从python中的密码制作RSA密钥 [英] Making RSA keys from a password in python

问题描述

我希望能够仅在 python 中通过密码(和盐)生成和重新生成相同的RSA密钥.

I want to be able to generate and re-generate the same RSA keys from a password (and salt) alone in python.

目前，我正在使用pycrypto进行此操作，但是，仅凭密码似乎并不能生成完全相同的密钥.原因似乎是当pycrypto生成RSA密钥时，它在内部使用某种随机数.

Currently I was doing it using pycrypto, however, it does not seem to generate the same exact keys from the password alone. The reason seems to be that when pycrypto generates a RSA key it uses some sort of random number internally.

目前，我的代码如下:

import DarkCloudCryptoLib as dcCryptoLib #some costume library for crypto
from Crypto.PublicKey import RSA

password = "password"


new_key1 = RSA.generate(1024) #rsaObj
exportedKey1 = new_key1.exportKey('DER', password, pkcs=1)
key1 = RSA.importKey(exportedKey1)

new_key2 = RSA.generate(1024) #rsaObj
exportedKey2 = new_key2.exportKey('DER', password, pkcs=1)
key2 = RSA.importKey(exportedKey2)
print dcCryptoLib.equalRSAKeys(key1, key2) #wish to return True but it doesn't

我真的不在乎是否不必使用pycrypto，只要我可以仅根据密码和盐生成这些RSA密钥即可.

I don't really care if I have to not use pycrypto, as long as I can generate these RSA keys from passwords and salts alone.

非常感谢您的帮助.

仅供参考，这是dcCryptoLib.equalRSAKeys(key1，key2)函数的外观:

Just for reference, this is how dcCryptoLib.equalRSAKeys(key1, key2) function looks like:

def equalRSAKeys(rsaKey1, rsaKey2):
    public_key = rsaKey1.publickey().exportKey("DER") 
    private_key = rsaKey1.exportKey("DER") 
    pub_new_key = rsaKey2.publickey().exportKey("DER")
    pri_new_key = rsaKey2.exportKey("DER")
    boolprivate = (private_key == pri_new_key)
    boolpublic = (public_key == pub_new_key)
    return (boolprivate and boolpublic)

注意:另外，我仅使用RSA进行身份验证.因此，任何提供通过密码生成安全的非对称签名/验证方式的解决方案都是我的应用可接受的解决方案.不过，我认为应该从密码生成RSA密钥这一问题也应得到解答，因为如果正确使用它似乎很有用.

NOTE: Also, I am only using RSA for authentication. So any solution that provides a way of generating secure asymmetric signatures/verifying generated from passwords are acceptable solutions for my application. Though, generating RSA keys from passwords I feel, is a question that should also be answered as it seems useful if used correctly.

推荐答案

如果您要实施使用共享密码的经过身份验证的加密方案，您实际上并不需要RSA密钥:您只需要一个用于加密的AES密钥和一个

If you're trying to implement an authenticated encryption scheme using a shared password, you don't really need an RSA key: all you need is an AES key for encryption and an HMAC key for authentication.

如果您要做需要生成一个不对称的签名，而该签名无法在不知道密码的情况下进行验证，那么您将不得不以确定性的方式生成RSA(或DSA等)密钥根据密码.根据文档，此<通过定义自定义的 randfunc (这样的代码)，应该可以:

If you do need to generate an asymmetric signature than can be verified without knowing the password, you're going to have to somehow generate RSA (or DSA, etc.) keys in a deterministic manner based on the password. Based on the documentation, this should be possible by defining a custom randfunc, something like this:

from Crypto.Protocol.KDF import PBKDF2
from Crypto.PublicKey import RSA

password = "swordfish"   # for testing
salt = "yourAppName"     # replace with random salt if you can store one

master_key = PBKDF2(password, salt, count=10000)  # bigger count = better

def my_rand(n):
    # kluge: use PBKDF2 with count=1 and incrementing salt as deterministic PRNG
    my_rand.counter += 1
    return PBKDF2(master_key, "my_rand:%d" % my_rand.counter, dkLen=n, count=1)

my_rand.counter = 0
RSA_key = RSA.generate(2048, randfunc=my_rand)

我已经对此进行了测试，它确实会生成确定性的RSA密钥(只要您记得至少要重置计数器即可).但是，请注意，这并不是100％面向未来的:如果以某种方式更改pycrypto RSA密钥生成算法，则生成的密钥可能会更改.

I've tested this, and it does generate deterministic RSA keys (as long as you remember to reset the counter, at least). However, note that this is not 100% future-proof: the generated keys might change, if the pycrypto RSA key generation algorithm is changed in some way.

无论哪种情况，您几乎都肯定会希望使用缓慢的密钥拉伸来预处理密码 KDF，例如 PBKDF2 ，并且您可以合理忍受的迭代次数也很高.这使得通过蛮力密码猜测来破坏系统变得不那么容易.(当然，您仍然需要使用强密码；如果您的密码是 abc123 ，则没有任何按键拉伸方法会有所帮助.)

In either case, you'll almost certainly want to preprocess your password using a slow key-stretching KDF such as PBKDF2, with an iteration count as high as you can reasonably tolerate. This makes breaking your system by brute-force password guessing considerably less easy. (Of course, you still need to use strong passwords; no amount of key-stretching is going to help if your password is abc123.)

这篇关于从python中的密码制作RSA密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！