What's a secure way to generate a keypair from a secret password?

Information Security Asked by HappyFace on July 29, 2020

I like to generate a public-private key pair that is seeded from a string. So having the string and the generation algorithm is enough to recreate the keys. I want to do this because I can then combine a password (that I’ll memorize), with a long, secret (randomly generated) text file (that I’ll store securely), and generate a key pair. I’ll then delete the key pair after each usage and regenerate them when needed. Thus, for the keys to be compromised, someone would need both the long text file, and the password in my head. (Or they need to intercept the key in the narrow intervals that it exists.) This seems safer to me than just storing the keys securely, where anyone with physical access to the keys can use them.

PS: I am obviously confident in not forgetting the password.

There is a similar question, but it’s old and doesn’t have a useful answer.

One Answer

You can achieve the same effect by encrypting the keypair with a key derived from your memorized password. So rather than 'generating' a keypair you'll be encrypting a pre-generated one.

Take your long password, and pass it through a key derivation function (e.g. PBKDF2), use the output to encrypt the private key, and then store only the encrypted file.

Hence in order for someone to compromise the pair, they'd need both your password and the encrypted private key file.

Answered by keithRozario on July 29, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP