[Bitcoin-development] bip44 GPG identities - POC demo

Pavol Rusnak stick at gk2.sk
Sun Mar 8 01:34:38 UTC 2015


On 07/03/15 16:53, Mem Wallet wrote:
> this allows a user to manage a GPG identity for encryption
> and signing with zero bytes of permanent storage. (on tails for example)

Hi!

As an author of BIP44 I don't think that you should use BIP44 for this
and a new BIP number should be allocated. To me it does not make much
sense to create GPG key hierarchy per Bitcoin account, but rather create
a GPG key hierarchy per device/master seed.

I am currently in process of implementing a SignIdentity message for
TREZOR, which will be used for HTTPS/SSH/etc. logins.

See PoC here:
https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717

The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it
and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash)
and use that to derive the private key. This scheme might work for GPG
keys (just use gpg://user@host.com for the URI) as well.

-- 
Best Regards / S pozdravom,

Pavol Rusnak <stick at gk2.sk>




More information about the bitcoin-dev mailing list