I've never tried, but you might try replacing /dev/random with a pipe that reads data from an input file to make the entropy fetch deterministic.
Note that's probably dangerous, so I'd recommend doing this in a container to isolate it from your running system On Sat, Jul 13, 2024, 8:52 PM Syfer Shock! via openssl-users < openssl-users@openssl.org> wrote: > I need a non-programmatic method for using seeds to generate ED25519 > and ED448 (Goldilocks) key pairs. This means using only shell-accessible > tools within OpenSSL rather than binding programmatically. > > While reading the documentation it seems that neither 'genpkey' nor > 'pkeyutl' have a facility for using a deterministic seed to generate > the keys. Maybe I am missing something. > > I notice that OpenSSL has the 'asn1parse' utility for reading PEM and > DER formatted keys. Is there an analogue that allows to write back a new > value for the secret integers in private keys? Or can I encode data > with 'asn1parse' and then output it in PEM format to build a key? > > Trying to de-serialize and reconstruct keys outside of OpenSSL is a pain > and might hinder portability and require re-writing the same code to > different targets. I would rather try to find a way to use the native > shell commands so I may set it and forget it. > > -- > www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb >
