ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed

2019-10-20 12:19:05
from [Michael Richardson] [Permanent Link] 

Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> wrote:
    > *A) Generate*

    > The commands for generating, exporting and importing a key from the CLI
    > would probably look something like the following. Since I am thinking of
    > the general case, the key fingerprints used as UDF content digests rather
    > than OpenPGP but this is largely because it was easier to cut and paste
    > from my docs rather than find another.

Being able to split off the private key generation for PGP, SSH, certificates,
etc. might be a serious boon to the ecosystem I think.

    > *D) Verifiable generation processes with separation of duties. *

    > NB: This is not the sort of process I see many individuals performing for
    > themselves. But it is exactly the sort of procedure I might want to use as
    > the basis for separation of duties in a key ceremony type situation. Every
    > one of the input shares affects every bit of the output. The splitting 
(but
    > not the generated key!) is information theoretic secure.

So, we don't do generate keys for our home networks today.  But in the future
we ought to, and we ought to be splitting it across a bunch of family
members, neighbours, etc.   Being able to leave a spare key (with some
limited authority) with your trusted neighbour would remain important in the
future.

    > NAQC-GKXI-6DTJ-COKM-4HBF-CZJJ-BO6G-I
->

    > SAEC-GKXI-6DTJ-COKM-4HBF-CZJJ-BO6G-I

Yes, is see :-)

    > So now imagine we are generating these from QR codes being read by a
    > camera. We run the scheme some number of times with full observability.
    > Then we cover one of the inputs so the observers can only see the other
    > three and run the system some randomly chosen number of times with a
    > different input covered on each round.

Interesting.

--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed, Phillip Hallam-Baker
Next by Date:  Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed, Phillip Hallam-Baker
Previous by Thread:  Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed, Phillip Hallam-Baker
Next by Thread:  Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]