IETF Logo Mail Archive

Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 20 October 2019 17:18 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1838712011A for <openpgp@ietfa.amsl.com>; Sun, 20 Oct 2019 10:18:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnU5KMOOuyB2 for <openpgp@ietfa.amsl.com>; Sun, 20 Oct 2019 10:18:47 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19F62120119 for <openpgp@ietf.org>; Sun, 20 Oct 2019 10:18:46 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id B5B2E3897A; Sun, 20 Oct 2019 13:16:15 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 750A560; Sun, 20 Oct 2019 13:18:45 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Phillip Hallam-Baker <phill@hallambaker.com>
cc: IETF OpenPGP <openpgp@ietf.org>
In-Reply-To: <CAMm+Lwg1uiHco8YSkXUPTOvf2+u+jz9+nqkA=T0MwnVus_LzOQ@mail.gmail.com>
References: <5eb8774d-8d4f-63e3-29bc-53f3c8d21c51@kuix.de> <FAAB5286-1C26-4F32-AB76-8B1E2C93FA77@icloud.com> <2efcd737-34b3-00bb-527f-725daf6e8509@kuix.de> <20191018225100.bnslptroeenuusxf@camp.crustytoothpaste.net> <CAMm+LwhL7ys67J=TaLwWDFEpb91H5SwQChVuoaHHqmCsoTiQjg@mail.gmail.com> <20191019044008.othhw7j5fktqxdta@camp.crustytoothpaste.net> <CAMm+LwjRN6fhvZK+oSb6NLZvLK+QHuxn0oF7Mez3Eodb0sbJ4g@mail.gmail.com> <13025.1571490248@localhost> <CAMm+Lwg1uiHco8YSkXUPTOvf2+u+jz9+nqkA=T0MwnVus_LzOQ@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 20 Oct 2019 13:18:45 -0400
Message-ID: <9906.1571591925@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/0c_cBNCgNUwp1bRpgKNDsY_RUXA>
Subject: Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2019 17:18:49 -0000

Phillip Hallam-Baker <phill@hallambaker.com> wrote:
    > *A) Generate*

    > The commands for generating, exporting and importing a key from the CLI
    > would probably look something like the following. Since I am thinking of
    > the general case, the key fingerprints used as UDF content digests rather
    > than OpenPGP but this is largely because it was easier to cut and paste
    > from my docs rather than find another.

Being able to split off the private key generation for PGP, SSH, certificates,
etc. might be a serious boon to the ecosystem I think.

    > *D) Verifiable generation processes with separation of duties. *

    > NB: This is not the sort of process I see many individuals performing for
    > themselves. But it is exactly the sort of procedure I might want to use as
    > the basis for separation of duties in a key ceremony type situation. Every
    > one of the input shares affects every bit of the output. The splitting (but
    > not the generated key!) is information theoretic secure.

So, we don't do generate keys for our home networks today.  But in the future
we ought to, and we ought to be splitting it across a bunch of family
members, neighbours, etc.   Being able to leave a spare key (with some
limited authority) with your trusted neighbour would remain important in the
future.

    > NAQC-GKXI-6DTJ-COKM-4HBF-CZJJ-BO6G-I
->

    > SAEC-GKXI-6DTJ-COKM-4HBF-CZJJ-BO6G-I

Yes, is see :-)

    > So now imagine we are generating these from QR codes being read by a
    > camera. We run the scheme some number of times with full observability.
    > Then we cover one of the inputs so the observers can only see the other
    > three and run the system some randomly chosen number of times with a
    > different input covered on each round.

Interesting.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email