Yesterday I published the v0.0.1 prerelease of Mnemonikey, a novel command-line tool and Go library which allows users to derive signing and encryption keys deterministically from a seed. The seed is exported as a phrase of 14 words for easy offline backup.
This works much in the same way keys for Bitcoin wallets can be deterministically derived from a recovery phrase, but designed specifically for PGP - a sister technology commonly used by experts in this industry for signing application builds, end-to-end-encryption of messages, and SSH authentication.
As far as I'm aware, Mnemonikey is the first of its kind, rhyming only with the related but conceptually different passphrase2pgp tool, from which I drew my original inspiration. A related tool is trezor-agent, which allows users to access their Bitcoin and PGP keys from a single hardware device. However, trezor-agent has a number of drawbacks which Mnemonikey improves upon. Namely, you don't need a Trezor or Ledger to use Mnemonikey.

Mnemonikey Features

  • Keys are derived using modern secure algorithms (Argon2id and HKDF).
  • Recovery phrases include a version number to guarantee forwards-compatibility and long-term safety of your backup.
  • Phrases are encoded with a custom high-density wordlist with stronger guarantees than BIP39.
  • Phrases include a checksum to confirm you entered the phrase correctly.
  • Supports encrypted phrases. This is a different mechanism from BIP39 - you can change or remove the password at any time.
  • Easily auditable small code footprint: only 3800 lines of source code, plus 13,700 lines of code from dependencies. Less complexity --> less risk.
  • Reproducible builds for security guarantees.
  • Supports subkey cycling
  • Fancy colored output (Let's be honest, this is the most important feature 🎉)
This first release marks a point which I feel is suitable for a v1 release, but before then I'm sending out some feedback requests in various communities to ask for final feedback and, for those most interested, testing of the library and/or CLI tool. I'd greatly appreciate any opinions, code review, or firsthand testing <3
For a detailed specification and elaboration, see the Mnemonikey README.
I always wondered why a tool like this doesn't exist, very cool!
reply