I’d like to use a small HSM to manage an HD Bitcoin wallet (BIP32). The HSM does have to correct ECDSA curve, secp256k1, can generate keypair, and sign.
My challenge comes from the HD part. In order to create hardened child keys, I need a SHA512 of the parent key and chaincode. The HSM doesn’t expose the parent key (that’s a “good thing”), and also doesn’t have any concept of a chaincode.
The larger vendors sell expensive HSM units that do have this kind of functionality, so there must be a way.
Specific questions: 1) How can I use an HSM, with private EC key to generate child keys following BIPS32?
2) How can I store part of the HD chain (seed, parent, child, etc.) in the HSM, and only expose part of it?
3) Any open source code examples for this?