🔐 Sigil

Multi-chain secure cryptocurrency key generation and sharing CLI with Shamir's Secret Sharing

A beautiful, modern terminal tool for generating, managing, and securing cryptocurrency private keys across Ethereum, Bitcoin, and Solana with advanced features like Shamir's Secret Sharing, encrypted keystores, QR code generation, and an intuitive TUI interface.

Category	Badge
License
Rust
Build

---

✨ Features

🎨 Modern CLI Experience

• Colorful Terminal Output: Beautiful, Python-like CLI with color-coded information
• Interactive TUI: Full-screen terminal UI with arrow key navigation
• Script-Friendly: Silent mode for automation and trading bots
• Cross-Platform: Works on macOS, Linux, and Windows

🔑 Multi-Chain Key Management

• 3 Blockchains Supported: Ethereum, Bitcoin, and Solana
• Secure Generation: CSPRNG-based private key generation with optional user entropy
• BIP-39 Mnemonics: Generate 12/24-word recovery phrases with checksum validation
• HD Wallets: BIP-32 (secp256k1) and SLIP-0010 (ed25519) hierarchical deterministic key derivation
• Bitcoin Address Types: Legacy (P2PKH), SegWit (P2WPKH), and Taproot (P2TR)
• Solana Support: Ed25519 keys with Base58 address encoding
• Keystore V3: Password-encrypted JSON keystores (Ethereum Web3 Secret Storage)
• Load & Decrypt: Import existing keystores via TUI or CLI

🔀 Shamir's Secret Sharing

• M-of-N Splitting: Split keys into N shares, requiring M to recover
• Visual Share Management: TUI with scrolling for 5+ shares
• Dynamic Share Recovery: Configurable 3-10 share slots with add/remove capability
• Secure Recovery: Combine shares to reconstruct original key
• Post-Recovery Options: View key, save to encrypted keystore, or return to menu
• QR Code Export: Generate QR codes for shares (terminal ASCII or SVG file)

🖥️ Interactive TUI

• Arrow Key Navigation: Navigate menus with ↑/↓, confirm with Enter
• Chain Selection: Choose Ethereum, Bitcoin, or Solana before generation
• Bitcoin Address Types: Select Legacy, SegWit, or Taproot format
• Load Keystore Screen: Import and decrypt existing wallets
• Generate → Split Workflow: Seamless key generation and sharing
• Combine → Save → View: Recover shares and optionally save/view key
• Security Warnings: Prominent alerts before displaying sensitive data

💻 CLI Commands

• Generate: Create new wallets with various options
• Split/Combine: Shamir secret sharing operations
• Keystore Decrypt: Extract private keys from encrypted files
• Keystore Inspect: View keystore metadata without password
• Derive: Generate addresses from mnemonics
• Verify: Validate BIP-39 mnemonic phrases

🔒 Security

• Memory Safety: Rust's ownership system + automatic zeroization
• No Copy-Paste: Direct memory transfers in TUI workflows
• Encrypted Storage: Scrypt KDF with AES-128-CTR encryption
• Input Validation: All keys validated against secp256k1 curve order
• Standards Compliant: BIP-39, BIP-32, BIP-44, EIP-55, Web3 Secret Storage

---

📦 Installation

# Clone the repository
git clone https://github.com/aviksaikat/sigil.git
cd sigil

# Build release binary
cargo build --release

# Run
./target/release/sigil --help

Quick Commands (Makefile / Justfile)

Using Make:

make help          # Show all commands
make build         # Build release binary
make tui           # Launch interactive TUI
make share         # 🚀 Generate & split (RECOMMENDED)
make test          # Run all tests

Using Just (modern Rust tool):

# Install: cargo install just
just               # List all commands
just build         # Build release binary
just tui           # Launch interactive TUI
just share         # 🚀 Generate & split (RECOMMENDED)

---

🚀 Quick Start

Interactive TUI (Recommended)

Launch the beautiful Terminal User Interface:

sigil tui

Main Menu:

═══════════════════════════════════════════════════════════════
🔐 Sigil - Secure Key Management
═══════════════════════════════════════════════════════════════

Menu
─────────────────────────────────────────────────────────────

  ► 1. Generate New Wallet
    2. Load Existing Keystore          [NEW!]
    3. Split Key (Shamir's Secret Sharing)
    4. Combine Shares
    Q. Quit

