From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YUH2u-00011o-Ke for bitcoin-development@lists.sourceforge.net; Sat, 07 Mar 2015 15:53:44 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.213.172 as permitted sender) client-ip=209.85.213.172; envelope-from=memwallet.info@gmail.com; helo=mail-ig0-f172.google.com; Received: from mail-ig0-f172.google.com ([209.85.213.172]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YUH2s-000752-PY for bitcoin-development@lists.sourceforge.net; Sat, 07 Mar 2015 15:53:44 +0000 Received: by igbhl2 with SMTP id hl2so10967205igb.3 for ; Sat, 07 Mar 2015 07:53:37 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.50.111.168 with SMTP id ij8mr11505875igb.43.1425743617451; Sat, 07 Mar 2015 07:53:37 -0800 (PST) Received: by 10.36.78.78 with HTTP; Sat, 7 Mar 2015 07:53:37 -0800 (PST) Date: Sat, 7 Mar 2015 10:53:37 -0500 Message-ID: From: Mem Wallet To: bitcoin-development@lists.sourceforge.net Content-Type: multipart/alternative; boundary=047d7b414534dbeaf70510b4cd24 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (memwallet.info[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YUH2s-000752-PY Subject: [Bitcoin-development] bip44 GPG identities - POC demo X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2015 15:53:44 -0000 --047d7b414534dbeaf70510b4cd24 Content-Type: text/plain; charset=UTF-8 If anyone is interested in using a bip44 Wallet to generate deterministic GPG identities, I have implemented a demonstration in javascript. http://memwallet.info/bip44ext/test.html this allows a user to manage a GPG identity for encryption and signing with zero bytes of permanent storage. (on tails for example) Paper is here still: https://github.com/taelfrinn/bip44extention/blob/master/README.md One minor correction added which specifies that the smallest S value should be used, to prevent different ecdsa implementations from creating non-canonical/identical outputs. comments welcome --047d7b414534dbeaf70510b4cd24 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

If anyone is interested= in using a bip44 Wallet to generate
deterministic GPG identities,= I have implemented a demonstration in
javascript.

http://memwallet.info/bip44ex= t/test.html

this allows a user to manage a GPG identity fo= r encryption
and signing with zero bytes of permanent storage. (on= tails for example)
One minor correction added which specifies that th= e smallest S value
should be used, to prevent different ecdsa= implementations from creating
non-canonical/identical output= s.

comments welcome
--047d7b414534dbeaf70510b4cd24-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YUQ7H-0004J3-UA for bitcoin-development@lists.sourceforge.net; Sun, 08 Mar 2015 01:34:51 +0000 X-ACL-Warn: Received: from mail-wg0-f49.google.com ([74.125.82.49]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YUQ7E-0001Xi-Pb for bitcoin-development@lists.sourceforge.net; Sun, 08 Mar 2015 01:34:51 +0000 Received: by wgha1 with SMTP id a1so16948193wgh.1 for ; Sat, 07 Mar 2015 17:34:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=qy46IMZVoXy+OySpdGPu62G/htnn4ZCT7f6MP3L2QcY=; b=EWolq3wiV8ArGZCQxz6XxuVWrv+UNhAqwtauLxB/M1Zs/NvqseY5AtkTEOSdpip1RP R0Ko+cK1JsZBG0Fas3kxW4oBgo5N+Bw/P4D33zt+f7TQIicsG9ZUSxGwjEQNzjJ9odD+ OvNmD4ubZFHdg8mI7hwoEt25dwFMc6OrQEW6+7OmrLgwLkT/Ns6is7O8RLAaD34sasW7 d8X2vbzBoEqI2+k9vMhGpefsU4ZUYcvj+VMdiDaJ7smRWzksVRmtfMtcEowYBJBfgkTe RJQjXumLMw3IRnZV83+mGV3m8FOIdsA1wyAqVOaGeZD+Wz4THWo20R1OxY3GR95aKvw3 p7Wg== X-Gm-Message-State: ALoCoQn3Lsh79TeowX6z8icOia05GXb5I8Qpy6LlESYzNV49GFLwaNd8zzyMugD54Pl+IUuM4otA X-Received: by 10.194.83.66 with SMTP id o2mr44966109wjy.55.1425778482432; Sat, 07 Mar 2015 17:34:42 -0800 (PST) Received: from tetra.site ([185.68.217.48]) by mx.google.com with ESMTPSA id lb6sm21729491wjb.22.2015.03.07.17.34.39 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 07 Mar 2015 17:34:41 -0800 (PST) Message-ID: <54FBA72E.4040308@gk2.sk> Date: Sun, 08 Mar 2015 02:34:38 +0100 From: Pavol Rusnak User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Mem Wallet , bitcoin-development@lists.sourceforge.net References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1YUQ7E-0001Xi-Pb Subject: Re: [Bitcoin-development] bip44 GPG identities - POC demo X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2015 01:34:52 -0000 On 07/03/15 16:53, Mem Wallet wrote: > this allows a user to manage a GPG identity for encryption > and signing with zero bytes of permanent storage. (on tails for example) Hi! As an author of BIP44 I don't think that you should use BIP44 for this and a new BIP number should be allocated. To me it does not make much sense to create GPG key hierarchy per Bitcoin account, but rather create a GPG key hierarchy per device/master seed. I am currently in process of implementing a SignIdentity message for TREZOR, which will be used for HTTPS/SSH/etc. logins. See PoC here: https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717 The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash) and use that to derive the private key. This scheme might work for GPG keys (just use gpg://user@host.com for the URI) as well. -- Best Regards / S pozdravom, Pavol Rusnak From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YUWS9-0006fB-Lf for bitcoin-development@lists.sourceforge.net; Sun, 08 Mar 2015 08:20:49 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.172 as permitted sender) client-ip=74.125.82.172; envelope-from=natanael.l@gmail.com; helo=mail-we0-f172.google.com; Received: from mail-we0-f172.google.com ([74.125.82.172]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YUWRy-00011w-Ha for bitcoin-development@lists.sourceforge.net; Sun, 08 Mar 2015 08:20:49 +0000 Received: by wesw62 with SMTP id w62so4876786wes.0 for ; Sun, 08 Mar 2015 00:20:32 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.181.11.202 with SMTP id ek10mr14125764wid.37.1425802832410; Sun, 08 Mar 2015 00:20:32 -0800 (PST) Received: by 10.194.28.170 with HTTP; Sun, 8 Mar 2015 00:20:31 -0800 (PST) Received: by 10.194.28.170 with HTTP; Sun, 8 Mar 2015 00:20:31 -0800 (PST) In-Reply-To: <54FBA72E.4040308@gk2.sk> References: <54FBA72E.4040308@gk2.sk> Date: Sun, 8 Mar 2015 09:20:31 +0100 Message-ID: From: Natanael To: Pavol Rusnak Content-Type: multipart/alternative; boundary=f46d043c0904587f1c0510c29771 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (natanael.l[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YUWRy-00011w-Ha Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] bip44 GPG identities - POC demo X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2015 08:20:49 -0000 --f46d043c0904587f1c0510c29771 Content-Type: text/plain; charset=UTF-8 Den 8 mar 2015 02:36 skrev "Pavol Rusnak" : > > On 07/03/15 16:53, Mem Wallet wrote: [...] > I am currently in process of implementing a SignIdentity message for > TREZOR, which will be used for HTTPS/SSH/etc. logins. > > See PoC here: > https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717 > > The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it > and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash) > and use that to derive the private key. This scheme might work for GPG > keys (just use gpg://user@host.com for the URI) as well. Reminds me of FIDO's U2F protocol. http://fidoalliance.org/specifications https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/ It ties into the browser SSL session to make sure only the correct server can get the correct response for the challenge-response protocol, so that credentials phishing is blocked and worthless. A unique keypair is generated for each service for privacy, so that you can't easily be identified across services from the usage of the device alone (thus safe for people with multiple pseudonyms). --f46d043c0904587f1c0510c29771 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Den 8 mar 2015 02:36 skrev "Pavol Rusnak" <stick@gk2.sk>:
>
> On 07/03/15 16:53, Mem Wallet wrote:
[...]
> I am currently in process of implementing a SignIdentity message for > TREZOR, which will be used for HTTPS/SSH/etc. logins.
>
> See PoC here:
> https://github.com/trezor/trezor-emu/commit/9f61= 2c286cc7b8268ebaec4a36757e1c19548717
>
> The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it=
> and use m/46'/a'/b'/c'/d' where a,b,c,d are first = 4*32 bits of the hash)
> and use that to derive the private key. This scheme might work for GPG=
> keys (just use gpg://user@host.com for the URI) as well.

Reminds me of FIDO's U2F protocol.

http://fi= doalliance.org/specifications
https://www.yubico.com/products/yubikey-hardware/fido-u2f-security= -key/

It ties into the browser SSL session to make sure only the c= orrect server can get the correct response for the challenge-response proto= col, so that credentials phishing is blocked and worthless. A unique keypai= r is generated for each service for privacy, so that you can't easily b= e identified across services from the usage of the device alone (thus safe = for people with multiple pseudonyms).

--f46d043c0904587f1c0510c29771--