IETF Logo Mail Archive

Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed

Jon Callas <joncallas@icloud.com> Tue, 15 October 2019 20:15 UTC

Return-Path: <joncallas@icloud.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD6F1120044 for <openpgp@ietfa.amsl.com>; Tue, 15 Oct 2019 13:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0AREQvzpTrZ for <openpgp@ietfa.amsl.com>; Tue, 15 Oct 2019 13:15:20 -0700 (PDT)
Received: from mr85p00im-hyfv06021401.me.com (mr85p00im-hyfv06021401.me.com [17.58.23.190]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BE3612004A for <openpgp@ietf.org>; Tue, 15 Oct 2019 13:15:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1571170519; bh=/zLRgz1RLVy+lZ85tiZVJzjUjm2HsRd3i0v4RZQfmkU=; h=Content-Type:Subject:From:Date:Message-Id:To; b=ZHI7Q6E15tcl6NOVaGOnkPbtpOh8SrS3taykRBgtIdj+sHH205VIMlBZ1Za9RjejA OvsIYwGEKZxErBmpzBiBKHl7efO32/kYLsZeIHVixJOgCCy+Ec2loESseyY8J4RPuV vFKWmuwGCk8GcpXhMus6lWQakM4iTnp6riI6W65mDJ8JwHAmh+9AwzLG+o3IZdiitz mH6GYYs7k1/ObuegML4L80VGTDF3Crhmb8ZfTBFw5iFRJwahno6bdFRPhg3KQtZ4wN rD/FJW0lOPLJYXqKKD8VU9NR95SYlC67J+hWldl6U3iHZh63iK7CobmWhJN+38okCH GyHhD+cpil0IQ==
Received: from [10.125.12.170] (67-207-120-150.static.wiline.com [67.207.120.150]) by mr85p00im-hyfv06021401.me.com (Postfix) with ESMTPSA id B77489C0B95; Tue, 15 Oct 2019 20:15:17 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <5eb8774d-8d4f-63e3-29bc-53f3c8d21c51@kuix.de>
Date: Tue, 15 Oct 2019 13:15:15 -0700
Cc: Jon Callas <joncallas@icloud.com>, openpgp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FAAB5286-1C26-4F32-AB76-8B1E2C93FA77@icloud.com>
References: <5eb8774d-8d4f-63e3-29bc-53f3c8d21c51@kuix.de>
To: Kai Engert <kaie@kuix.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-15_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=610 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1910150173
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/apajvsvCJsx_XR1AlvimSMZysVc>
Subject: Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 20:15:22 -0000

> 
> I hope some of this message makes sense.
> 

I think it makes sense. You're looking at having a way to seed a DRBG (PRNG), so that that seed can be used to deterministically generate a key, and that seed being reasonably small, and can be encoded in a way that's easy to store on paper as well as use for generating the same key later.

This sounds like a good idea, but as others have said, it's more general than OpenPGP. Really what you want is a standardized, loadable DRBG, and then that DRBG could be bolted into some OpenPGP implementation for key generation.

That latter part is software issue and really ought to be generalized beyond OpenPGP, and then some implementation of OpenPGP could have the feature of creating a key from such a loadable seed.

It sounds useful to some people, but outside the scope of OpenPGP documents, just as the design of other RNGs is beyond the scope of OpenPGP documents.

	Jon

v2.23.0 | Report a Bug | By Email