You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0085.mediawiki
+55-1Lines changed: 55 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,8 @@ As HD keychains are essentially derived from initial entropy, this proposal prov
25
25
26
26
==Definitions==
27
27
28
+
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
29
+
28
30
The terminology related to keychains used in the wild varies widely, for example `seed` has various different meanings. In this document we define the terms
29
31
30
32
# '''BIP32 root key''' is the root extended private key that is represented as the top root of the keychain in BIP32.
BIP85-DRNG-SHAKE256 is a deterministic random number generator for cryptographic functions that require deterministic outputs, but where the input to that function requires more than the 64 bytes provided by BIP85's HMAC output. BIP85-DRNG-SHAKE256 uses BIP85 to seed a SHAKE256 stream (from the SHA-3 standard). The input must be exactly 64 bytes long (from the BIP85 HMAC output).
77
+
78
+
RSA key generation is an example of a function that requires orders of magnitude more than 64 bytes of random input. Further, it is not possible to precalculate the amount of random input required until the function has completed.
The derivation path format is: <code>m/83696968'/828365'/{key_bits}'/{key_index}'</code>
264
+
265
+
The RSA key generator should use BIP85-DRNG as the input RNG function.
266
+
267
+
===RSA GPG===
268
+
269
+
Keys allocated for RSA-GPG purposes use the following scheme:
270
+
271
+
- Main key <code>m/83696968'/828365'/{key_bits}'/{key_index}'</code>
272
+
- Sub keys: <code>m/83696968'/828365'/{key_bits}'/{key_index}'/{sub_key}'</code>
273
+
274
+
- key_index is the parent key for CERTIFY capability
275
+
- sub_key <code>0'</code> is used as the ENCRYPTION key
276
+
- sub_key <code>1'</code> is used as the AUTHENTICATION key
277
+
- sub_key <code>2'</code> is usually used as SIGNATURE key
278
+
279
+
Note on timestamps:
280
+
281
+
The resulting RSA key can be used to create a GPG key where the creation date MUST be fixed to unix Epoch timestamp 1231006505 (the Bitcoin genesis block time <code>'2009-01-03 18:05:05'</code> UTC) because the key fingerprint is affected by the creation date (Epoch timestamp 0 was not chosen because of legacy behavior in GNUPG implementations for older keys). Additionally, when importing sub-keys under a key in GNUPG, the system time must be frozen to the same timestamp before importing (e.g. by use of <code>faketime</code>).
282
+
283
+
Note on GPG key capabilities on smartcard/hardware devices:
284
+
285
+
GPG capable smart-cards SHOULD be be loaded as follows: The encryption slot SHOULD be loaded with the ENCRYPTION capable key; the authentication slot SHOULD be loaded with the AUTHENTICATION capable key. The signature capable slot SHOULD be loaded with the SIGNATURE capable key.
286
+
287
+
However, depending on available slots on the smart-card, and preferred policy, the CERTIFY capable key MAY be flagged with CERTIFY and SIGNATURE capabilities and loaded into the SIGNATURE capable slot (for example where the smart-card has only three slots and the CERTIFY capability is required on the same card). In this case, the SIGNATURE capable sub-key would be disregarded because the CERTIFY capable key serves dual purpose.
288
+
235
289
==Backwards Compatibility==
236
290
237
291
This specification is not backwards compatible with any other existing specification.
0 commit comments