Pavol Rusnak [ARCHIVE] on Nostr: 📅 Original date posted:2015-03-07 📝 Original message:On 07/03/15 16:53, Mem ...
📅 Original date posted:2015-03-07
📝 Original message:On 07/03/15 16:53, Mem Wallet wrote:
> this allows a user to manage a GPG identity for encryption
> and signing with zero bytes of permanent storage. (on tails for example)
Hi!
As an author of BIP44 I don't think that you should use BIP44 for this
and a new BIP number should be allocated. To me it does not make much
sense to create GPG key hierarchy per Bitcoin account, but rather create
a GPG key hierarchy per device/master seed.
I am currently in process of implementing a SignIdentity message for
TREZOR, which will be used for HTTPS/SSH/etc. logins.
See PoC here:
https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717
The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it
and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash)
and use that to derive the private key. This scheme might work for GPG
keys (just use gpg://user@host.com for the URI) as well.
--
Best Regards / S pozdravom,
Pavol Rusnak <stick at gk2.sk>
📝 Original message:On 07/03/15 16:53, Mem Wallet wrote:
> this allows a user to manage a GPG identity for encryption
> and signing with zero bytes of permanent storage. (on tails for example)
Hi!
As an author of BIP44 I don't think that you should use BIP44 for this
and a new BIP number should be allocated. To me it does not make much
sense to create GPG key hierarchy per Bitcoin account, but rather create
a GPG key hierarchy per device/master seed.
I am currently in process of implementing a SignIdentity message for
TREZOR, which will be used for HTTPS/SSH/etc. logins.
See PoC here:
https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717
The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it
and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash)
and use that to derive the private key. This scheme might work for GPG
keys (just use gpg://user@host.com for the URI) as well.
--
Best Regards / S pozdravom,
Pavol Rusnak <stick at gk2.sk>