Pass phrase based public/private key generation

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Pass phrase based public/private key generation

aberglas
Hello All,

I want to set up a simple system in which the private key is derived entirely from a pass phrase.  

I.e. the pass phrase provides all the "Entropy" that is used.  This means that the private key can be regenerated from the pass phrase at any time, without needing to maintain a secure key store.

This is analogous to password based encryption for symmetric keys.  Probably no need to "strengthen" it much given the cost of public key pair generation.  Just some salt.

My application is essentially like an encrypting zip program.  But I want to be able to have a (number of) master keys that can guarantee decryption if the main symmetric key is lost.  

I know that PKI is supposed to be difficult, but I am trying to build a simple system for non-technical users to use.  They can write down a pass phrase on a piece of paper (most of them can write).

I could see no way of doing this using the openssl command line.  Has anyone else done it or something similar?

Thanks,

Anthony

--

Dr Anthony Berglas, [hidden email]       Mobile: +61 4 4838 8874
Just because it is possible to push twigs along the ground with ones nose
does not necessarily mean that that is the best way to collect firewood.


Reply | Threaded
Open this post in threaded view
|

Re: Pass phrase based public/private key generation

Jeffrey Walton-3
On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas <[hidden email]> wrote:

> Hello All,
>
> I want to set up a simple system in which the private key is derived
> entirely from a pass phrase.
>
> I.e. the pass phrase provides all the "Entropy" that is used.  This means
> that the private key can be regenerated from the pass phrase at any time,
> without needing to maintain a secure key store.
>
> This is analogous to password based encryption for symmetric keys.  Probably
> no need to "strengthen" it much given the cost of public key pair
> generation.  Just some salt.
>
> My application is essentially like an encrypting zip program.  But I want to
> be able to have a (number of) master keys that can guarantee decryption if
> the main symmetric key is lost.
>
> I know that PKI is supposed to be difficult, but I am trying to build a
> simple system for non-technical users to use.  They can write down a pass
> phrase on a piece of paper (most of them can write).
>
> I could see no way of doing this using the openssl command line.  Has anyone
> else done it or something similar?
You might want to read about identity based encryption before making
the jump to 'passphrase -> private key'.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Pass phrase based public/private key generation

aberglas
Hello Jeff,

Thanks for that.  But IDE still needs a server and binary secrets to be held.  I just want a simple pass phrase based scheme.  It is odd that this is not more commonplace.  

Anthony


On Wed, Feb 15, 2012 at 12:36 PM, Jeffrey Walton <[hidden email]> wrote:
On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas <[hidden email]> wrote:You might want to read about identity based encryption before making
the jump to 'passphrase -> private key'.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



--

Dr Anthony Berglas, [hidden email]       Mobile: +61 4 4838 8874
Just because it is possible to push twigs along the ground with ones nose
does not necessarily mean that that is the best way to collect firewood.


Reply | Threaded
Open this post in threaded view
|

RE: Pass phrase based public/private key generation

Ryan Hurst-3

Anthony,

 

I am not a cryptographer, nor do I play one on TV; however I have read papers that talk about models of doing this, I filed these works under the category of “neat” because of the applicability limitations and noted security risks; with that said I never looked into it in great detail myself.

 

Here is a link I remembered running across recently talking about this model:

 

http://crypto.stackexchange.com/questions/1662/how-can-one-securely-generate-an-asymmetric-key-pair-from-a-short-passphrase

 

Ryan

From: [hidden email] [mailto:[hidden email]] On Behalf Of anthony berglas
Sent: Tuesday, February 14, 2012 7:38 PM
To: [hidden email]
Subject: Re: Pass phrase based public/private key generation

 

Hello Jeff,

 

Thanks for that.  But IDE still needs a server and binary secrets to be held.  I just want a simple pass phrase based scheme.  It is odd that this is not more commonplace.  

 

Anthony

 

On Wed, Feb 15, 2012 at 12:36 PM, Jeffrey Walton <[hidden email]> wrote:

On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas <[hidden email]> wrote:You might want to read about identity based encryption before making

the jump to 'passphrase -> private key'.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



 

--

Dr Anthony Berglas, [hidden email]       Mobile: +61 4 4838 8874
Just because it is possible to push twigs along the ground with ones nose
does not necessarily mean that that is the best way to collect firewood.

 


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Pass phrase based public/private key generation

aberglas
Hello Ryan,

Thanks for the like.

But this does not need any sophisticated cryptological analysis.  It is just the standard asymmetric key stuff.

In normal operation, a key is created from bits of Entropy, generally gathered from the operating system.  All I need to do is replace those bits of entropy with a hash of the pass phrase.  Everything should work as before.  

And 100 bits of real pass phrase uniqueness should be plenty to generate a 2048 bit RSA key (say) because there are lots of gaps in what a useful key can be.  We are feeding into the algorithms that search for a big prime etc.  not modifying the output.

This is really a practical programming issue.  Ideally there would be options on the SSL command line.  Or it would be easy to use the internal API to specify entropy (or hopefully someone has already done that).  

Regards,

Anthony

On Wed, Feb 15, 2012 at 6:05 PM, Ryan Hurst <[hidden email]> wrote:

Anthony,

 

I am not a cryptographer, nor do I play one on TV; however I have read papers that talk about models of doing this, I filed these works under the category of “neat” because of the applicability limitations and noted security risks; with that said I never looked into it in great detail myself.

 

Here is a link I remembered running across recently talking about this model:

 

http://crypto.stackexchange.com/questions/1662/how-can-one-securely-generate-an-asymmetric-key-pair-from-a-short-passphrase

 

Ryan

From: [hidden email] [mailto:[hidden email]] On Behalf Of anthony berglas
Sent: Tuesday, February 14, 2012 7:38 PM
To: [hidden email]
Subject: Re: Pass phrase based public/private key generation

 

Hello Jeff,

 

Thanks for that.  But IDE still needs a server and binary secrets to be held.  I just want a simple pass phrase based scheme.  It is odd that this is not more commonplace.  

 

Anthony

 

On Wed, Feb 15, 2012 at 12:36 PM, Jeffrey Walton <[hidden email]> wrote:

On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas <[hidden email]> wrote:You might want to read about identity based encryption before making

the jump to 'passphrase -> private key'.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



 

--

Dr Anthony Berglas, [hidden email]       Mobile: <a href="tel:%2B61%204%204838%208874" value="+61448388874" target="_blank">+61 4 4838 8874
Just because it is possible to push twigs along the ground with ones nose
does not necessarily mean that that is the best way to collect firewood.

 




--

Dr Anthony Berglas, [hidden email]       Mobile: +61 4 4838 8874
Just because it is possible to push twigs along the ground with ones nose
does not necessarily mean that that is the best way to collect firewood.