─────────────────────────────────────────────────────────────
↑/↓ or number keys to select | ENTER to confirm | Q to quit

Navigation:

• Arrow Keys: ↑/↓ to navigate, Enter to confirm
• Number Shortcuts: Press 1, 2, 3, 4 for quick access
• ESC: Go back to previous screen
• Q or Ctrl+C: Quit application

---

🎨 Beautiful CLI Output

All CLI commands feature colorful, modern output:

Example: Generate Wallet

sigil generate --words 24

Output:

══════════════════════════════════════════════════════════════════════
🔐 GENERATING NEW WALLET (24 words)
══════════════════════════════════════════════════════════════════════

📝 Mnemonic Phrase
═══════════════════════════════════════════════════════════════════════
 1. abandon           2. ability           3. able              4. about
 5. above             6. absent            7. absorb            8. abstract
 ... [24 words total - BRIGHT MAGENTA + BOLD]
═══════════════════════════════════════════════════════════════════════

🔑 Derived Addresses
──────────────────────────────────────────────────────────────────────

Address #0
  Address: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0  [GREEN + BOLD]
  Path: m/44'/60'/0'/0/0  [CYAN]
  Private Key: 0x1234567890abcdef...  [YELLOW + BOLD]

⚠️  SECURITY WARNING  [RED + BOLD]
──────────────────────────────────────────────────────────────────────
  • Write down your mnemonic phrase on paper
  • Store it in a secure location
  • Never share it with anyone
  • This mnemonic gives full access to your funds

Example: Decrypt Keystore

sigil keystore decrypt --file wallet.json

Output:

══════════════════════════════════════════════════════════════════════
🔓 DECRYPTING KEYSTORE
══════════════════════════════════════════════════════════════════════

ℹ File: wallet.json

📋 Keystore Information
──────────────────────────────────────────────────────────────────────
  Address: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0  [GREEN]
  UUID: 550e8400-e29b-41d4-a716-446655440000  [CYAN]

Enter keystore password: ********

🔒 Decrypting with scrypt...

✓ Keystore decrypted successfully!  [GREEN]

🔑 Private Key (hex)
──────────────────────────────────────────────────────────────────────
  0x1234567890abcdef...  [YELLOW + BOLD]

📍 Ethereum Address
──────────────────────────────────────────────────────────────────────
  0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0  [GREEN]

---

💻 CLI Commands

Generate Wallet

# Generate 24-word mnemonic (recommended)
sigil generate --words 24

# Generate with encrypted keystore
sigil generate --words 24 --output wallet.json

# Generate multiple addresses
sigil generate --words 24 --addresses 5

Keystore Operations

# Decrypt keystore (interactive)
sigil keystore decrypt --file wallet.json

# Silent mode for scripts (outputs only hex key)
sigil keystore decrypt --file wallet.json --silent

# Inspect keystore without password
sigil keystore inspect --file wallet.json

Silent Mode Example:

# Capture key in variable for trading bots
KEY=$(sigil keystore decrypt --file trading.json --silent)
echo "Key loaded: ${KEY:0:10}..."

# Use in automated scripts
./trading_bot --key "$KEY" --exchange binance

Shamir Secret Sharing

# Split key from encrypted keystore (RECOMMENDED - no copy-paste)
sigil split --threshold 2 --shares 3 --file wallet.json

# Split key directly (DEPRECATED - legacy support)
sigil split --threshold 2 --shares 3 --key 0xYOUR_PRIVATE_KEY

# Combine shares to recover key
sigil combine --shares SHARE1 SHARE2

Multi-Chain Support

Bitcoin Addresses:

# Generate Bitcoin wallet (choose address type in TUI)
sigil tui
# → Select "Generate New Wallet"
# → Choose "Bitcoin"
# → Select address type:
#    - Legacy (P2PKH): Starts with 1...
#    - SegWit (P2WPKH): Starts with bc1q... (recommended)
#    - Taproot (P2TR): Starts with bc1p...

Solana Addresses:

# Generate Solana wallet with ed25519 keys
sigil tui
# → Select "Generate New Wallet"
# → Choose "Solana"
# → Address will be Base58-encoded (44 characters)

Chain-Specific Derivation Paths:

• Ethereum: m/44'/60'/0'/0/0
• Bitcoin Legacy: m/44'/0'/0'/0/0
• Bitcoin SegWit: m/84'/0'/0'/0/0
• Bitcoin Taproot: m/86'/0'/0'/0/0
• Solana: m/44'/501'/0'/0'

Address Derivation

# Derive address from mnemonic
sigil derive --mnemonic "word1 word2 ... word24" --path "m/44'/60'/0'/0/0"

# Verify mnemonic validity
sigil verify --mnemonic "word1 word2 ... word24"

---

🎯 Complete Workflows

Workflow 1: Generate & Split (Recommended)

Using Make/Just (Fastest):

# One command to generate and split
make share

# Custom configuration (3-of-5 shares)
make share-custom THRESHOLD=3 SHARES=5 WORDS=24

Using TUI (Interactive):

sigil tui

# 1. Select: "1. Generate New Wallet"
# 2. Choose: "2. 24 words (recommended)"
# 3. (Optional) Add entropy by typing random characters
# 4. (Optional) Save encrypted keystore
# 5. Select: "2. Split key into Shamir shares"
# 6. Configure threshold (e.g., 2-of-3)
# 7. Shares generated - write them down!

Workflow 2: Load Existing Keystore

TUI Method:

sigil tui

# 1. Select: "2. Load Existing Keystore"
# 2. Enter file path: wallet.json
# 3. Enter password: ********
# 4. Choose action:
#    - View private key (for trading platforms)
#    - Split into Shamir shares (for backup)
#    - Return to menu

CLI Method:

# View keystore info (no password)
sigil keystore inspect --file wallet.json

# Decrypt and view key
sigil keystore decrypt --file wallet.json

# Extract key for scripts
KEY=$(sigil keystore decrypt --file wallet.json --silent)

Workflow 3: Recover from Shares

Using TUI:

sigil tui

# 1. Select: "4. Combine Shares"
# 2. Paste shares (minimum 2+ for 2-of-3)
# 3. System shows recovered address
# 4. Choose action:
#    - View private key (⚠️ sensitive)
#    - Save to encrypted keystore (✅ RECOMMENDED)
#    - Return to menu
# 5. If saving:
#    - Enter filename: recovered_wallet.json
#    - Enter password: ********
#    - ✅ Keystore saved!
#    - View key now? Yes/No

Using CLI:

sigil combine --shares "SHARE1" "SHARE2"

Workflow 4: Trading Bot Integration

#!/bin/bash
# trading_startup.sh - Automated trading bot launcher

set -e

KEYSTORE_DIR="$HOME/.keystores"

echo "🤖 Starting Trading Bot..."

# Load multiple wallets for different exchanges
BINANCE_KEY=$(sigil keystore decrypt --file "$KEYSTORE_DIR/binance.json" --silent)
COINBASE_KEY=$(sigil keystore decrypt --file "$KEYSTORE_DIR/coinbase.json" --silent)

echo "✓ All wallets loaded"

# Start trading bot with keys
./trading_bot \
  --binance-key "$BINANCE_KEY" \
  --coinbase-key "$COINBASE_KEY" \
  --mode live

# Keys automatically cleared when script exits

---

🔒 Security Features

Cryptography

• CSPRNG: OS-level cryptographically secure random number generator
• Enhanced Entropy: Optional user input mixed with TWO independent OS CSPRNG sources
  • Formula: Keccak256(os_csprng_1 || user_input || os_csprng_2)
  • Prevents manipulation: Even if user input is predictable, OS entropy ensures security
• secp256k1: rust-bitcoin implementation (wraps libsecp256k1 - Bitcoin Core's library)
• Memory Safety: Rust ownership + automatic zeroization on drop
• Input Validation: All keys validated against secp256k1 curve order

Password Security

• Hidden Input: Passwords never echoed to screen
• No Command History: Not stored in terminal history or process list
• Confirmation Required: Enter password twice to prevent typos
• Minimum Requirements: 8+ characters enforced

TUI Security

• In-Memory Operations: Generate → Split workflow keeps keys in memory
• No Clipboard: Primary workflows eliminate copy-paste exposure
• Security Warnings: Prominent warnings before displaying sensitive data
• Automatic Cleanup: Keys zeroized on screen exit
• View Confirmations: Explicit "Are you sure?" prompts before showing keys

