堆栈内存溢出
  简体   繁体   English

自定义openssl生成RSA密钥参数

[英]Customize openssl generate RSA key params

 原文  2016-12-02 10:12:02       openssl/ rsa/ private-key

问题描述

I want to generate a keypair with openssl, but I can't set parameters to generate my private/public key. 我想使用openssl生成密钥对,但是无法设置参数来生成我的私钥/公钥。 I want pass an input parameter, for example a identifier (example mac address), to obtain an unique private/public key. 我想传递一个输入参数,例如标识符(例如mac地址),以获得唯一的私钥/公钥。 For the same identifier I want the same private/public key. 对于相同的标识符,我想要相同的私钥/公钥。 How I can make this? 我该怎么做? Thanks in advance :D 提前致谢

1 个解决方案

解决方案1
 -1  2016-12-02 13:33:52

RSA key pairs have to be generated randomly. RSA密钥对必须随机生成。

Making the generation deterministically - you no longer generate a key but derive the key from certain data (eg based on a MAC address). 确定性地进行生成-您不再生成密钥,而是从某些数据(例如基于MAC地址)派生密钥。 This reduces the security of the generated keys to zero - hence they are useless and you don't even have to start to generate them. 这会将生成的密钥的安全性降低到零-因此它们是无用的,您甚至不必开始生成它们。

The central assumption the security of RSA bases on is that the private key is only known to the key owner. RSA安全性所基于的中心假设是,私钥仅由密钥所有者知道。 If you take a public information like the MAC address the following formula applies: 如果您采用诸如MAC地址之类的公共信息,则适用以下公式:

RSA key pair = your-derivation-algorithm( MAC address ) RSA密钥对=您的派生算法(MAC地址)

If you want to know the RSA private key (which is part of the key pair) you need the MAC address and the derivation-algorithm. 如果您想知道RSA私钥(它是密钥对的一部分),则需要MAC地址和派生算法。 The MAC is public and the derivation-algorithm will be public earlier or later. MAC是公开的,派生算法将早晚公开。

Hence the RSA private key is public too, which makes it useless from a security perspective because everybody who knows the MAC address can generate it. 因此,RSA私钥也是公共的,从安全角度来看,它是无用的,因为每个知道MAC地址的人都可以生成它。

Keep in mind: Security bases on secret data in combination with a well-engineered algorithm. 切记:安全性基于秘密数据以及精心设计的算法。 Whether the algorithm is public or not should not have any effect on the security. 该算法是否公开,对安全性没有任何影响。 If it has an effect you have an insecure algorithm you can throw away. 如果它起作用,则您可以使用不安全的算法,可以将其丢弃。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用OpenSSL生成RSA私钥? - How to generate RSA private key using OpenSSL? 使用OpenSSL生成RSA公钥/私钥? - Generate RSA public/private key with OpenSSL? 使用openssl生成RSA 1024密钥对 - generate RSA 1024 key pair using openssl RSA_generate_key()openssl:exp参数 - RSA_generate_key() openssl: exp argument 使用 RSA 公钥在 Openssl 中生成私钥? - Use RSA public key to generate private key in Openssl? Python Openssl生成rsa密钥对并写入文件 - Python Openssl generate rsa key pair and write to a file 如何在 NodeJS 中使用 openssl-wrapper 生成 RSA 密钥? - How to generate an RSA key using openssl-wrapper in NodeJS? Openssl RSA 密钥大小 - Openssl RSA key size 在 Mac 上将 openSSL 编译为 WebAssembly,函数 RSA_generate_key_ex(rsa, 1024, bn, NULL) 返回 0 - Compiling openSSL to WebAssembly on Mac, the funtion RSA_generate_key_ex(rsa, 1024, bn, NULL) returns 0 openssl初始化RSA公钥 - openssl initialize RSA public key
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM