aboutsummaryrefslogtreecommitdiff

ssh-bip39gen

ssh-bip39gen is a command-line tool that generates deterministic Ed25519 SSH key pairs from a 24-word BIP-39 mnemonic phrase. Unlike traditional SSH key generation, this tool allows you to regenerate the same key pair using only the mnemonic—no need to back up key files. It’s ideal for scenarios where you want to recover your SSH keys without storing them, provided you keep the mnemonic secure.

Features

  • Generates Ed25519 SSH keys with 256-bit entropy (24-word mnemonic).
  • Deterministic: Same mnemonic produces the same key pair.
  • Cross-platform: Binaries for Linux, Windows, and macOS (amd64 and 386/arm64).
  • Simple usage with a familiar ssh-keygen-like interface.

Installation

Prerequisites

  • Go: Version 1.21 or later.
  • Make: For building with the provided Makefile.
  • Git: To clone the repository.

Steps

  • Clone the repository:
$ git clone https://cgit.heqnx.com/ssh-bip39gen
$ cd ssh-bip39gen
  • Install dependencies:
$ go mod tidy
  • Build for all platforms:
$ make all
  • Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64

Usage

Generate a New Key Pair

$ ssh-bip39gen -f key
  • Creates key (private) and key.pub (public).
  • Outputs a 24-word mnemonic (e.g., "abandon ability able about ... actress").
  • Save the mnemonic securely - it’s your only way to regenerate the keys!

Generate new deterministic key

$ ssh-bip39gen -f testkey
  • Creates testkey (private) and testkey.pub (public).

Regenerate from a Mnemonic

$ ssh-bip39gen -f testkey -mnemonic "abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress"
  • Regenerates the same key pair using the provided 24-word mnemonic.

Security Notes

  • Mnemonic Security: The mnemonic is your private key. Treat it like a secret - write it down on paper, store it in a safe, or use a hardware wallet. Do not store it digitally unless encrypted.
  • Entropy: 256-bit entropy.
  • Determinism: If the mnemonic is compromised, an attacker can regenerate your keys. Use a unique, randomly generated mnemonic for each key pair.

License

This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details.

Disclaimer

ssh-bip39gen is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments.

generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 09:46:10 +0000