How does onlykey generate unlimited private keys?


Could someone explain the crypto involved for onlykey to generate its own private keys? This seems like an awesome feature because I don’t have to worry about storage constraints when using existing keys. I just want to make sure it is reliable/secure enough to rely upon. If possible, I would like to hear how it compares to other methods of generating derived keys.

Its called a key derivation function (KDF) here is more on that - HKDF - Wikipedia

Its similar to how there are nearly unlimited private keys for bitcoin. The keys OnlyKey generates are ECC keys like bitcoin. Lets say you had a bitcoin passphrase used to generate your private key and then you added to it like “passphrase” + “email address”. Each unique email address you added to it would create a different private key you could do this with unlimited email addresses. There are other devices that also use derived keys details here - GitHub - romanz/trezor-agent: Hardware-based SSH/PGP agent

1 Like

Thank you for the information! Have a great weekend!