DEV Community

dreamyoak
dreamyoak

Posted on

rom BIP39 to a Solana address — in a native desktop app (C++)

#webdev #solana #buildinpublic #crypto

I got tired of sketchy web “wallet generators” and browser extensions being anywhere near seed phrase generation.

So I built OakFund — a native C++ desktop app for offline Solana wallet setup.

  • No browser
  • No server
  • No API calls
  • No telemetry
  • Keys generated + derived locally

Demo/screenshots: https://imgur.com/a/VardAc9

Site / Download: https://oakfund.app

What it does (and what it doesn’t)

✅ What it does

OakFund generates random 12-word BIP39 mnemonics, then derives Solana-compatible keys:

  • BIP39 mnemonic
  • PBKDF2-HMAC-SHA512 → seed (2048 iterations)
  • Ed25519 keypair derivation
  • base58 encoding for Solana-friendly output

There’s also an optional multi-thread/performance mode + a simple throughput meter (mainly for dev/testing workloads).

❌ What it doesn’t do

This is not a “scanner”, not a “wallet finder”, and not built for anything shady. It’s for:

  • offline wallet setup
  • dev/test environments
  • people who want a desktop workflow instead of random sites/scripts

Why desktop > web (for me)

Browser-based generation has a huge attack surface:

  • extensions
  • injected scripts
  • compromised dependencies
  • phishing clones of “popular generators”

A native desktop app isn’t automatically “safe”, but it’s way easier to make a clear promise:

  • no network
  • no telemetry
  • minimal moving parts
  • verifiable releases (more on that below)

Threat model / safety notes

If you’re touching seed phrases, your product is trust.

OakFund’s design goals:

  • local-only key material
  • no background network behavior
  • keep export/copy flow simple so users don’t do dumb stuff like pasting seeds into random tools

If you’re building something similar, please treat this as “high-risk by default”.

Roadmap (trust + usability)

Things I’m actively working on / planning:

  • signed builds + publish SHA256 hashes per release
  • test vectors so anyone can verify derivation correctness against known-good libs
  • better export formats + safer defaults (less footguns)
  • more UX polish around cold/offline setup

Feedback I actually want

If you’re a dev/security person, tell me:

  • what would you need to see before trusting this enough to use/pay for it?
    • signing? hashes? partial open-source? third-party audit?
  • what’s the #1 feature that would make this feel “legit desktop product” instead of “crypto tool”?

Links again:

Top comments (0)