Craft public key so that private key equals given string (my password)?

Peter Lebbing peter at digitalbrains.com
Fri Jan 2 17:11:19 CET 2015


On 02/01/15 13:14, sben1783 wrote:
> What I'd like to do is: create a public key so that the corresponding private
> key equals my given password.

This is possible with elliptic curve cryptography, although you should realise
that a passphrase usually contains a lot less entropy than a private key based
on random numbers. This means it is possible to try passphrases for your public
key and try them out as the secret key, which is not possible with ordinary
secret keys.

OpenPGP and GnuPG do not support this, though.

An example of software using this property of ECC keys is SECCURE[1]. This is
not a recommendation, and I'm also not recommending against it. I simply make no
statement as to its security. Other than what I will say now, that is.

The only input to key generation in SECCURE is your password; there is no
salting. The same password leads to the same public key.

If you were to use, for instance, PBKDF2 to generate the public key, you'd at
least strengthen the password against a number of attacks such as rainbow
tables. I don't know why the author of SECCURE didn't use that; it would
increase the size of the public key by at least 13 characters (making it 50%
longer) but it seems a good tradeoff to me.

Cheers,

Peter.

[1] http://point-at-infinity.org/seccure/

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list