Sample code for 30+ languages & platforms
Unicode C

BIP39 Compute Binary Seed from Mnemonic

See more Encryption Examples

Creates a binary seed from a mnemonic. Uses the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

Chilkat Unicode C Downloads

Unicode C
#include <C_CkCrypt2W.h>
#include <C_CkBinDataW.h>

void ChilkatSample(void)
    {
    HCkCrypt2W crypt;
    const wchar_t *mnemonic;
    const wchar_t *passphrase;
    const wchar_t *expectedSeed;
    const wchar_t *expectedMasterKey;
    HCkBinDataW bdSalt;
    const wchar_t *computedSeed;
    HCkBinDataW bdSeed;
    const wchar_t *hmacSha512_hex;
    HCkBinDataW bdHmac;
    HCkBinDataW bdXprv;
    HCkBinDataW bdHash;
    const wchar_t *secondHash;
    const wchar_t *computedMasterKey;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    crypt = CkCrypt2W_Create();

    // Test with the test vectors at https://github.com/trezor/python-mnemonic/blob/master/vectors.json

    // This is the 2nd test vector..
    mnemonic = L"legal winner thank year wave sausage worth useful legal winner thank yellow";
    passphrase = L"TREZOR";
    expectedSeed = L"2e8905819b8723fe2c1d161860e5ee1830318dbf49a83bd451cfb8440c28bd6fa457fe1296106559a3c80937a1c1069be3a3a5bd381ee6260e8d9739fce1f607";
    expectedMasterKey = L"xprv9s21ZrQH143K2gA81bYFHqU68xz1cX2APaSq5tt6MFSLeXnCKV1RVUJt9FWNTbrrryem4ZckN8k4Ls1H6nwdvDTvnV7zEXs2HgPezuVccsq";

    // The mnemonic sentence (in UTF-8 NFKD) used as the password.
    // The string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
    // The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function.
    // The length of the derived key is 512 bits (= 64 bytes). 

    // We want the computed seed to be lowercase hex, therefore our salt must also be hex.
    // The seed is the keyword "mnemonic" + passphrase (in this case is "TREZOR") converted to hex.
    bdSalt = CkBinDataW_Create();
    CkBinDataW_AppendString(bdSalt,L"mnemonic",L"utf-8");
    CkBinDataW_AppendString(bdSalt,passphrase,L"utf-8");

    computedSeed = CkCrypt2W_pbkdf2(crypt,mnemonic,L"utf-8",L"sha512",CkBinDataW_getEncoded(bdSalt,L"hex_lower"),2048,512,L"hex_lower");

    wprintf(L"Expected: %s\n",expectedSeed);
    wprintf(L"Computed: %s\n",computedSeed);

    // To compute the hd_master_key, duplicate this Python code:

    //     def to_hd_master_key(seed: bytes, testnet: bool = False) -> str:
    //         if len(seed) != 64:
    //             raise ValueError("Provided seed should have length of 64")
    // 
    //         # Compute HMAC-SHA512 of seed
    //         seed = hmac.new(b"Bitcoin seed", seed, digestmod=hashlib.sha512).digest()
    // 
    //         # Serialization format can be found at: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#Serialization_format
    //         xprv = b"\x04\x88\xad\xe4"  # Version for private mainnet
    //         if testnet:
    //             xprv = b"\x04\x35\x83\x94"  # Version for private testnet
    //         xprv += b"\x00" * 9  # Depth, parent fingerprint, and child number
    //         xprv += seed[32:]  # Chain code
    //         xprv += b"\x00" + seed[:32]  # Master key
    // 
    //         # Double hash using SHA256
    //         hashed_xprv = hashlib.sha256(xprv).digest()
    //         hashed_xprv = hashlib.sha256(hashed_xprv).digest()
    // 
    //         # Append 4 bytes of checksum
    //         xprv += hashed_xprv[:4]
    // 
    //         # Return base58
    //         return b58encode(xprv)

    // First compute the HMAC-SHA512 of the computedSeed
    bdSeed = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdSeed,computedSeed,L"hex_lower");
    CkCrypt2W_putEncodingMode(crypt,L"hex_lower");
    CkCrypt2W_putHashAlgorithm(crypt,L"sha512");
    CkCrypt2W_SetMacKeyString(crypt,L"Bitcoin seed");
    hmacSha512_hex = CkCrypt2W_macBdENC(crypt,bdSeed);

    bdHmac = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdHmac,hmacSha512_hex,L"hex_lower");

    bdXprv = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdXprv,L"0488ade4",L"hex_lower");
    CkBinDataW_AppendEncoded(bdXprv,L"000000000000000000",L"hex_lower");
    CkBinDataW_AppendEncoded(bdXprv,CkBinDataW_getEncodedChunk(bdHmac,32,32,L"hex_lower"),L"hex_lower");
    CkBinDataW_AppendByte(bdXprv,0);
    CkBinDataW_AppendEncoded(bdXprv,CkBinDataW_getEncodedChunk(bdHmac,0,32,L"hex_lower"),L"hex_lower");

    // Double hash using SHA256
    CkCrypt2W_putEncodingMode(crypt,L"hex_lower");
    CkCrypt2W_putHashAlgorithm(crypt,L"sha256");

    bdHash = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdHash,CkCrypt2W_hashBdENC(crypt,bdXprv),L"hex_lower");
    secondHash = CkCrypt2W_hashBdENC(crypt,bdHash);
    CkBinDataW_Clear(bdHash);
    CkBinDataW_AppendEncoded(bdHash,secondHash,L"hex_lower");

    // Append the 1st 4 bytes of the bdHash to bdXprv.
    CkBinDataW_AppendEncoded(bdXprv,CkBinDataW_getEncodedChunk(bdHash,0,4,L"hex_lower"),L"hex_lower");

    // Base58 encode bdXprv
    computedMasterKey = CkBinDataW_getEncoded(bdXprv,L"base58");

    wprintf(L"Expected Master Key: %s\n",expectedMasterKey);
    wprintf(L"Computed Master Key: %s\n",computedMasterKey);


    CkCrypt2W_Dispose(crypt);
    CkBinDataW_Dispose(bdSalt);
    CkBinDataW_Dispose(bdSeed);
    CkBinDataW_Dispose(bdHmac);
    CkBinDataW_Dispose(bdXprv);
    CkBinDataW_Dispose(bdHash);

    }