Standards Compliance

• BIP-39: Mnemonic code for generating deterministic keys
• BIP-32: Hierarchical Deterministic Wallets
• BIP-44: Multi-Account Hierarchy for Deterministic Wallets
• EIP-55: Mixed-case checksum address encoding
• Web3 Secret Storage: Ethereum Keystore V3 format

---

📁 Keystore Format

Sigil uses the standard Ethereum Keystore V3 format, compatible with:

• ✅ MetaMask
• ✅ MyEtherWallet
• ✅ Geth
• ✅ Parity
• ✅ Any Web3-compatible wallet

Encryption Parameters:

• KDF: scrypt (N=262144, r=8, p=1)
• Cipher: AES-128-CTR
• MAC: Keccak-256
• Encryption Time: ~2-3 seconds (intentionally slow for security)

---

🧪 Testing

Run All Tests

cargo test

Quick Integration Test

./quick_test.sh

Expected: All 6 tests pass (generate, split, combine, verify recovery)

Manual Testing

# 1. Generate wallet
sigil generate --words 12

# 2. Split the private key
sigil split --threshold 2 --shares 3 --key 0xYOUR_KEY

# 3. Combine any 2 shares
sigil combine --shares "SHARE1" "SHARE2"

# 4. Verify recovered key matches original

---

⚡ Performance

Operation	Time
Key generation	~80μs
Public key derivation	~60μs
Mnemonic generation	~50ms
Keystore encryption	~2-3s (scrypt N=262144)
Keystore decryption	~2-3s (scrypt N=262144)

Using rust-secp256k1 (2x faster than pure Rust k256)

---

🎯 Latest Features

🌐 Multi-Chain Support (v0.3.0)

Bitcoin Support:

• 3 Address Types: Legacy (P2PKH), SegWit (P2WPKH), Taproot (P2TR)
• Standard Derivation Paths: BIP-44 (Legacy), BIP-84 (SegWit), BIP-86 (Taproot)
• Network: Bitcoin mainnet (easily configurable for testnet)
• TUI Integration: Address type selection screen with descriptions

Solana Support:

• Ed25519 Curve: SLIP-0010 key derivation for Solana
• Base58 Encoding: Standard Solana address format (44 characters)
• Derivation Path: m/44'/501'/0'/0' (BIP-44 compatible)
• Full Validation: Address parsing and verification

QR Code Generation:

• Terminal ASCII: Display QR codes directly in terminal using Unicode
• SVG Export: Save QR codes as image files
• Use Cases: Share addresses, backup Shamir shares
• Address QR Codes: All three blockchains supported

Enhanced CLI:

• Split from Keystore: sigil split --file wallet.json (recommended, no copy-paste)
• Legacy Key Support: sigil split --key 0x... (deprecated but functional)
• Security Warnings: Prominent alerts when using deprecated methods

Dynamic Share Recovery:

• Configurable Slots: 3-10 share input slots
• Add/Remove Slots: TAB to add, DEL to remove
• Minimum 3 Slots: Increased from 2 for better UX
• Visual Feedback: Shows current/max slot count

Automated Builds:

• 7 Platforms: Linux (x64/ARM), macOS (Intel/ARM), Windows (x64/ARM), FreeBSD
• GitHub Releases: Automated binary releases on tag push
• Release Notes: Auto-generated changelog from PR labels

🎨 v0.2.0 Features

🎨 Colorful CLI

• Beautiful output inspired by Python's rich library
• Color-coded information: Success (green), warnings (yellow), errors (red)
• Professional formatting: Headers, dividers, visual hierarchy
• Script-friendly: Silent mode disables colors for automation

⌨️ Arrow Key Navigation

• Full TUI navigation with Up/Down arrows
• Enter to confirm selections
• Number key shortcuts still work (backward compatible)
• Consistent UX across all screens

💾 Load Keystore Screen

• Import existing wallets via TUI
• Decrypt interactively with password prompt
• Post-load options:
  • View private key (hex format for trading platforms)
  • Split into Shamir shares (create backup)
  • Return to menu

🔓 Keystore CLI Commands

• keystore decrypt: Extract private key from encrypted file
• keystore inspect: View metadata without password
• --silent mode: Output only hex key for scripts

✅ View After Save

• Combine screen improvement: After saving recovered keystore, option to view key
• Security-conscious: Explicit confirmation before displaying
• One-time opportunity: View key immediately after save, then secure

📜 Scrolling Support

• 5+ Shamir shares: Auto-scrolling in TUI
• Visual indicators: "▲ Scroll up" / "▼ Scroll down"
• Smart viewport: Shows current position (e.g., "viewing 1-4 of 7")

---

⚠️ Security Warnings

IMPORTANT:

• ⚠️ Never share your mnemonic phrase - it grants full access to funds
• ⚠️ Write mnemonics on paper - don't store digitally
• ⚠️ Store keystore passwords separately from keystore files
• ⚠️ Test with small amounts first before using for real funds
• ⚠️ Audit the code - this is alpha software
• ⚠️ Clear terminal history after viewing private keys
• ⚠️ Use at your own risk - no warranty provided

---

🗺️ Roadmap

✅ Completed (v0.1.0 - v0.3.0)

• Core cryptography (CSPRNG, secp256k1, ed25519)
• BIP-39 mnemonics (12/24 words)
• HD key derivation (BIP-32/44, SLIP-0010)
• Shamir's Secret Sharing (M-of-N)
• Ethereum Keystore V3 encryption
• Interactive TUI with secure workflows
• Enhanced entropy collection
• Arrow key navigation
• Load Keystore screen
• Keystore CLI commands (decrypt, inspect)
• Silent mode for scripting
• Colorful CLI output
• Scrolling support for 5+ shares
• View-after-save confirmation
• Bitcoin address support (P2PKH, SegWit, Taproot)
• Solana ed25519 keys with Base58 encoding
• Multi-chain support (Ethereum, Bitcoin, Solana)
• QR code generation for addresses and shares
• Dynamic share recovery (3-10 configurable slots)
• TUI chain selection with Bitcoin address type picker
• Automated cross-platform builds (Linux, macOS, Windows, FreeBSD)
• Enhanced CLI split command (keystore file input)

🚀 Planned (v0.4.0+)

• Hardware wallet export
• Age encryption for shares
• WIF format support
• Batch keystore operations
• Configuration file support
• Additional chains (Cosmos, Polkadot, etc.)
• Plugin system

---

🤝 Contributing

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Add tests for new functionality
4. Ensure cargo test passes
5. Format code with cargo fmt
6. Lint with cargo clippy
7. Submit a pull request

Code Style:

• Follow Rust conventions
• Add documentation for public APIs
• Include examples in doc comments
• Write comprehensive tests

---

📄 License

MIT License - see LICENSE file for details

---

👤 Authors

Aviksaikat

• GitHub: @aviksaikat

---

🙏 Acknowledgments

• BIP Standards: BIP-39, BIP-32, BIP-44 specifications
• Ethereum: Web3 Secret Storage specification
• Cryptography: Adi Shamir (Secret Sharing algorithm)
• Libraries:
  • rust-bitcoin/rust-secp256k1
  • RustCrypto elliptic curves
  • ratatui (TUI framework)
  • colored (CLI colors)
  • clap (argument parsing)

---

📊 Project Status

Current Version: 0.3.0 Status: Alpha - Active Development Stability: Use for testing, not production funds yet Test Coverage: 96/96 tests passing Supported Chains: Ethereum, Bitcoin (3 address types), Solana

---

📸 Screenshots

TUI Main Menu

═══════════════════════════════════════════════════════════════
🔐 Sigil - Secure Key Management
═══════════════════════════════════════════════════════════════

  ► 1. Generate New Wallet
    2. Load Existing Keystore
    3. Split Key (Shamir's Secret Sharing)
    4. Combine Shares
    Q. Quit

↑/↓ or number keys to select | ENTER to confirm | Q to quit

Colorful CLI Output

══════════════════════════════════════════════════════════════════════
✓ VERIFYING MNEMONIC
══════════════════════════════════════════════════════════════════════

✓ Mnemonic is VALID

📊 Mnemonic Details
──────────────────────────────────────────────────────────────────────
  Word Count: 24
  Checksum: ✓ Valid

---

Built with ❤️ using Rust 🦀