braydonf
commented
7 years ago I think it would still be a good idea to use BIP38 here, as we may want to have a mnemonic that would be for both encryption and other purposes with BIP32 derivation.
Closed cpollard1001 closed 7 years ago
braydonf
commented
7 years ago I think it would still be a good idea to use BIP38 here, as we may want to have a mnemonic that would be for both encryption and other purposes with BIP32 derivation.
super3
commented
7 years ago That just sounds like just deterministic keys to me. Hierarchical keys would involve branches of parent and child keys. This proposal only has one path for key derivation.
On Oct 22, 2016 12:03 PM, "Chris Pollard" notifications@github.com wrote:
@cpollard1001 commented on this pull request.
In sip-deterministickeys.md https://github.com/Storj/sips/pull/8:
+ +Currently, all keys are generated randomly on a per-file basis and stored encrypted in the user's keyring. This does not allow any easy way for a user to syncronize keys across devices. To do this currently, it would require either trusting the bridge with keyring, creating direct connections between devices, or introducing a new asymmetric encryption scheme. None of these are easily implemented. + +This proposal allows users to syncronize keys simply by typing a twelve word mnemonic into each new device. This seed will allow users to generate all of their keys deterministically for any future bucket or file. + +Secondly, there is no way to make a future-proof offline backup. A backup storage device would have to constantly be updated with the latest version of the keyring. This could compromise the backup's security. + +Finally, users might want to grant other users access to all the files in a bucket. Currently, this would require all file keys to be sent to the target, which would be difficult to manage. This proposal introduces bucket keys which can be used to deterministically calculate all of the file keys in a bucket. A user could share this bucket key with another user so that they can encrypt or decrypt any file in a bucket, or share it with the bridge to make an entire bucket public. + +Specification +------------- + +Generate a twelve word mnemonic according to BIP 39 which gives 132 bits of entropy. This mnemonic will be encrypted into the keyring using the keyring's standard method of encryption. The bucket key is generated using pbkdf2 using the mnemonic as the password, the bucket id as the salt, and other settings already used by DataCipherKeyIv. The file key is generated similarly using the bucketKey as the password and fileId as the salt. This file key then becomes the secret password to a new DataCipherKeyIv. + +```javascript +DataCipherKeyIv.getHDBucketKey = function(mnemonic, bucketId){
It's still hierarchical in the sense that you have the seed -> bucketKey -> fileKey and sharing the bucketKey gives you access to all its fileKeys, but not access to the seed of course. Right?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Storj/sips/pull/8, or mute the thread https://github.com/notifications/unsubscribe-auth/AADuL0HebxCxFz6H2Rj0_caSEMPH6Znaks5q2jOsgaJpZM4Kd1WN .
super3
commented
7 years ago Doesn't look like this is going to be finished or maintained. Closing.
Deterministic file and bucket key description.