Mailing List Archive

Joachim Breitner <mail@joachim-breitner.de> writes:

Hi,

> for some wired idea I have I basically need to create a RSA keypair
> from a given random seed (a MPI), and it should always output the
> same keypair for the same seed. Ideally in a well-documented way in
> case someone else needs to reimplement it.

Hmm. Of course it is `theoretically' possible, since this problem can
be narrowed down to the question `How many changes are needed to make
this easy?'. :)

libgcrypt manages a `pool' of random data. If this pool is empty, a
`random gathering' function is called, which then adds more random
data to the pool. For a situation like yours it might indeed make
sense to offer the possibility to the user to control the content of
this pool.

An interface would be be needed, which can be used to install a
user-provided random gathering functions. This way the task of
providing random bytes would be yours.

Does this idea make sense and is it worth implementing it?

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

Hi,

Am Son, 2003-06-08 um 14.30 schrieb Moritz Schulte:
> > for some wired idea I have I basically need to create a RSA keypair
> > from a given random seed (a MPI), and it should always output the
> > same keypair for the same seed. Ideally in a well-documented way in
> > case someone else needs to reimplement it.
>
> Hmm. Of course it is `theoretically' possible, since this problem can
> be narrowed down to the question `How many changes are needed to make
> this easy?'. :)
>
> libgcrypt manages a `pool' of random data. If this pool is empty, a
> `random gathering' function is called, which then adds more random
> data to the pool. For a situation like yours it might indeed make
> sense to offer the possibility to the user to control the content of
> this pool.
>
> An interface would be be needed, which can be used to install a
> user-provided random gathering functions. This way the task of
> providing random bytes would be yours.
>
> Does this idea make sense and is it worth implementing it?

I don't know if this pool control is really what I need, since it should
result the same key pair for the same data (which is not really random,
but data that should used instead of the random data), and that even
across library versions or implementations. Therefore I guess it should
be integrated directly into the key generating function like this:
(pseudocode)

type a,b; // Two large prims needed for key
if (given_seed)
{
a = data_to_prime(first_half_of(given_seed));
b = data_to_prime(second_half_of(given_seed));
} else {
a = prime_from_pool;
b = prime_from_pool
}

And the way data_to_prime (and the rest of the key generations) works
needs to be the same in every version, well documented and
reimplementable by others.

Joachim
--
Joachim Breitner
e-Mail: mail@joachim-breitner.de | Homepage: http://www.joachim-breitner.de
JID: joachimbreitner@amessage.de | GPG-Keyid: 4743206C | ICQ#: 74513189
Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V?
PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z?
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html

On 07 Jun 2003 12:49:47 +0200, Joachim Breitner said:

> for some wired idea I have I basically need to create a RSA keypair from
> a given random seed (a MPI), and it should always output the same

I guess you want to create an RSA key from a passphrase. We already
have this in the wishlist. This is possible, although far easier with
ElGamal keys. We have no interface for it, though.

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

Hi,

Am Son, 2003-06-08 um 15.08 schrieb Werner Koch:
> On 07 Jun 2003 12:49:47 +0200, Joachim Breitner said:
> > for some wired idea I have I basically need to create a RSA keypair from
> > a given random seed (a MPI), and it should always output the same
>
> I guess you want to create an RSA key from a passphrase. We already
> have this in the wishlist. This is possible, although far easier with
> ElGamal keys. We have no interface for it, though.

Too bad, and I thought I invented something new :-)

Joachim
--
Joachim Breitner
e-Mail: mail@joachim-breitner.de | Homepage: http://www.joachim-breitner.de
JID: joachimbreitner@amessage.de | GPG-Keyid: 4743206C | ICQ#: 74513189
Geekcode: GCS/IT/S d-- s++:- a--- C++ UL+++ P+++ !E W+++ N-- !W O? M?>+ V?
PS++ PE PGP++ t? 5? X- R+ tv- b++ DI+ D+ G e+>* h! z?
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html