On 15.10.19 22:15, Jon Callas wrote:
I think it makes sense. You're looking at having a way to seed a DRBG (PRNG),
so that that seed can be used to deterministically generate a key, and that
seed being reasonably small, and can be encoded in a way that's easy to store
on paper as well as use for generating the same key later.
This sounds like a good idea, but as others have said, it's more general than
OpenPGP.
Agreed. And it seems to me that BIP 0039 already specifies a generic way
to record a seed as a Mnemonic, that we could reuse. However, I think
it's incomplete.
Really what you want is a standardized, loadable DRBG, and then that DRBG
could be bolted into some OpenPGP implementation for key generation.
That latter part is software issue and really ought to be generalized beyond
OpenPGP, and then some implementation of OpenPGP could have the feature of
creating a key from such a loadable seed.
The seed is insufficient for recreating the OpenPGP key. We need
additional meta information.
The suggestion is to specify the meta information that is required to
recreate the OpenPGP key. In Daniel's response, he mentioned that as
part (c).
It seems that part (c) would contain information that is specific to
OpenPGP.
Daniel pointed out that I had missed the "key creation time" in my
enumeration.
So in addition to the seed, if we want a recovery mechanism that doesn't
require the OpenPGP transferrable public key to be readily available,
we'd have to combine:
- the general seed
- OpenPGP key creation time
- OpenPGP key algo
- OpenPGP key key size
- ...?
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp