cX2APaSq5tt6MFSLeXnCKV1RVUJt9FWNTbrrryem4ZckN8k4Ls1H6nwdvDTvnV7zEXs2HgPezuVccsq"

# The mnemonic sentence (in UTF-8 NFKD) used as the password.
# The string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
# The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function.
# The length of the derived key is 512 bits (= 64 bytes). 

# We want the computed seed to be lowercase hex, therefore our salt must also be hex.
# The seed is the keyword "mnemonic" + passphrase (in this case is "TREZOR") converted to hex.
set bdSalt [new_CkBinData]

CkBinData_AppendString $bdSalt "mnemonic" "utf-8"
CkBinData_AppendString $bdSalt $passphrase "utf-8"

set computedSeed [CkCrypt2_pbkdf2 $crypt $mnemonic "utf-8" "sha512" [CkBinData_getEncoded $bdSalt "hex_lower"] 2048 512 "hex_lower"]

puts "Expected: $expectedSeed"
puts "Computed: $computedSeed"

# To compute the hd_master_key, duplicate this Python code:

#     def to_hd_master_key(seed: bytes, testnet: bool = False) -> str:
#         if len(seed) != 64:
#             raise ValueError("Provided seed should have length of 64")
# 
#         # Compute HMAC-SHA512 of seed
#         seed = hmac.new(b"Bitcoin seed", seed, digestmod=hashlib.sha512).digest()
# 
#         # Serialization format can be found at: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Serialization_format
#         xprv = b"\x04\x88\xad\xe4"  # Version for private mainnet
#         if testnet:
#             xprv = b"\x04\x35\x83\x94"  # Version for private testnet
#         xprv += b"\x00" * 9  # Depth, parent fingerprint, and child number
#         xprv += seed[32:]  # Chain code
#         xprv += b"\x00" + seed[:32]  # Master key
# 
#         # Double hash using SHA256
#         hashed_xprv = hashlib.sha256(xprv).digest()
#         hashed_xprv = hashlib.sha256(hashed_xprv).digest()
# 
#         # Append 4 bytes of checksum
#         xprv += hashed_xprv[:4]
# 
#         # Return base58
#         return b58encode(xprv)

# First compute the HMAC-SHA512 of the computedSeed
set bdSeed [new_CkBinData]

CkBinData_AppendEncoded $bdSeed $computedSeed "hex_lower"
CkCrypt2_put_EncodingMode $crypt "hex_lower"
CkCrypt2_put_HashAlgorithm $crypt "sha512"
CkCrypt2_SetMacKeyString $crypt "Bitcoin seed"
set hmacSha512_hex [CkCrypt2_macBdENC $crypt $bdSeed]

set bdHmac [new_CkBinData]

CkBinData_AppendEncoded $bdHmac $hmacSha512_hex "hex_lower"

set bdXprv [new_CkBinData]

CkBinData_AppendEncoded $bdXprv "0488ade4" "hex_lower"
CkBinData_AppendEncoded $bdXprv "000000000000000000" "hex_lower"
CkBinData_AppendEncoded $bdXprv [CkBinData_getEncodedChunk $bdHmac 32 32 "hex_lower"] "hex_lower"
CkBinData_AppendByte $bdXprv 0
CkBinData_AppendEncoded $bdXprv [CkBinData_getEncodedChunk $bdHmac 0 32 "hex_lower"] "hex_lower"

# Double hash using SHA256
CkCrypt2_put_EncodingMode $crypt "hex_lower"
CkCrypt2_put_HashAlgorithm $crypt "sha256"

set bdHash [new_CkBinData]

CkBinData_AppendEncoded $bdHash [CkCrypt2_hashBdENC $crypt $bdXprv] "hex_lower"
set secondHash [CkCrypt2_hashBdENC $crypt $bdHash]
CkBinData_Clear $bdHash
CkBinData_AppendEncoded $bdHash $secondHash "hex_lower"

# Append the 1st 4 bytes of the bdHash to bdXprv.
CkBinData_AppendEncoded $bdXprv [CkBinData_getEncodedChunk $bdHash 0 4 "hex_lower"] "hex_lower"

# Base58 encode bdXprv
set computedMasterKey [CkBinData_getEncoded $bdXprv "base58"]

puts "Expected Master Key: $expectedMasterKey"
puts "Computed Master Key: $computedMasterKey"

delete_CkCrypt2 $crypt
delete_CkBinData $bdSalt
delete_CkBinData $bdSeed
delete_CkBinData $bdHmac
delete_CkBinData $bdXprv
delete_CkBinData $bdHash