IETF Logo Mail Archive

Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 20 October 2019 19:10 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 682F712001A for <openpgp@ietfa.amsl.com>; Sun, 20 Oct 2019 12:10:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85iLunjEXmFn for <openpgp@ietfa.amsl.com>; Sun, 20 Oct 2019 12:10:50 -0700 (PDT)
Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6874120018 for <openpgp@ietf.org>; Sun, 20 Oct 2019 12:10:49 -0700 (PDT)
Received: by mail-ot1-f49.google.com with SMTP id 67so9181607oto.3 for <openpgp@ietf.org>; Sun, 20 Oct 2019 12:10:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PDXoL9NvNlgF/1mlisgBVw+ghVPZTPae+5K/CYjKKN8=; b=Q34d5dqAsrbRCcSSF+tGTWQu0ooVikCqAMOgz657eih9/HVKyHu+9+XC8j6PMnXvqk hb4gFhxWOELXuyLQBqEen0QsE5V3b+wI/RTtTI0e5OTjg9NURUd70Ex+7iamjQBabRmH KVDBj9R7ehE2u0MAdI+vhb52jJNyikhC5TERlNsxU3LC/q7nC+5jIAo/N/QBTgHMVUBr fiOiAI+LYsftp9xi5U/fUkHEqKyDTejRMIjoHE4dL+mqyoWktu8qp5NjvGoAmNs5Gdxd T3lQuAxFVuZTnLGgd6hUOTjbiNFxDDSpIXELtzuE0CmIAGORHH1LO/yKubjQTmSkfSQm lMYw==
X-Gm-Message-State: APjAAAXcar+L3hbXstiPE2aZXifz026sasta1yr7ZGN52Ab7hlg6J3JM hVhpTXWDHVu2xFBXzxv+1wb9faUN4L0p9FmXmOBlBW4m
X-Google-Smtp-Source: APXvYqzewOT7TG7fayakxBxwwJKV+7nOZNMURpOPDWEe9TdiQSKlK8XGFLt37CVCD5hCI8xdZq6EgU70XqRib5Wbhas=
X-Received: by 2002:a9d:4591:: with SMTP id x17mr13627276ote.112.1571598649004; Sun, 20 Oct 2019 12:10:49 -0700 (PDT)
MIME-Version: 1.0
References: <5eb8774d-8d4f-63e3-29bc-53f3c8d21c51@kuix.de> <FAAB5286-1C26-4F32-AB76-8B1E2C93FA77@icloud.com> <2efcd737-34b3-00bb-527f-725daf6e8509@kuix.de> <20191018225100.bnslptroeenuusxf@camp.crustytoothpaste.net> <CAMm+LwhL7ys67J=TaLwWDFEpb91H5SwQChVuoaHHqmCsoTiQjg@mail.gmail.com> <20191019044008.othhw7j5fktqxdta@camp.crustytoothpaste.net> <CAMm+LwjRN6fhvZK+oSb6NLZvLK+QHuxn0oF7Mez3Eodb0sbJ4g@mail.gmail.com> <13025.1571490248@localhost> <CAMm+Lwg1uiHco8YSkXUPTOvf2+u+jz9+nqkA=T0MwnVus_LzOQ@mail.gmail.com> <9906.1571591925@localhost>
In-Reply-To: <9906.1571591925@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sun, 20 Oct 2019 15:10:37 -0400
Message-ID: <CAMm+LwjRuAi6hGj_UdcMWYQ0pa+=CmT1kz9ntR=VFxSurnUzuw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003419aa05955c53eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/WdIRWtCb5bc_eq4KiLYG4wSL2WQ>
Subject: Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Oct 2019 19:10:51 -0000

On Sun, Oct 20, 2019 at 1:18 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Phillip Hallam-Baker <phill@hallambaker.com> wrote:
>     > *A) Generate*
>
>     > The commands for generating, exporting and importing a key from the
> CLI
>     > would probably look something like the following. Since I am
> thinking of
>     > the general case, the key fingerprints used as UDF content digests
> rather
>     > than OpenPGP but this is largely because it was easier to cut and
> paste
>     > from my docs rather than find another.
>
> Being able to split off the private key generation for PGP, SSH,
> certificates,
> etc. might be a serious boon to the ecosystem I think.
>

I am planning to layer in ACME support in the mesh key management tool. So
it will be able to automate generation and distribution of the certs for
all your embedded devices.

This will use meta-cryptography. Which means that once the device has been
connected up to the management system, it never needs to do additional
keygen. The key presented to the CA is the composite of the device key and
the cert manager key.


Centralizing key management in one tool works both ways. It allows people
who are managing their SSH keys with the tool can also add PGP easily.

v2.23.0 | Report a Bug | By Email