Offline Bitcoin Wallet Generator — single HTML file, zero dependencies, fully verifiable.
Amulet generates BIP-39 seed phrases with high, auditable entropy and derives all standard wallet formats directly in your browser. Nothing is transmitted — ever. Close the tab, and the keys exist only where you wrote them down.
SHA256 : D3BB5AE1A50501C7E8E4EDF03B2068C90105370207E3AB39F8D43D6AE82DB22D MD5 : 20D56BA1F7A8934B27491EEF3214D556
Most wallet generators ask you to trust their randomness. Amulet lets you verify it. Every seed report includes the exact combined input string, intermediate SHA-256 hashes, checksum bits, and step-by-step instructions to reproduce the mnemonic offline with nothing but a SHA-256 tool and the BIP-39 wordlist.
It ships as a single .html file — no build step, no server, no installs, no apps to trust, and no frameworks.
Download the file, save it locally, disconnect from the internet, and open it in any modern browser.
- 12-word or 24-word BIP-39 mnemonic (128-bit or 256-bit entropy)
-
CSPRNG base layer —
crypto.getRandomValues()provides 256 bits by default -
Five entropy sources that mix into the seed via
SHA-256(csprng ‖ user_input):- CSPRNG only — browser's cryptographic RNG (sufficient on its own)
- Dice rolls — D6 values, with a bit counter (50 rolls ≈ 128 bits, 99 ≈ 256 bits)
- Playing cards — full 52-card deck, 4-card draws across multiple rounds with duplicate detection
-
Random keystrokes — live Shannon, bigram, Rényi-2, LZ78, and
$\chi^2$ entropy analysis with keyboard-walk detection - Chaos Grid — a 5×5 interactive tile-flip game that records timestamps and pointer coordinates as entropy
- Automatic checksum — SHA-256 of the entropy determines the final BIP-39 checksum word
- Entropy quality scorecard — rates your combined entropy and flags weak patterns
- Legacy — BIP-44 (P2PKH,
1...addresses) - Nested SegWit — BIP-49 (P2SH-P2WPKH,
3...addresses) - Native SegWit — BIP-84 (P2WPKH,
bc1q...addresses) - Taproot — BIP-86 (P2TR,
bc1p...addresses) with BIP-340/341 key tweaking - Silent Payments — BIP-352 (static reusable address,
sp1q...) - Payment Codes — BIP-47 v1 reusable payment codes (
PM8T...) - Preview addresses — instantly verify the first 3 receive addresses for any wallet kind against Sparrow, Electrum, or hardware wallets
- Full HD key derivation from seed + optional BIP-39 passphrase (25th word)
- Extended public keys (xpub / ypub / zpub) for watch-only wallets
- Extended private keys (xprv / yprv / zprv) for full wallet import
- Live recomputation when the passphrase changes
- Plaintext report (
.txt) — complete seed report with all entropy sources, derivation steps, extended keys, addresses, and reproduction instructions - Encrypted report (
.enc) — AES-256-GCM authenticated encryption with:- PBKDF2-HMAC-SHA-256 key derivation (600,000 iterations)
- Random 16-byte salt + 12-byte IV per file
- Binary format:
AMLTheader (4 bytes) + version (1) + salt (16) + IV (12) + ciphertext - Password strength meter with minimum 8-character enforcement
- Built-in decryptor — click the 🔓 icon in the header to decrypt any
.encfile without external tools
- Zero-Telemetry Architecture — No analytics, no CDN imports, and no data ever leaves your machine.
- Connectivity Awareness — The tool uses the browser's native
navigator.onLinestatus to warn you if the file is being opened in an online environment; it does not "phone home" or send requests to any external server. - Single-File Portability — Every dependency (secp256k1, BIP-39 wordlist, Bech32/Bech32m encoder) is embedded inline.
- Memory wipe — one-click button zeroes seed data, keys, and cached values in the browser tab.
- Airplane mode guide — built-in instructions for going offline on macOS, Windows, Linux, iOS, and Android.
