From 6cb352dd26b2df13156a750877732ee22edcfb6d Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Sat, 23 May 2026 18:52:33 +0200 Subject: [PATCH] bip-85: add example use for age key derivation Documents the connection between BIP-85's HEX application output at num_bytes=32 and the private-key seed format used by the age file-encryption format (https://age-encryption.org/v1) for both the classic X25519 identity (since age v1.0) and the post-quantum X-Wing identity (age v1.3.0+, Dec 2024). No new application number, no normative MUSTs added, no changes required in existing implementations. The amendment is purely documentational: a single subsection appended at the end of the HEX section. A test vector is added using the same master xprv as the existing HEX test vector in the same section, with both classic and post-quantum outputs. The PQ recipient (a ~1959-character bech32 string encoding the 1216-byte X-Wing public key) is included as a SHA-256 hash inline; the full string is in the reference implementation's test data. Reference implementation: https://github.com/dmonakhov/age-keygen-det - single-binary Go tool, BSD-3-Clause - cross-validates byte-for-byte against stock age-keygen -y in CI for both flavours --- bip-0085.mediawiki | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bip-0085.mediawiki b/bip-0085.mediawiki index b0f00abbef..b12de5f23e 100644 --- a/bip-0085.mediawiki +++ b/bip-0085.mediawiki @@ -282,6 +282,21 @@ INPUT: OUTPUT * DERIVED ENTROPY=492db4698cf3b73a5a24998aa3e9d7fa96275d85724a91e71aa2d645442f878555d078fd1f1f67e368976f04137b1f7a0d19232136ca50c44614af72b5582a5c +====Example use: age key derivation==== + +The 32-byte output at m/83696968'/128169'/32'/{index}' is uniformly random and is suitable as the private-key seed for the [https://age-encryption.org/v1 age] file-encryption format. For classic age identities, bech32-encode the 32 bytes with HRP AGE-SECRET-KEY-; the corresponding recipient is the bech32 encoding (HRP age) of X25519(seed, BASEPOINT). For post-quantum age identities (age v1.3.0+, Dec 2024), the same 32 bytes are a valid X-Wing seed; bech32-encode with HRP AGE-SECRET-KEY-PQ-. X-Wing internally SHAKE256-expands the seed into ML-KEM-768 and X25519 components, and the recipient is the bech32 encoding (HRP age1pq) of the X-Wing encapsulation key. A reference implementation is [https://github.com/dmonakhov/age-keygen-det age-keygen-det]. + +INPUT: +* MASTER BIP32 ROOT KEY: xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu3vca1LqdGhUtyoFnCNkfmXRyPXLjbKb +* PATH: m/83696968'/128169'/32'/0' + +OUTPUT +* DERIVED ENTROPY=ea3ceb0b02ee8e587779c63f4b7b3a21e950a213f1ec53cab608d13e8796e6dc +* DERIVED AGE IDENTITY (classic)=AGE-SECRET-KEY-1AG7WKZCZA689SAMECCL5K7E6Y854PGSN78K98J4KPRGNAPUKUMWQWNNT4U +* DERIVED AGE RECIPIENT (classic)=age1m0hhzxelxsxnxm4ennvdpk75j8s7mn5w4tt3e4ntug5qx256wslqmdz8e9 +* DERIVED AGE IDENTITY (PQ)=AGE-SECRET-KEY-PQ-1AG7WKZCZA689SAMECCL5K7E6Y854PGSN78K98J4KPRGNAPUKUMWQ5AN2M5 +* DERIVED AGE RECIPIENT (PQ) SHA-256=feecdb11f82478ea4b9dd934965f974e37701d963ac2ec5d4fb120357032641a + ===PWD BASE64=== Application number: 707764'