Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Is there a way to deterministically create an RSA private-key for an X.509 certi

ID: 661353 • Letter: I

Question

Is there a way to deterministically create an RSA private-key for an X.509 certificate, ideally through a library which has been vetted already?

i.e. user enters some phrase like "this is my private group", and that seed value is used to generate a private RSA key which I can then use as a certificate authority. But in such a way I can get the same key predictably on different machines from just that seed value.

My use case is I would like to support pre-shared keys in my application, but use the existing X.509 support it uses for keying. If I could create a predictable X.509 certificate from some initial value, then this would be trivial since users could verify each other's certificates against the generated key.

I would like to avoid hand-rolling a library to do this for obvious reasons, but this doesn't seem to be a commonly done thing - even though obviously various systems which support PSK must, internally, be doing something quite similar.

Explanation / Answer

At the moment, I see no big problem here, at least, from the PoV of the algorithm itself.

1)Seed a PRNG with e.g. a hash of your key phrase.
2)Use the PRNG to generate the RSA key pair.
3)Use a library to generate the certificate, putting your key material in it.

Determinism is achieved through the use of PRNG seeded with the same key phrase (likely salted and put through e.g. SHA-256), so the output is the same for same input. All the required algorithms can be easily implemented in Python, or existing code can be reused, from e.g. Python-RSA. The only required adjustment would be using your PRNG instead of what it's using now.

Point 3 is the hardest part as I'm no big expert in libraries, but this seems to be a part of another problem (generating a certificate from existing key material). This falls into the "what is the best library for..." category.

As usual: whipping your own crypto is generally discouraged and frowned upon, unless you are Bruce Schneier. ;-)

Related Questions

Is there a difference in the yields of different types of investments? The accom
Question #3132202
Is there a direct or indirect relationship between the distance from the fire st
Question #3435060
Is there a fast algorithm for mapping n -bit numbers s (for fixed n ) into a cyc
Question #652838
Is there a faster way to compute the nth Fibonacci number than by fib2? Hint: On
Question #3860271
Is there a faster way to formulate an answer for a question of probabilities , f
Question #3182036
Is there a fibre-to-the-home or fibre-to-the-business project in Trinidad and To
Question #353858
Is there a future for life on Earth? As we have discussed in class, the Sun has
Question #297003
Is there a general way to calculate the speed of a source if the speed of the wa
Question #1576497
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Is there a way to determine which machine on an active directory network is the
Next
Is there a way to draw this figure using autoCAD with the given dimensions? If s

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.