使用初始密钥生成公钥/私钥对 [英] Generating a public/private key pair using an initial key
问题描述
我正在寻找一种方法,使用户可以使用提供给他/她的初始密钥来生成一对公共/私有密钥。我不知道这叫分层密钥生成还是多级密钥生成或其他。较高级别的密钥能够解密较低级别的数据并不重要,我只需要使用另一个密钥来生成该对。
I'm looking for a method that enables a user to generate a pair of public/private keys using an initial key provided to him/her. I don't know if this is called hierarchical key generation or multilevel key generation or something else. It's not important for the higher level key to be able to decrypt the data of the lower level I just need the pair to be be generated using another key.
我看过一些文章,但它们都是理论上的。有没有办法实现RSA?
I have a seen some articles but they're all just theoretical. Is there a way to achieve this for RSA?
推荐答案
实际上很容易。
生成算法RSA密钥对归结为找到一组大的质数,这些质数满足某些代数性质并且大小合适。
如果需要2048位RSA密钥,通常会查找2个质数,每个素数的粗略长度为1024位。
The algorithm for generating an RSA key pair boils down to finding a set of big, prime numbers, that fulfil some algebraical properties and that are of appropriate size. If you need a 2048 bit RSA key, you will typically look for 2 prime number, each having a a rough length of 1024 bits.
查找过程质数是反复试验的:您随机选择一个适当大小的整数,然后测试它是否为质数。如果不是,则重试。
The process of finding a prime number is trial-and-error: you randomly pick an integer of appropriate size, and test if it is prime. If it is not, you retry.
在现实世界中,驱动算法的随机生成器是确定性PRNG,其中植入了适当熵的秘密(例如, 128位真正的随机性。)
In the real world, the random generator that drives the algorithm is a deterministic PRNG which is seeded with a secret of appropriate entropy (e.g. 128 bits of true randomness).
在您的情况下,PRNG种子可以从用户机密甚至从另一个密钥派生(当然,这是秘密的)。推导应使用诸如 HKDF , PBKDF2 等。
In your case, the PRNG seed can be derived from a user secret or even from another key (provided it is secret of course). Derivation should be performed with a salted KDF like HKDF, PBKDF2, etc.
您未指定要使用的密码库:无论是什么,您都必须清楚它是如何吸引随机性以及如何定义PRNG的种子的。
You don't specify which crypto library you use: whatever it is, you must be clear on how it draw randomness and how to define the seed of the PRNG.
示例(在Python 2.x中):
Example (in Python 2.x):
from Crypto.PublicKey import RSA
from Crypto.Hash import HMAC
from struct import pack
# The first key could also be read from a file
first_key = RSA.generate(2048)
# Here we encode the first key into bytes and in a platform-independent format.
# The actual format is not important (PKCS#1 in this case), but it must
# include the private key.
encoded_first_key = first_key.exportKey('DER')
seed_128 = HMAC.new(encoded_first_key + b"Application: 2nd key derivation").digest()
class PRNG(object):
def __init__(self, seed):
self.index = 0
self.seed = seed
self.buffer = b""
def __call__(self, n):
while len(self.buffer) < n:
self.buffer += HMAC.new(self.seed +
pack("<I", self.index)).digest()
self.index += 1
result, self.buffer = self.buffer[:n], self.buffer[n:]
return result
second_key = RSA.generate(2048, randfunc=PRNG(seed_128))
要记住的缺点是:
- 一旦第一个密钥被泄露,派生密钥就会被破坏。
- 派生密钥不能比第一个密钥更强(例如,该算法不会神奇地产生熵。如果密钥或密码短语较短,则最终会得到一个弱的派生密钥。
这篇关于使用初始密钥生成公钥/私钥对的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
