Generate Key Using passphrase

Asked by Gabriel Kho on 2013-07-22


I was wondering if there was a way to generate a PKey using a passphrase.

Question information

English Edit question
pyOpenSSL Edit question
No assignee Edit question
Solved by:
Jean-Paul Calderone
Last query:
Last reply:
Jean-Paul Calderone (exarkun) said : #1

See the documentation for OpenSSL.crypto.dump_privatekey -

Gabriel Kho (gabriel-d-kho) said : #2

However, from my understanding that encrypts a pre-existing key using a passphrase.

I was wondering about generating a new key.

Is that possible?

Jean-Paul Calderone (exarkun) said : #3

I don't know what it means to "generate a PKey using a passphrase". Perhaps you can provide more details or a reference to the desired functionality.

Gabriel Kho (gabriel-d-kho) said : #4

I understand that a PKey is generated randomly.

However, I want two different machines to be able to generate the same PKey if they share some pre-arranged secret or seed.

Basically, I was there is a way of seeding the PKey generation.

Best Jean-Paul Calderone (exarkun) said : #5

I don't know if you can do that. You can't do it with pyOpenSSL though, as far as I know.

Gabriel Kho (gabriel-d-kho) said : #6

Thanks Jean-Paul Calderone, that solved my question.

Glyph Lefkowitz (glyph) said : #7

I'm fairly confident you can't do this at all. The random numbers generated as part of a private key must be cryptographically random, which means they're not related to each other. If you can "seed" the random number generation, that means they're related to each other by way of a pseudo-random number generation algorithm.

Another way to think of it is that the PKey is *itself* the "seed", and it's the ciphertext or signature itself (not the key) that is the value derived from it.

So, even if you could somehow hack a library to do it, what you're attempting is fundamentally a bad idea :).