Skip to content

bip-85: add example use for age key derivation #2174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dmonakhov wants to merge 1 commit into
base: master
Choose a base branch
from
+15 −0
Open

bip-85: add example use for age key derivation #2174

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions bip-0085.mediawiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,21 @@ INPUT:
OUTPUT
* DERIVED ENTROPY=492db4698cf3b73a5a24998aa3e9d7fa96275d85724a91e71aa2d645442f878555d078fd1f1f67e368976f04137b1f7a0d19232136ca50c44614af72b5582a5c

====Example use: age key derivation====
Copy link
Copy Markdown
Contributor

@akarve akarve May 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
====Example use: age key derivation====
====<code>age</code> file encryption keys====

Copy link
Copy Markdown
Member

@jonatack jonatack May 24, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be helpful to specify that "age" as used here specifically refers to a file encryption format, either in parentheses or with a footnote.


The 32-byte output at <code>m/83696968'/128169'/32'/{index}'</code> is uniformly random and is suitable as the private-key seed for the [https://age-encryption.org/v1 age] file-encryption format. For classic age identities, bech32-encode the 32 bytes with HRP <code>AGE-SECRET-KEY-</code>; the corresponding recipient is the bech32 encoding (HRP <code>age</code>) of <code>X25519(seed, BASEPOINT)</code>. For post-quantum age identities (age v1.3.0+, Dec 2024), the same 32 bytes are a valid X-Wing seed; bech32-encode with HRP <code>AGE-SECRET-KEY-PQ-</code>. X-Wing internally SHAKE256-expands the seed into ML-KEM-768 and X25519 components, and the recipient is the bech32 encoding (HRP <code>age1pq</code>) of the X-Wing encapsulation key. A reference implementation is [https://github.com/dmonakhov/age-keygen-det age-keygen-det].
Copy link
Copy Markdown
Contributor

@akarve akarve May 24, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few requests for this section:

  1. Please insert newlines every ~80-90 chars so this file reads well in a terminal
  2. The Dec 2024 date is probably TMI, version makes sense but dates generally don't age well
  3. You say "uniformly random" but the point is "cryptographically random"
  4. Consider breaking most of the above into a small table for readability and using standard nomenclature like || for concat, etc.

Example: please check the math and semantics (assume what's here is wrong), but to give you the idea:

flavor role HRP bytes encoded in data encoded string
classic identity AGE-SECRET-KEY- seed (32 B) AGE-SECRET-KEY- || 1 || AG7WK…UKUMWQ || WNNT4U
classic recipient age X25519(seed, G) (32 B) age || 1 || m0hhzx…256wslq || mdz8e9
PQ (X-Wing) identity AGE-SECRET-KEY-PQ- seed (32 B, same bytes) AGE-SECRET-KEY-PQ- || 1 || AG7WK…UKUMWQ || 5AN2M5
PQ (X-Wing) recipient age1pq XWing.pk(seed) (≈1216 B) age1pq || 1 || (~1950 chars) || (6 chars)

And then define your terms below, G, etc.

Copy link
Copy Markdown
Contributor

@akarve akarve May 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"The 32-byte output at...": let's just say "HEX application outputs can be extended with concatenation to function as age file encryption keys" or something like that.


INPUT:
* MASTER BIP32 ROOT KEY: xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu3vca1LqdGhUtyoFnCNkfmXRyPXLjbKb
* PATH: m/83696968'/128169'/32'/0'

OUTPUT
Copy link
Copy Markdown
Contributor

@akarve akarve May 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
OUTPUT
OUTPUT:

* DERIVED ENTROPY=ea3ceb0b02ee8e587779c63f4b7b3a21e950a213f1ec53cab608d13e8796e6dc
* DERIVED AGE IDENTITY (classic)=AGE-SECRET-KEY-1AG7WKZCZA689SAMECCL5K7E6Y854PGSN78K98J4KPRGNAPUKUMWQWNNT4U
* DERIVED AGE RECIPIENT (classic)=age1m0hhzxelxsxnxm4ennvdpk75j8s7mn5w4tt3e4ntug5qx256wslqmdz8e9
* DERIVED AGE IDENTITY (PQ)=AGE-SECRET-KEY-PQ-1AG7WKZCZA689SAMECCL5K7E6Y854PGSN78K98J4KPRGNAPUKUMWQ5AN2M5
* DERIVED AGE RECIPIENT (PQ) SHA-256=feecdb11f82478ea4b9dd934965f974e37701d963ac2ec5d4fb120357032641a

===PWD BASE64===
Application number: 707764'

Expand Down