On Feb 17, 2012, at 5:05 PM, anthony berglas wrote: > Taking a different slant, is it possible to provide the "Entropy" using a > pass phrase. So a given pass phrase will always generate the same key pair. > This means that for simple applications no key store is required. Much like > password based (symmetric) encryption. > > Any ideas as to how hard that would be to do with Open SSL? Has anyone else > done it?
I dimly remember seeing schemes and specifications for doing roughly that, although I can't find a reference for one offhand[1]. All the entropy is provided upfront and the secret key parameters are derived from it in a well-defined deterministic way. AIUI the intent is to allow the RNG and PKC implementations to be validated independently (with published test vectors for the deterministic key-generation step) but presumably you could use it to derive RSA keys from a password as well. (I might be remembering DSA key generation; the secret parameter of a DSA key doesn't have to have special properties, so you could if you wanted simply use the output of a PBKDF-like algorithm there?) > My question is, has this been done, or would it be easy to do given the > existing structure. I don't think it would be hard to do; OpenSSL's rsa_builtin_keygen() is pretty straightforward and I don't think it relies on any internals not exposed to users of the library. You could write a version of it that calls an equivalent of BN_generate_prime_ex() that works deterministically based on the passphrase. Like others, I'm skeptical that this is actually a good idea, but I could be wrong... [1] Some places suggest that X9.31 and/or X9.44 might contain deterministic algorithms for RSA secret key generation in their appendices, but I don't have easy access to those. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
