Hello, I answer in different order of you asked.
It sounds like you have a specific use case in mind, and I'm not sure if use of Gnuk Token is appropriate for that. Terminada <[email protected]> wrote: > Is there some way to generate a new gpg key from an existing one if > given some additional data (second passphrase)? Technically, it is possible to use data of a private key to derive another. I don't think there is an existing tool for OpenPGP to help this use case. > Would there be a way to add such a feature to Gnuk and gnupg? It would be. For Gnuk, it sounds like you are suggesting (or expecting) another design of token, like FIDO2, which has a secret in a device to derive (possibly many) keys. (Sorry, I don't know about how Trezor devices are implemented.) It would be good to add a feature to GnuPG, which supports generating OpenPGP key from externally generated raw private key material (by some derivation mechanism using secret like existing private key (in OpenPGP format or whatever)). Currently, GnuPG has a limited support to generate OpenPGP key from existing card key. This feature could be generalized/enhanced. > I am interested by some extra functionality that the Trezor devices > provide. In Gnuk, passphrase is not stored in the device, at all. Passphrase is used to decrypt your key on the device. -- _______________________________________________ Gnuk-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnuk-users