- Reproducible derivation — the report contains everything needed to independently verify the seed was generated correctly.
- WebCrypto API only — encryption uses the browser's native
crypto.subtle, not a JS polyfill.
- Dark and light themes with smooth transitions
- Responsive layout (works on mobile)
- Seed word masking (hide/show toggle)
- QR code–ready Bech32m addresses (uppercase alphanumeric mode)
- Floating back-to-top button
- Inline SVG logo and favicon (no external assets)
- Download
amulet_1_3.html. - Disconnect from the internet (Airplane mode recommended).
- Open the file in a clean, extension-free browser (or Incognito/Private mode).
- Configure Seed: Choose between a 12 or 24-word mnemonic.
- Enhance Entropy (Optional): In Advanced Mode, you can mix additional physical randomness into your seed using the Chaos Grid, Dice rolls, Random keystrokes, or Playing cards (recommended).
- Generate: Click "Generate wallet".
- Secure: Write the seed phrase on paper or stamp it into steel.
- Export: Optionally download the plaintext
.txtreport or the encrypted.encbackup. - Wipe: Click "Reset and wipe all data" and close the tab.
For real funds: Always generate on a freshly booted, air-gapped machine. Never photograph or screenshot the seed. Use the "tails" operating system if possible.
Every report includes a "How to Reproduce Offline" section:
- Take the
COMBINED INPUTstring (UTF-8, byte-for-byte) - Compute
SHA-256— result must match the report's hash - Take the first 16 bytes (12-word) or 32 bytes (24-word) as final entropy
- Compute
SHA-256of that entropy — the first 4 or 8 bits are the checksum - Concatenate entropy bits + checksum bits, split into 11-bit groups, look up each in the BIP-39 English wordlist
This means you never have to trust Amulet — you can verify every seed it produces with any independent SHA-256 implementation.
The .enc file format is straightforward and can be decrypted with any language that supports AES-256-GCM and PBKDF2:
Offset Length Field
0 4 Magic bytes: "AMLT" (0x414D4C54)
4 1 Format version (currently 1)
5 16 PBKDF2 salt
21 12 AES-GCM IV / nonce
33 ... Ciphertext (AES-256-GCM, includes 16-byte auth tag)
Key derivation: PBKDF2-HMAC-SHA-256(password, salt, 600000 iterations) → 256-bit AES key
| Standard | Description |
|---|---|
| BIP-39 | Mnemonic seed phrase generation (English wordlist, SHA-256 checksum) |
| BIP-32 | Hierarchical deterministic key derivation (HMAC-SHA512) |
| BIP-44 | Legacy P2PKH addresses (m/44'/0'/0') |
| BIP-49 | Nested SegWit P2SH-P2WPKH (m/49'/0'/0') |
| BIP-84 | Native SegWit P2WPKH (m/84'/0'/0') |
| BIP-86 | Taproot P2TR (m/86'/0'/0') |
| BIP-340 | Schnorr signatures / x-only public keys |
| BIP-341 | Taproot key tweaking (tagged hash) |
| BIP-173 | Bech32 encoding |
| BIP-350 | Bech32m encoding (Taproot) |
| BIP-352 | Silent Payments (static reusable addresses) |
| BIP-47 | Reusable Payment Codes v1 |
Amulet embeds the following (all MIT-licensed) directly in the HTML:
- noble-secp256k1 by Paul Miller — 4KB secp256k1 ECDH & signatures, RFC 6979 compliant
- BIP-39 English wordlist — full 2048-word array
- Bech32 / Bech32m encoder — constants
1(Bech32) and0x2bc830a3(Bech32m) - All other cryptography uses the browser's native WebCrypto API (
crypto.subtle)
MIT — see the license header in amulet_1_3.html.
Copyright (c) 2025–2026 AVB_21
This software is provided as-is. The authors are not responsible for any loss of funds. Always verify generated seeds independently before trusting them with real Bitcoin. We recommend working with software wallets on a safe machine, offline for optional verification.
