Trezor - Could this be the model for a PGP crypto device?

[NIIBE Yutaka]

On 03/06/2015 09:50 PM, Felix E. Klee wrote:
> Marek later explained to me that the Bitcoin crypto standard is
> different from those used with PGP.

Do you mean the curve of secp256k1?

GnuPG modern 2.1.x with development version of libgcrypt support
secp256k1.

Development version of Gnuk also supports secp256k1.

It was introduced to GnuPG and Gnuk, so that we can sign the
transactions of Bitcoin with GnuPG (and using Gnuk Token, if you
have).  That was the intention.

I also asked Kristian for SKS server.  And the support was added.

I considered some enhancement to existing Bitcion client (such as
Electrum), so that it can ask signing to GnuPG.

However, nothing more happened beyond these lower level implementation
enhancement.

Perhaps, there wouldn't be enough demand (other than my own hack
value).

I had to stop my development for Bitcoin, because of infamous
"BITTOKOIN" fraud in Japan.  After all, their customers had no idea
about controlling their own private keys and their computation by
themselves, it could never be the potential market of Gnuk Token (or
GnuPG).

... and I think that there is some interoperability issue(s) for
handling of secp256k1 key in GnuPG implementation which doesn't
support the specific curve (or ECC at all) and/or some? keyservers.

I got report that my key on keyservers are huge, and it seems because
of the subkey of secp256k1.  I haven't examined the detail of this
issue yet, and I don't know the cause of this trouble.

So, I never recommend to join the experiment of secp256k1, now.


If some people still want this direction, a person can check my subkey
of secp256k1 (available in keyservers) with GnuPG modern and
development version of libgcrypt.  Then, he can see my Bitcoin address
by a tool I posted last year (gpgkey2bc) [0].  And if he really wish
to do so, he can send some Bitcoin to that address.

When the amount of Bitcoin into the specific address will be much, it
will be perhaps enough pressure to move my development to this area,
back again.


Well, I don't believe the device with good UI, in general.  UI is (or
can be) most complex component in a system.  If there is a better UI,
it means (for me, at least) that the system is more complex to make
audit more difficult.  And, in general, the hardware (MCU) requirement
from good UI is rather bigger than the one from ECC itself.  If a
system will have a much power, power will corrupt.  We could learn
from the architecture of phone (with better UI).


[0] gpgkey2bc: Generating address of Bitcoin from public key:
https://lists.gnupg.org/pipermail/gnupg-devel/2014-January/028147.html
--