private byte[] decryptMnemonic(byte[] entropy, String normalizedPassphrase) throws GeneralSecurityException { byte[] salt = Arrays.copyOfRange(entropy, 32, 36); byte[] encrypted = Arrays.copyOf(entropy, 32); byte[] derived = SCrypt.scrypt(normalizedPassphrase.getBytes(Charsets.UTF_8), salt, 16384, 8, 8, 64); byte[] key = Arrays.copyOfRange(derived, 32, 64); SecretKeySpec keyspec = new SecretKeySpec(key, "AES"); DRMWorkaround.maybeDisableExportControls(); @SuppressLint("GetInstance") // ECB for 256 bits is enough, and is the same that BIP38 uses Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, keyspec); byte[] decrypted = cipher.doFinal(encrypted, 0, 32); for (int i = 0; i < 32; i++) decrypted[i] ^= derived[i]; byte[] hash = Sha256Hash.createDouble(decrypted).getBytes(); if (!Arrays.equals(Arrays.copyOf(hash, 4), salt)) throw new RuntimeException("Invalid checksum"); return decrypted; }