Score:1

Using one seed to create signing key pair and encryption key

cn flag
mkl

I'm working on creating a secure digital vault. I'm using mnemonic to generate a seed. The seed is used to generate a signing key pair for identity verification. However I want to also encrypt the contents of the vault for recovery purposes.

Can the same seed be used for signing, and for encrypting the data? (I can add a salt or some deterministic function if that helps).

This is related: Using a single Ed25519 key for encryption and signature

However am unsure whether it answers the question.

Maarten Bodewes avatar
in flag
Use a KDF with two different `Info` fields and you have now two "seeds". But beware of the details as the security will depend on that.
Score:0
es flag

If you absolutely needed to advertise one public key that could be used both for public-key authenticated encryption ("crypto_box") and also for signing ("crypto_sign"), that would be a reason to map key pairs between the Twisted Edwards Ed25519 curve (which is preferred for signing operations) and the Montgomery curve Curve25519 (which is preferred for ECDH operations). E.g. you'd advertise a Curve25519 public key that people can use to encrypt and send data to you, but your software would map it to the Ed25519 equivalent prior to using it for verifying signatures.

However, it sounds like you are using symmetric encryption for the vault (and not asymmetric encryption). Therefore this mapping between curves is not relevant to you.

Therefore, use strings such as "encryption" and "signing" as info parameters to HKDF-Expand (along with your seed as the uniformly distributed pseudorandom key) to generate the symmetric encryption key and the signing secret key. If your seed is 256 bits and you need to derive a 256 bit key, that's essentially equivalent to just doing HMAC-SHA256(seed || info) (see https://datatracker.ietf.org/doc/html/rfc5869).

cn flag
mkl
Great, that’s super helpful. Thank you!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.