Yesterday I published the v0.0.1 prerelease of Mnemonikey, a novel command-line tool and Go library which allows users to derive signing and encryption keys deterministically from a seed. The seed is exported as a phrase of 14 words for easy offline backup.
This works much in the same way keys for Bitcoin wallets can be deterministically derived from a recovery phrase, but designed specifically for PGP - a sister technology commonly used by experts in this industry for signing application builds, end-to-end-encryption of messages, and SSH authentication.
As far as I'm aware, Mnemonikey is the first of its kind, rhyming only with the related but conceptually different
passphrase2pgp
tool, from which I drew my original inspiration. A related tool is trezor-agent
, which allows users to access their Bitcoin and PGP keys from a single hardware device. However, trezor-agent
has a number of drawbacks which Mnemonikey improves upon. Namely, you don't need a Trezor or Ledger to use Mnemonikey.Mnemonikey Features
- Keys are derived using modern secure algorithms (Argon2id and HKDF).
- Recovery phrases include a version number to guarantee forwards-compatibility and long-term safety of your backup.
- Phrases are encoded with a custom high-density wordlist with stronger guarantees than BIP39.
- Phrases include a checksum to confirm you entered the phrase correctly.
- Supports encrypted phrases. This is a different mechanism from BIP39 - you can change or remove the password at any time.
- Easily auditable small code footprint: only 3800 lines of source code, plus 13,700 lines of code from dependencies. Less complexity --> less risk.
- Reproducible builds for security guarantees.
- Supports subkey cycling
- Fancy colored output (Let's be honest, this is the most important feature 🎉)
This first release marks a point which I feel is suitable for a v1 release, but before then I'm sending out some feedback requests in various communities to ask for final feedback and, for those most interested, testing of the library and/or CLI tool. I'd greatly appreciate any opinions, code review, or firsthand testing <3
For a detailed specification and elaboration, see the Mnemonikey README.