Can the same seed always generate same keys?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Can the same seed always generate same keys?

Matt England
Hello,

I'm trying to build an application/system that will always generate the
same RSA public-private key pair given the same "seed" data into the
OpenSLL-public-private-key-pair generation process?

Essentially, I want to be able to regenerate a private key simply by using
a user's login name and password (in some combination) as the "seed" input
into a key-generation process.  This way, a private key never has to be
stored in my system, and the user can access security data simply by
knowing only their login name and password.

Is this feasible within OpenSSL?  Does this question make sense?

I suspect there's one of 2 things going on:

1) This is a common request within secure systems (to, among other things,
avoid private key storage) and that there is some flavor of OpenSSL (or
maybe some other software) to support this capability.

2) The design is such to specificaly deny this capability, and the same
send into any key-generation process will always produce a different key pair.

3) The process is indeterminate; the key can not always be guaranteed to be
the same

I'm hoping for #1 instead of #2 or #3...or anything else.

Thanks for any help,
-Matt

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Can the same seed always generate same keys?

Matt England


Does this reference address my goals?

http://www.rsasecurity.com/rsalabs/node.asp?id=2127

This faq also has this quote:

http://www.mindspring.com/~schlafly/crypto/faq.htm

"

How do I convert a password into a key?

You can just use the password directly, but it is usually better to run it thru a hash function or a key derivation function (KDF). A popular choice is PBKDF2 in PKCS#5. See: http://www.rsasecurity.com/rsalabs/pkcs/ "

Thanks for any help...and your patience with this potential faq.

-Matt


At 6/7/2005 10:57 PM, Matt England wrote:
Hello,

I'm trying to build an application/system that will always generate the same RSA public-private key pair given the same "seed" data into the OpenSLL-public-private-key-pair generation process?

Essentially, I want to be able to regenerate a private key simply by using a user's login name and password (in some combination) as the "seed" input into a key-generation process.  This way, a private key never has to be stored in my system, and the user can access security data simply by knowing only their login name and password.

Is this feasible within OpenSSL?  Does this question make sense?

I suspect there's one of 2 things going on:

1) This is a common request within secure systems (to, among other things, avoid private key storage) and that there is some flavor of OpenSSL (or maybe some other software) to support this capability.

2) The design is such to specificaly deny this capability, and the same send into any key-generation process will always produce a different key pair.

3) The process is indeterminate; the key can not always be guaranteed to be the same

I'm hoping for #1 instead of #2 or #3...or anything else.

Thanks for any help,
-Matt

______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email]