From 66c9070218cfeefead5d92404b197202b7b5fa44 Mon Sep 17 00:00:00 2001
From: TheRON <webmaster@kane-il.us>
Date: Fri, 12 Jun 2026 09:38:01 -0400
Subject: [PATCH] Updated

---
 hubzilla/addon/g1wallet/g1wallet.php          |  2 +-
 hubzilla/addon/g1wallet/g1wallet_renderer.php | 26 ++++++++-----------
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/hubzilla/addon/g1wallet/g1wallet.php b/hubzilla/addon/g1wallet/g1wallet.php
index df4fcb2..59eb52c 100644
--- a/hubzilla/addon/g1wallet/g1wallet.php
+++ b/hubzilla/addon/g1wallet/g1wallet.php
@@ -107,7 +107,7 @@ function g1wallet_content() {
         head_add_css('/addon/g1wallet/view/css/g1wallet.css');
     }
     if (function_exists('head_add_js')) {
-        head_add_js('/addon/g1wallet/vendor/scrypt-js-3.0.1.min.js');
+        head_add_js('/addon/g1wallet/vendor/bip39-3.1.0.min.js');
         head_add_js('/addon/g1wallet/view/js/g1wallet.js');
     }
 
diff --git a/hubzilla/addon/g1wallet/g1wallet_renderer.php b/hubzilla/addon/g1wallet/g1wallet_renderer.php
index a5ff67d..e435783 100644
--- a/hubzilla/addon/g1wallet/g1wallet_renderer.php
+++ b/hubzilla/addon/g1wallet/g1wallet_renderer.php
@@ -70,26 +70,22 @@ function g1wallet_render_landing($access) {
 function g1wallet_render_unlock_form() {
     // Renders the wallet unlock form.
     // The form is handled entirely by g1wallet.js — it does NOT POST to the server.
-    // Pseudo and password never leave the browser.
+    // The mnemonic never leaves the browser.
+    //
+    // Per Duniter HD Wallet RFC 0015 (Dubp_HD_Wallet), the wallet's keypair is
+    // derived from a 12-word BIP39 mnemonic (English wordlist), using its
+    // entropy as input to a BIP32-Ed25519 derivation — not a raw PBKDF2 seed.
 
     $out  = '<div class="g1wallet-unlock-form">';
     $out .= '<h4>Unlock Your Wallet</h4>';
-    $out .= '<p class="text-muted small">Enter your Ğ1 credentials. These are used only in your browser to derive your keypair. They are never sent to the server.</p>';
+    $out .= '<p class="text-muted small">Enter your 12-word Ğ1 mnemonic phrase. It is used only in your browser to derive your keypair. It is never sent to the server.</p>';
 
     $out .= '<div class="mb-3">';
-    $out .= '<label class="form-label" for="g1wallet-pseudo">Pseudo <span class="text-danger">*</span></label>';
-    $out .= '<input type="text" class="form-control" id="g1wallet-pseudo" name="g1wallet_pseudo"
-                    autocomplete="username" autocorrect="off" autocapitalize="off" spellcheck="false"
-                    placeholder="your Ğ1 pseudo">';
-    $out .= '<div class="form-text">Your Ğ1 pseudo — the identifier you chose when creating your Ğ1 account.</div>';
-    $out .= '</div>';
-
-    $out .= '<div class="mb-3">';
-    $out .= '<label class="form-label" for="g1wallet-password">Password <span class="text-danger">*</span></label>';
-    $out .= '<input type="password" class="form-control" id="g1wallet-password" name="g1wallet_password"
-                    autocomplete="current-password"
-                    placeholder="your Ğ1 password">';
-    $out .= '<div class="form-text">Your Ğ1 password. Never sent to the server.</div>';
+    $out .= '<label class="form-label" for="g1wallet-mnemonic">Mnemonic Phrase <span class="text-danger">*</span></label>';
+    $out .= '<textarea class="form-control font-monospace" id="g1wallet-mnemonic" name="g1wallet_mnemonic"
+                    rows="2" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"
+                    placeholder="word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12"></textarea>';
+    $out .= '<div class="form-text">Your 12-word Ğ1 mnemonic — the recovery phrase generated when your Ğ1 account was created. Words are separated by single spaces, lowercase, English wordlist.</div>';
     $out .= '</div>';
 
     $out .= '<div id="g1wallet-unlock-error" class="alert alert-danger" style="display:none;" role="alert"></div>';