What's a secure way to generate a keypair from a secret password?

Information Security Asked by HappyFace on July 29, 2020

I like to generate a public-private key pair that is seeded from a string. So having the string and the generation algorithm is enough to recreate the keys. I want to do this because I can then combine a password (that I’ll memorize), with a long, secret (randomly generated) text file (that I’ll store securely), and generate a key pair. I’ll then delete the key pair after each usage and regenerate them when needed. Thus, for the keys to be compromised, someone would need both the long text file, and the password in my head. (Or they need to intercept the key in the narrow intervals that it exists.) This seems safer to me than just storing the keys securely, where anyone with physical access to the keys can use them.

PS: I am obviously confident in not forgetting the password.

There is a similar question, but it’s old and doesn’t have a useful answer.

One Answer

You can achieve the same effect by encrypting the keypair with a key derived from your memorized password. So rather than 'generating' a keypair you'll be encrypting a pre-generated one.

Take your long password, and pass it through a key derivation function (e.g. PBKDF2), use the output to encrypt the private key, and then store only the encrypted file.

Hence in order for someone to compromise the pair, they'd need both your password and the encrypted private key file.

Answered by keithRozario on July 29, 2020

Add your own answers!

Related Questions

Jenkins malicious process identification

2  Asked on October 28, 2021 by nemanja-martinovic


Does encrypted content in a database need to be signed?

1  Asked on October 28, 2021 by ian-warburton


WhatsApp account got “hacked”/hijacked?

1  Asked on October 28, 2021 by d-a-vorm


iCloud deletion

1  Asked on October 28, 2021 by mp115


Difference between Zeek (Bro) and Snort 3

2  Asked on October 28, 2021 by ustavsaat


Help Understanding PHP Reverse Shells

1  Asked on October 28, 2021 by pdawg


Refresh token using a separate auth server?

0  Asked on October 28, 2021


Is the perfect MITM attack possible?

1  Asked on October 28, 2021 by user238715


What attack vectors does arbitrary JS on a user profile allow?

2  Asked on October 28, 2021 by sellarafaeli


Processing Exceptionally High Volume Singular Flows

1  Asked on March 9, 2021 by reedghost


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP