gcry_pk_genkey with given random seed

Joachim Breitner mail@joachim-breitner.de
08 Jun 2003 14:47:20 +0200


--=-2COXQXFg8JXs/got9JcA
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Hi,

Am Son, 2003-06-08 um 14.30 schrieb Moritz Schulte:
> > for some wired idea I have I basically need to create a RSA keypair
> > from a given random seed (a MPI), and it should always output the
> > same keypair for the same seed. Ideally in a well-documented way in
> > case someone else needs to reimplement it.
>=20
> Hmm.  Of course it is `theoretically' possible, since this problem can
> be narrowed down to the question `How many changes are needed to make
> this easy?'. :)
>=20
> libgcrypt manages a `pool' of random data.  If this pool is empty, a
> `random gathering' function is called, which then adds more random
> data to the pool.  For a situation like yours it might indeed make
> sense to offer the possibility to the user to control the content of
> this pool.
>=20
> An interface would be be needed, which can be used to install a
> user-provided random gathering functions.  This way the task of
> providing random bytes would be yours.
>=20
> Does this idea make sense and is it worth implementing it?

I don't know if this pool control is really what I need, since it should
result the same key pair for the same data (which is not really random,
but data that should used instead of the random data), and that even
across  library versions or implementations. Therefore I guess it should
be integrated directly into the key generating function like this:
(pseudocode)

type a,b; // Two large prims needed for key
if (given_seed)
{
	a =3D data_to_prime(first_half_of(given_seed));
	b =3D data_to_prime(second_half_of(given_seed));
} else {
	a =3D prime_from_pool;
	b =3D prime_from_pool
}

And the way data_to_prime (and the rest of the key generations) works
needs to be the same in every version, well documented and
reimplementable by others.

Joachim
--=20
Joachim Breitner=20
  e-Mail: mail@joachim-breitner.de | Homepage: http://www.joachim-breitner.=
de
  JID: joachimbreitner@amessage.de | GPG-Keyid: 4743206C | ICQ#: 74513189
  Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V=
?
            PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z?
Bitte senden Sie mir keine Word- oder PowerPoint-Anh=E4nge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html


--=-2COXQXFg8JXs/got9JcA
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+4zBX9ijrk0dDIGwRAt/EAJ9DeTUltiU2dBYIvGR02RvLHQ8stgCgt1G1
0uG9NYhV/KwtPFsexo0JUbQ=
=I2Yd
-----END PGP SIGNATURE-----

--=-2COXQXFg8JXs/got9JcA--