On 02/01/15 13:14, sben1783 wrote: > What I'd like to do is: create a public key so that the corresponding private > key equals my given password.
This is possible with elliptic curve cryptography, although you should realise that a passphrase usually contains a lot less entropy than a private key based on random numbers. This means it is possible to try passphrases for your public key and try them out as the secret key, which is not possible with ordinary secret keys. OpenPGP and GnuPG do not support this, though. An example of software using this property of ECC keys is SECCURE[1]. This is not a recommendation, and I'm also not recommending against it. I simply make no statement as to its security. Other than what I will say now, that is. The only input to key generation in SECCURE is your password; there is no salting. The same password leads to the same public key. If you were to use, for instance, PBKDF2 to generate the public key, you'd at least strengthen the password against a number of attacks such as rainbow tables. I don't know why the author of SECCURE didn't use that; it would increase the size of the public key by at least 13 characters (making it 50% longer) but it seems a good tradeoff to me. Cheers, Peter. [1] http://point-at-infinity.org/seccure/ -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
