Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Logicwax/gpg-hd
A BIP-39 / seed-phrase / brain-wallet based Hierarchical Deterministic GPG / SSH key generator that also provisions OpenPGP smartcards for easy key backup and recovery.
https://github.com/Logicwax/gpg-hd
bip-0039 bip39 brainwallet deterministic gpg gpg-keychain openpgp ssh-key yubikey
Last synced: 3 months ago
JSON representation
A BIP-39 / seed-phrase / brain-wallet based Hierarchical Deterministic GPG / SSH key generator that also provisions OpenPGP smartcards for easy key backup and recovery.
- Host: GitHub
- URL: https://github.com/Logicwax/gpg-hd
- Owner: Logicwax
- License: unlicense
- Created: 2020-12-29T03:35:52.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2023-02-22T09:00:55.000Z (almost 2 years ago)
- Last Synced: 2024-07-31T08:14:14.541Z (6 months ago)
- Topics: bip-0039, bip39, brainwallet, deterministic, gpg, gpg-keychain, openpgp, ssh-key, yubikey
- Language: Python
- Homepage:
- Size: 38.1 KB
- Stars: 37
- Watchers: 5
- Forks: 9
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome - Logicwax/gpg-hd - A BIP-39 / seed-phrase / brain-wallet based Hierarchical Deterministic GPG / SSH key generator that also provisions OpenPGP smartcards for easy key backup and recovery. (Python)
README
Deterministic GPG brainwallet keychain generator
=============================
GPG-HD is a deterministic full GPG keychain (CA key + 3 subkeys) generator using an input seed such as a BIP-39 phrase. It also automates writing this keychain to Yubikeys and generates public SSH keys. For those who don't want their digital identity to be tied to physical media in case of theft/loss/or electronic failure. This Idea was prompted by [electrum](https://electrum.org/), DJB's blog [Entropy Attacks](http://blog.cr.yp.to/20140205-entropy.html), and Arttu Kasvio's [ deterministic GPG key project.](https://github.com/arttukasvio/deterministic)
Requirements
------------
* gpg
* monkeysphere
* python3-crypto
* python3-pexpect
Installation
------------
sudo apt-get install gpg monkeysphere python3-crypto python3-pexpect make
Or if you're really lazy:
`make install` (will need sudo elevation)
How to use
----------
`./gpg-hd -h`
`./gpg-hd "some awesome BIP-39 seed ..." [--card]`
`./gpg-hd --name="Satoshi Nakamoto" --email="[email protected]" [--card] "some awesome BIP-39 seed phrase ..."`
If the argument `--card` is supplied then GPG-HD will attempt to write the three subkeys (Encryption, Auth, Sig) to a card such as a Yubikey.
By default GPG-HD uses 1970-01-1 (Unix epoch of 1 second) to signal a deterministic keychain. Optionally one can over-ride this with `--date=unix_time_in_secs`
while key expirations are defaulted to 2 years.
Private and Public GPG keychain files + SSH public key are located in the `keys` sub-directory.
Testing
----------
If on a non-debian system, you can easily test with docker (needs to be installed):
`make docker-test`
Use Cases
----------
On an airgap machine, use a safe brainwallet such as [PortalWallet](https://github.com/Logicwax/PortalWallet) to generate a BIP-39 phrase:
`SEED = portalwallet("satoshi")`
`SEED="fetch december jazz hood pact owner cloth apart impact then person actual"`
`./gpg-hd $SEED --name="satoshi" --email="[email protected]"`
or
`./gpg-hd $SEED --name="satoshi" --email="[email protected]" --card` will create a yubikey (which you can also use for SSH authentication along with the exported SSH key)