On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas <[email protected]> wrote: > Hello All, > > I want to set up a simple system in which the private key is derived > entirely from a pass phrase. > > I.e. the pass phrase provides all the "Entropy" that is used. This means > that the private key can be regenerated from the pass phrase at any time, > without needing to maintain a secure key store. > > This is analogous to password based encryption for symmetric keys. Probably > no need to "strengthen" it much given the cost of public key pair > generation. Just some salt. > > My application is essentially like an encrypting zip program. But I want to > be able to have a (number of) master keys that can guarantee decryption if > the main symmetric key is lost. > > I know that PKI is supposed to be difficult, but I am trying to build a > simple system for non-technical users to use. They can write down a pass > phrase on a piece of paper (most of them can write). > > I could see no way of doing this using the openssl command line. Has anyone > else done it or something similar? You might want to read about identity based encryption before making the jump to 'passphrase -> private key'.
Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
