• Stars
    star
    579
  • Rank 77,126 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 3 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Backup and restore Ed25519 SSH keys with seed words ๐Ÿซ 

Melt

Melt Mascot
Latest Release Build Status

Backup and restore SSH private keys using memorizable seed phrases.

Melt example

Installation

Package Manager

# macOS or Linux
brew install charmbracelet/tap/melt

# Arch Linux (btw)
yay -S melt-bin

# Windows (with Scoop)
scoop install melt

# Nix
nix-env -iA nixpkgs.melt

# Debian/Ubuntu
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://repo.charm.sh/apt/gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/charm.gpg
echo "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *" | sudo tee /etc/apt/sources.list.d/charm.list
sudo apt update && sudo apt install melt

# Fedora/RHEL
echo '[charm]
name=Charm
baseurl=https://repo.charm.sh/yum/
enabled=1
gpgcheck=1
gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo
sudo yum install melt

You can download a binary or package from the releases page.

Go

Or just install it with go:

go install github.com/charmbracelet/melt/cmd/melt@latest

Build (requires Go 1.17+)

git clone https://github.com/charmbracelet/melt.git
cd melt
go build ./cmd/melt/

Usage

The CLI usage looks like the following:

# Generate a seed phrase from an SSH key
melt ~/.ssh/id_ed25519

# Generate a seed phrase from a SSH key from standard input
cat ~/.ssh/id_ed25519 | melt

# Rebuild the key from the seed phrase
melt restore ./my-key --seed "seed phrase"

# Rebuild the key and print it to standard output
cat words | melt restore -

You can also pipe to and from a file:

melt ~/.ssh/id_ed25519 > words
melt restore ./recovered_id_ed25519 < words

How it Works

It all comes down to the private key seed:

Ed25519 keys start life as a 32-byte (256-bit) uniformly random binary seed (e.g. the output of SHA256 on some random input). The seed is then hashed using SHA512, which gets you 64 bytes (512 bits), which is then split into a โ€œleft halfโ€ (the first 32 bytes) and a โ€œright halfโ€. The left half is massaged into a curve25519 private scalar โ€œaโ€ by setting and clearing a few high/low-order bits. The pubkey is generated by multiplying this secret scalar by โ€œBโ€ (the generator), which yields a 32-byte/256-bit group element โ€œAโ€.1

Knowing that, we open the key and extract its seed, and use it as entropy for the bip39 algorithm, which states:

The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.2

Doing that, we get the mnemonic set of words back.

To restore, we:

  • get the entropy from the mnemonic
  • the entropy is effectively the key seed, so we use it to create a SSH key pair
  • the key is effectively the same that was backed up, as the key is the same. You can verify the keys by checking the public key fingerprint, which should be the same in the original and restored key.

Caveats

  • At this time, only ed25519 keys are supported.
  • If your public key has a memo (usually the user@host in which it was generated), it'll be lost. That info (or any other) can be added to the public key manually later, as it's effectively not used for signing/verifying.
  • Some bytes of your private key might change, due to their random block. The key is effectively the same though.

Feedback

Weโ€™d love to hear your thoughts on this project. Feel free to drop us a note!

License

MIT


Part of Charm.

The Charm logo

Charm็ƒญ็ˆฑๅผ€ๆบ โ€ข Charm loves open source

Footnotes

  1. Warner, Brian. How do Ed5519 keys work? (2011) โ†ฉ

  2. Palatinus, Marek et al. Mnemonic code for generating deterministic keys (2013) โ†ฉ

More Repositories

1

bubbletea

A powerful little TUI framework ๐Ÿ—
Go
26,561
star
2

gum

A tool for glamorous shell scripts ๐ŸŽ€
Go
17,705
star
3

glow

Render markdown on the CLI, with pizzazz! ๐Ÿ’…๐Ÿป
Go
15,692
star
4

vhs

Your CLI home video recorder ๐Ÿ“ผ
Go
14,678
star
5

lipgloss

Style definitions for nice terminal layouts ๐Ÿ‘„
Go
7,832
star
6

bubbles

TUI components for Bubble Tea ๐Ÿซง
Go
5,325
star
7

soft-serve

The mighty, self-hostable Git server for the command line๐Ÿฆ
Go
5,174
star
8

huh

Build terminal forms and prompts ๐Ÿคท๐Ÿปโ€โ™€๏ธ
Go
3,994
star
9

wish

Make SSH apps, just like that! ๐Ÿ’ซ
Go
3,428
star
10

freeze

Generate images of code and terminal output ๐Ÿ“ธ
Go
3,091
star
11

mods

AI on the command line
Go
2,830
star
12

pop

Send emails from your terminal ๐Ÿ“ฌ
Go
2,382
star
13

glamour

Stylesheet-based markdown rendering for your CLI apps ๐Ÿ’‡๐Ÿปโ€โ™€๏ธ
Go
2,369
star
14

charm

The Charm Tool and Library ๐ŸŒŸ
Go
2,351
star
15

log

A minimal, colorful Go logging library ๐Ÿชต
Go
2,284
star
16

skate

A personal key value store ๐Ÿ›ผ
Go
1,326
star
17

wishlist

The SSH directory โœจ
Go
1,074
star
18

harmonica

A simple, physics-based animation library ๐ŸŽผ
Go
1,020
star
19

kancli

A tutorial for building a command line kanban board in Go
Go
172
star
20

vhs-action

Keep your GIFs up to date with VHS + GitHub actions ๐Ÿ“ฝ๏ธ
TypeScript
163
star
21

bubbletea-app-template

A template repository to create Bubbletea apps.
Go
131
star
22

x

Charm experimental packages
Go
125
star
23

keygen

An SSH key pair generator ๐Ÿ—๏ธ
Go
109
star
24

taskcli

A tutorial for building a Taskwarrior-inspired task tracker in Go using glamorous CLI libraries
Go
97
star
25

inspo

Share and explore projects you can build with Charm libraries
93
star
26

wizard-tutorial

A basic wizard made with Bubble Tea and Lip Gloss. Follow along with the tutorial video for this project:
Go
81
star
27

tree-sitter-vhs

Syntax highlighting for VHS with tree-sitter ๐ŸŒณ
JavaScript
79
star
28

confettysh

confetti over ssh
Go
56
star
29

git-lfs-transfer

Server-side implementation of the Git LFS pure-SSH protocol
Go
50
star
30

catwalk

Open source 3D models from Charm ๐Ÿงธ
50
star
31

soft-serve-action

Synchronize GitHub repositories to your Soft Serve instance ๐Ÿฆ
47
star
32

promwish

Prometheus middleware for Wish
Go
41
star
33

meta

Charm's meta configuration files ๐Ÿซฅ
25
star
34

hotdiva2000

A human-readable random string generator ๐Ÿ‘‘
Go
25
star
35

homebrew-tap

Our homebrew tap ๐Ÿบ
Ruby
23
star
36

scoop-bucket

Charmbracelet Scoop Bucket
15
star
37

nur

Nix
14
star
38

.github

Default community health files
2
star