Key Manager / BIP 85

I’m diving into Key Manager on my Passport. I have several general questions, but please feel free to move to Passport category, if preferred.

  1. From what I understand, compromise of the Master Seed does not directly compromise the Child Seeds generated using BIP85. Is this accurate?

  2. If the Master Seed is used as a wallet recovery, in the case of a broken passport, etc. Does this recover the Child Seeds as well?

  3. Does the answer to #2 apply to other (non passport) BIP 39 compatible wallets?

  4. If I wanted to setup a child seed and wallet for my grandmother, who I am geographically seperated from, what’s the best way to do that without exposing my her private key online or over telephone? Set up a hardware device here and then mail it to her in a tamper evident bag?

  5. Can Grandma then use that key as one key (key A) in a 2-of-3 multisig setup?

  6. If yes, it seems that it would create a security risk if I were to then hold one of the other keys (key B), as this would geographically connect two of the keys, right? (A backup of Key A child seed in my key manager, and physical copy of Key B)

  7. Is there a way to integrate the key manager into multisig for family members, or is this not recommended?

I know that’s a lot of questions. Want to make sure I understand what I’m doing fully and get this right. Thanks in advance!

Hey,

  1. No, its the other way round. A compromised child seed does not the master, but a compromised master can generate all child seeds.
  2. Yes, but not automatically. After loading the master, you’d need to re derive each child seed by choosing the correct key number. OR, you can recover from our encrypted backup, which contains all this extra info and makes everything 10x faster.
  3. Yes, but those wallets would need to be BIP85 compatible to allow you to specify child seeds.
  4. Depends on the use case for her seed IMO. If its going to be purely offline cold storage for large amounts, then in-person is best. If its for small amounts on a mobile wallet just to get started, then an encrypted messenger might be OK for you.
  5. Yes
  6. Yes, two of the keys would be in one spot (your device).
  7. In this scenario, not really for the reason outline above.
1 Like

You guys are the best. Grateful for all your answers to the above.

2 Likes

Hi qna and team,

  1. When I create a new Passport “account” is this the same as creating a child seed (without revealing the child seed to me)?

  2. If I want to create a new master seed, for example to move from an existing 24 word mnemonic phrase to a new 12 word mnemonic, is there any way to keep my existing accounts structure and balance when moving funds? I imagine not, in which case I think I have to send from each of my separate accounts (under my existing 24 word master seed) to each of the new separate accounts (created under my new 12 word master seed), separately. Am I correct in this assumption?

Thanks!

Hi there!

  1. When you create a Passport “account”, what you are doing is using the same master seed but increasing the account level in the derivation path. So no, it is a diferent thing from creating a child seed. A child seed is a brand new seed (think a whole new set of 12 words), that can be derived from your master seed, that can have a different set of accounts than the parent seed. (image source)

  1. Your assumption is correct. When creating a new seed, you “lose” all the info and funds related to the old seed, as this is a brand new, unrelated seed. You would have to manually replicate the account structure in the new setup, and then send the funds from the old seed’s accounts to the new seeds accounts.

Hope this helps!

2 Likes