public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Natanael <natanael.l@gmail.com>
To: Pavol Rusnak <stick@gk2.sk>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] bip44 GPG identities - POC demo
Date: Sun, 8 Mar 2015 09:20:31 +0100	[thread overview]
Message-ID: <CAAt2M18eaRTY1mVLRJb7w=jFGiL=edi_7gC5J_9CcKE-3qskEg@mail.gmail.com> (raw)
In-Reply-To: <54FBA72E.4040308@gk2.sk>

[-- Attachment #1: Type: text/plain, Size: 1162 bytes --]

Den 8 mar 2015 02:36 skrev "Pavol Rusnak" <stick@gk2.sk>:
>
> On 07/03/15 16:53, Mem Wallet wrote:
[...]
> I am currently in process of implementing a SignIdentity message for
> TREZOR, which will be used for HTTPS/SSH/etc. logins.
>
> See PoC here:
>
https://github.com/trezor/trezor-emu/commit/9f612c286cc7b8268ebaec4a36757e1c19548717
>
> The idea is to derive the BIP32 path from HTTPS/SSH URI (by hashing it
> and use m/46'/a'/b'/c'/d' where a,b,c,d are first 4*32 bits of the hash)
> and use that to derive the private key. This scheme might work for GPG
> keys (just use gpg://user@host.com for the URI) as well.

Reminds me of FIDO's U2F protocol.

http://fidoalliance.org/specifications
https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/

It ties into the browser SSL session to make sure only the correct server
can get the correct response for the challenge-response protocol, so that
credentials phishing is blocked and worthless. A unique keypair is
generated for each service for privacy, so that you can't easily be
identified across services from the usage of the device alone (thus safe
for people with multiple pseudonyms).

[-- Attachment #2: Type: text/html, Size: 1697 bytes --]

      reply	other threads:[~2015-03-08  8:20 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-07 15:53 [Bitcoin-development] bip44 GPG identities - POC demo Mem Wallet
2015-03-08  1:34 ` Pavol Rusnak
2015-03-08  8:20   ` Natanael [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAAt2M18eaRTY1mVLRJb7w=jFGiL=edi_7gC5J_9CcKE-3qskEg@mail.gmail.com' \
    --to=natanael.l@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=stick@gk2.sk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox