*: use full BIP-0032 and BIP-0039 names
This commit is contained in:
parent
2de0c5ce10
commit
fbad0632a7
10
README.md
10
README.md
|
@ -1,12 +1,12 @@
|
||||||
# keyfork #
|
# keyfork #
|
||||||
|
|
||||||
An opinionated and modular toolchain for generating and managing a wide range
|
An opinionated and modular toolchain for generating and managing a wide range
|
||||||
of cryptographic keys offline and on smartcards from a shared bip39 mnemonic
|
of cryptographic keys offline and on smartcards from a shared BIP-0039 mnemonic
|
||||||
phrase.
|
phrase.
|
||||||
|
|
||||||
Keyfork can be used by organizations and solo users, for the purposes of
|
Keyfork can be used by organizations and solo users, for the purposes of
|
||||||
disaster recovery, cold storage, and reproducibility of private keys and secret
|
disaster recovery, cold storage, and reproducibility of private keys and secret
|
||||||
data. Keyfork achieves this by using a bip32 seed loaded into an agent to
|
data. Keyfork achieves this by using a BIP-0032 seed loaded into an agent to
|
||||||
generate deterministic and unique keypairs. This ensures only the agent has
|
generate deterministic and unique keypairs. This ensures only the agent has
|
||||||
control over the mnemonic itself, and other components can request
|
control over the mnemonic itself, and other components can request
|
||||||
deterministic data. The seed can be split using the Keyfork Shard mechanism,
|
deterministic data. The seed can be split using the Keyfork Shard mechanism,
|
||||||
|
@ -57,8 +57,8 @@ Note: The following features are proposed, and may not yet be implemented.
|
||||||
* Config file and 24 word mnemonic phrase to recover *every* key
|
* Config file and 24 word mnemonic phrase to recover *every* key
|
||||||
* Shard mechanism allows for "M-of-N" recovery of seed if lost
|
* Shard mechanism allows for "M-of-N" recovery of seed if lost
|
||||||
* Unpredictable
|
* Unpredictable
|
||||||
* Generate a BIP39 phrase from OS or physicalized entropy
|
* Generate a BIP-0039 phrase from OS or physicalized entropy
|
||||||
* Provide and use BIP39 passphrase from user supplied entropy
|
* Provide and use BIP-0039 passphrase from user supplied entropy
|
||||||
* Read up on [milksad](https://milksad.info) to understand why this matters!
|
* Read up on [milksad](https://milksad.info) to understand why this matters!
|
||||||
* Deterministic
|
* Deterministic
|
||||||
* Given the same seed, repeated derivation requests will be reproducible
|
* Given the same seed, repeated derivation requests will be reproducible
|
||||||
|
@ -230,7 +230,7 @@ keyfork version
|
||||||
keyfork help
|
keyfork help
|
||||||
Show this text.
|
Show this text.
|
||||||
keyfork [command]
|
keyfork [command]
|
||||||
Commands receive bip32 root as stdin
|
Commands receive BIP-0032 root as stdin
|
||||||
Commands return output and config data as json over stdout back to keyfork
|
Commands return output and config data as json over stdout back to keyfork
|
||||||
keyfork [command] help
|
keyfork [command] help
|
||||||
Show help for a particular sub-command
|
Show help for a particular sub-command
|
||||||
|
|
|
@ -27,8 +27,8 @@ pub enum RecoverSubcommands {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl RecoverSubcommands {
|
impl RecoverSubcommands {
|
||||||
/// Return the 128-bit or 256-bit entropy for a bip39 mnemonic. This is _not_ the same as the
|
/// Return the 128-bit or 256-bit entropy for a BIP-0039 mnemonic. This is _not_ the same as
|
||||||
/// 512-bit seed used by bip32.
|
/// the 512-bit seed used by BIP-0032.
|
||||||
fn handle(&self) -> Result<Vec<u8>> {
|
fn handle(&self) -> Result<Vec<u8>> {
|
||||||
match self {
|
match self {
|
||||||
RecoverSubcommands::Shard {
|
RecoverSubcommands::Shard {
|
||||||
|
|
|
@ -142,7 +142,7 @@ pub mod mnemonic {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A mnemonic of a given choice of lengths. For example, a 128-bit or 256-bit bip32 seed.
|
/// A mnemonic of a given choice of lengths. For example, a 128-bit or 256-bit BIP-0032 seed.
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
pub enum MnemonicChoiceValidationError {
|
pub enum MnemonicChoiceValidationError {
|
||||||
/// The provided mnemonic did not match any of the valid ranges.
|
/// The provided mnemonic did not match any of the valid ranges.
|
||||||
|
|
|
@ -9,7 +9,7 @@ particular mechanism) to an external source, such as a smart card. Provisioners
|
||||||
should hardcode at least one path index (such as `7366512`, for "PGP") specific
|
should hardcode at least one path index (such as `7366512`, for "PGP") specific
|
||||||
to the usage of the key to be provisioned (and such index should be recorded in
|
to the usage of the key to be provisioned (and such index should be recorded in
|
||||||
the keyfork-path-data crate), and accept at least one index to use as what
|
the keyfork-path-data crate), and accept at least one index to use as what
|
||||||
bip32 calls an "account". While some users may never practically make use of
|
BIP-0032 calls an "account". While some users may never practically make use of
|
||||||
multiple accounts, having the option to specify multiple accounts is important.
|
multiple accounts, having the option to specify multiple accounts is important.
|
||||||
|
|
||||||
## Plumbing
|
## Plumbing
|
||||||
|
|
Loading…
Reference in New Issue