feat: add 'gnokey add -entropy'

[moul]

Demo:

$  gnokey add -entropy test-entropy                                                                                                                                                                                                                                     
Enter a passphrase to encrypt your key to disk:                                                                                                                                                                                                                                                   
Repeat the passphrase:                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                  
=== MANUAL ENTROPY GENERATION ===                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                  
Provide at least 160 bits of entropy from a true random source:                                                                                                                                                                                                                                   
- Dice: 38+ d20 rolls (e.g., 18 7 3 12 5 19 8 2 14 11...)                                                                                                                                                                                                                                         
- Coins: 160+ flips (e.g., HTTHHTTHHHTTHHTHTTHHTHHT...)                                                                                                                                                                                                                                           
- Cards: 31+ draws (e.g., 7H 2C KS 9D 4H JS QC 3S...)                                                                                                                                                                                                                                             
- Other: keyboard mashing, environmental noise, etc.                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                  
Enter your entropy (any length, will be hashed with SHA-256):                                                                                                                                                                                                                                     
laskjdg asoidjg asoidjg asoidgj asodigj asdoigjas dogijasd                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                                                                  
Derived entropy (SHA-256): a6d263b1a0c170181b4ce29868c15fba...                                                                                                                                                                                                                                    
Input length: 58 characters                                                                                                                                                                                                                                                                       
Generate mnemonic from this entropy? [y/n]:                                                                                                                                                                                                                                                       
y                                                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                  
* test-entropy (local) - addr: g1h3kgs6rrva9jfe43nxymdc8w8tpzm790ylfdes pub: gpub1pgfj7ard9eg82cjtv4u4xetrwqer2dntxyfzxz3pqtkjt02zvn4g6l5j2vgc0rthrhy8gpv0hndwmwy0tpkch2rd2vxejycdttd, path: <nil>                                                                                                
                                                                                                                                                                                                                                                                                                  
**IMPORTANT** write this mnemonic phrase in a safe place.                                                                                                                                                                                                                                         
It is the only way to recover your account if you ever forget your password.                                                                                                                                                                                                                      
plug narrow unaware dose blade army honey ordinary observe ecology fitness injury blind explain gain wife junior squirrel walnut machine worry lens loyal lock

[Gno2D2]

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):

• IGNORE the bot requirements for this PR (force green CI check)

Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)

☑️ Contributor Actions:

1. Fix any issues flagged by automated checks.
2. Follow the Contributor Checklist to ensure your PR is ready for review.
   • Add new tests, or document why they are unnecessary.
   • Provide clear examples/screenshots, if necessary.
   • Update documentation, if required.
   • Ensure no breaking changes, or include BREAKING CHANGE notes.
   • Link related issues/PRs, where applicable.

☑️ Reviewer Actions:

1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.

📚 Resources:

• Report a bug with the bot.
• View the bot’s configuration file.

Debug

Automated Checks

Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: moul/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request

Manual Checks

**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

• Any user with comment edit permission

[codecov]

Codecov Report

❌ Patch coverage is 70.55215% with 48 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
contribs/entropy2mnemonic/main.go	71.60%	19 Missing and 4 partials ⚠️
gno.land/pkg/integration/testscript_gnoland.go	60.86%	6 Missing and 3 partials ⚠️
tm2/pkg/crypto/keys/client/add.go	59.09%	8 Missing and 1 partial ⚠️
tm2/pkg/crypto/keys/client/helper.go	82.85%	4 Missing and 2 partials ⚠️
tm2/pkg/commands/utils.go	50.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[moul]

fyi, I am currently writing a txtar. However, due to the lack of stdin, I am considering adding stdin support to txtar or allowing the specification of entropy as a flag.

[zivkovicmilos]

Looks good 💯

Left minor comments 🙏

[moul]

@gfanton i’ve also updated the txtar engine, can you give a look please?

[aeddi]

This idea is really cool! 👍

I would be curious to see a comparison between mouse movements (like on VeraCrypt, for example) and this dice-throwing method, measuring the time / "quality of the entropy" ratio generated in both cases (a lot more data produced in the case of mouse movements but more "pure" randomness in the case of dice-rolling).

[moul]

Mouse-related concepts are difficult to verify, so no one verifies them. These concepts are essentially gray.
PRNG blind trust is black. Verifiable real-life entropy is white.

I prefer that people choose any method while being aware that they have the option to select the most verifiable one available. We will also share a guide for airgap computers using this method to ensure that the setup is correct (e.g., using legitimate dice, etc.).