usage flags for bitcoin addresses on OpenPGP keys [was: Re: human readable key algorithm]

Daniel Kahn Gillmor dkg at
Thu Jan 16 23:00:36 CET 2014

On 01/16/2014 12:33 PM, Werner Koch wrote:
> Adding notation data to the key or a newly defined keyflag would be
> useful to identify such a subkey.  The question is whether we can deploy
> this before the BC bubble bursts.

I agree with the suggestion to use a notation.  In fact, i'd rather not
see such a key marked as authentication-capable, because that would
imply that it should be used in other authentication contexts (like
SSH).  I also don't think the key is really used in bitcoin in
authentication contexts -- aiui, in bitcoin, the wallet's key is only
used for signing an outbound transaction.  this isn't an authentication
step, it's clearly a digital signature.

That said, it's not an OpenPGP digital signature, so maybe the
traditional signing flag doesn't make sense either.  I certainly
wouldn't want attaching such a key to my OpenPGP certificate to make it
so that when i sent mail it signed my mail with my bitcoin wallet's key!

I note that gpg's notion of "capabilities" doesn't map directly to the
usage-flags subpacket anyway (since E maps to multiple usage flags, and
some defined usage flags aren't settable).  I wonder if gpg should
expose a "bitcoin address" capability (within --expert mode) and set
such a subkey up as having no usage flags set, and a notation like:

 extended-usage at

in human-readable form, gpg could indicate this as "Usage: B"

what do y'all think?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140116/2fbaec96/attachment.sig>

More information about the Gnupg-devel mailing list