-
-
Notifications
You must be signed in to change notification settings - Fork 524
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BIP-39 mnemonics for age identities #277
Comments
If you are going to support using BIP-39 mnemonics (which I think is a good idea), don't use them directly — either choose a register a new BIP-32 derivation and derive a 256 bit key using it from the mnemonics. This way if you are protecting your seed offline (mine is on titanium in a safe place), you are risking reuse of the seed for encryption with other uses (I don't have time to have a bunch of titanium offline keys). Take a look at seedtool-cli and keytool-cli for some command line tools that specialize in careful management of entropy seeds and deriving key derivations from them. We even have offline hardware for deriving keys from seeds in LetheKit and an iOS app Gordian Seed Tool that supports airgapped crypto-request to derive a key safely from a seed. |
@ChristopherA That would be nice, but it wouldn't support converting an existing key to a mnemonic, which I expect will be a somewhat common use case. You can still easily write a tool (or better, add support to a tool you already use!) to generate an age identity from a seed mnemonic. Let me know if I can help adding support to existing tools. If you need a label, you can use |
I do not recommend that you should support or recommend converting existing At minimum you should derive a key from the seed by using a The reason for not using seeds as keys is to avoid collision and reuse with other keys derived from that seed. We've found that most people can only afford the time to properly backup one seed, thus asking people to store lots of seeds is risky. Fortunately there are lots of options to help backup BIP39 mnemonics and derive keys from them safely out there because of the cryptocurrency world. I don't have a problem for better support of converting a BIP-32 mnemonic based seed to a @FiloSottile — are you up for submitting a PR to reserve/register a number for |
I have just written a tool for this and proposed a SLIP-44 number. Open to any feedback ofc. |
An age identity is 256 bits, so it fits in a BIP-39 24 words mnemonic unmodified. We could add a mode to age-keygen like
-y
, or make a separate tool.The text was updated successfully, but these errors were encountered: