We're looking at adding address generation and BIP32 support to Rein, a decentralized freelance project. The way identities work in Rein is that each user signs a kind of root document called their enrollment with an ECDSA (Bitcoin-style) key which we call their master address.
As part of the enrollment, they sign that another key will be used to sign their day to day documents. The private key for this "delegate" address is stored in the client, whereas the master private key should be kept offline. The setup process for this is not terribly difficult but we're looking to simplify it.
First, we want to generate the master key in the software from a BIP39 mnemonic, have the user type it back into the software to confirm that they've written it down, then store only a key for a BIP32 branch in the software.
Goals:
- Ensure that compromise of a delegate key will not endanger security for the master key or any other branches made from it.
- Be able to sign a new branch of the master key to be used as a new delegate branch.
- Be able to generate delegate keys with a way to independently verify without the private key that they are from the same branch as the original delegate key. Ideally this can be done without exposing every delegate key using from the branch as some might want to be kept private.
I'm sure I'm missing something in this description so looking forward to any questions.
Thanks,
weex