I like to generate a public-private key pair that is seeded from a string. So having the string and the generation algorithm is enough to recreate the keys. I want to do this because I can then combine a password (that I’ll memorize), with a long, secret (randomly generated) text file (that I’ll store securely), and generate a key pair. I’ll then delete the key pair after each usage and regenerate them when needed. Thus, for the keys to be compromised, someone would need both the long text file, and the password in my head. (Or they need to intercept the key in the narrow intervals that it exists.) This seems safer to me than just storing the keys securely, where anyone with physical access to the keys can use them.
PS: I am obviously confident in not forgetting the password.
There is a similar question, but it’s old and doesn’t have a useful answer.
You can achieve the same effect by encrypting the keypair with a key derived from your memorized password. So rather than 'generating' a keypair you'll be encrypting a pre-generated one.
Take your long password, and pass it through a key derivation function (e.g. PBKDF2), use the output to encrypt the private key, and then store only the encrypted file.
Hence in order for someone to compromise the pair, they'd need both your password and the encrypted private key file.
Answered by keithRozario on July 29, 2020
2 Asked on October 28, 2021 by stone-true
8 Asked on October 28, 2021
2 Asked on October 28, 2021 by kepotx
2 Asked on October 28, 2021 by nemanja-martinovic
2 Asked on October 28, 2021 by tomi-begher
1 Asked on October 28, 2021 by ian-warburton
2 Asked on October 28, 2021 by alehandro
0 Asked on October 28, 2021
1 Asked on October 28, 2021 by user238715
4 Asked on October 28, 2021 by m-vencel
2 Asked on October 28, 2021 by sellarafaeli
3 Asked on October 28, 2021 by nkl
1 Asked on March 9, 2021 by reedghost
1 Asked on March 3, 2021
Get help from others!