Kai Engert <kaie(_at_)kuix(_dot_)de> wrote:
> The high level idea is:
> - key generation requires a source of entropy
> - instead of using the entropy directly, the entropy could be used to
> seed a CSPRNG (like HMAC_DRBG), which is then used to obtain the random
> data that is needed for key generation.
PHB's MMM offers a similar mechanism.
Might as well have a single solution.
See draft-hallambaker-mesh-* and
https://mailarchive.ietf.org/arch/msg/mathmesh/GF1d5X4F0eqAk6x7T9qQu6khAIw
> I see the primary purpose for this recovery mechanism as desaster
> recovery: - ensure the recovered primary key can be used to decrypt an
> archive of old data, like the encrypted emails in a sent folder - allow
> the use of the recovered primary key to create a revocation statement
A secondary use is for keys that are generally kept offline.
Instead of bringing them back from the "cold storage", the key is just
renegerated each time from a printed piece of paper. My original PGPv3
root(_at_)sandelman(_dot_)ca went through five kinds of media (5.25" floppy,
3.5" floppy, CDROM, DVD, USB key...)...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp