Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

s7r s7r at sky-ip.org
Fri Sep 1 00:49:08 CEST 2017


Hello Mario, Robert,

Replying to both inline.

Mario Castelán Castro wrote:
> On 29/08/17 02:09, s7r wrote:
>> I understand that the first one is ECDSA and the second is ECDH, but
>> can't I use the same secp256k1 key (if I import it) but in different two
>> representations (ECDSA representation for Sign and Certify and ECDH for
>> Encrypt)?
> 
>> The subkey might have a different fingerprint because it's a
>> different representation of course but this is not the concern, the
>> concern is for both to be computed from the same imported private key.
> 
> You can use hash(private_key_1) to seed a cryptographically secure
> pseudo-random number generator (E.g.: AES in CTR mode with the seed as
> the key), and then use that random stream to generate (private_key_2,
> pubic_key_2.
> 
> This is a method applicable in general. The algorithms of private_key_1
> and private_key_2 need not be the same, nor do they need to be defied
> over the same curve.
> 
> The only problem is that I do not know of a program to do they key
> generation from a user-provided seed.
> 

This will do for my use case.

> Please stop talking about "secp256k1 keys".  You do not have secp256k1
> keys.  You have ExDSA or ECDH keys which are not interchangeable with
> each other.

I think I asked in a wrong way. I do not necessarily need for both the
primary key and the secondary key (key with Encryption capability) to be
the same secp256k1 curve / ExDSA key / ECDH key, etc. -- all I need is
for them to be reproductible at any time, any where, based on some seed,
or sha256 hash of a user-generated password, etc. It's irrelevant if
they are totally different keys that work in different ways, the only
feature needed is to be able to reproduce them from scratch any time,
and be able to decrypt the data.

Mario, check this out:

https://github.com/Jaxx-io/openpgpjs-secp256k1/blob/master/README_secp256k1.md

Generate keypair from bitcoin key:
var openpgp = require('openpgp');
var bs58check = require('bs58check');

var wif = 'KyiAchQgMKuXQu89j6k6UVZQj7brK6cM79JfmDvkNXPVW24L1thi';
var buff = bs58check.decode(wif);
var privateKey = buff.slice(1, -1);
privateKey = openpgp.util.bin2str(privateKey);

var options = {
    curve: 'secp256k1',
    userId: 'Hamlet <hamlet at example.net>',
    passphrase: 'To be, or not to be: that is the question',
    material: {
      key: privateKey,
      subkey: privateKey
    }
};

openpgp.generateKeyPair(options).then(function(keypair) {
    // success
    var privkey = keypair.privateKeyArmored;
    var pubkey = keypair.publicKeyArmored;
}).catch(function(error) {
    // failure
});

Although I am not sure if how this code solves the primary / secondary
subkey problem, I doubt it can create a primary key with Encryption
capability because ECDSA doesn't work like this, as Robert clearly
explained (thanks again for this).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170901/a04481ba/attachment-0001.sig>


More information about the Gnupg-users mailing list