Is it possible to generate a RSA key-pair from a password in Rust-openssl?

Question

The client store its private key locally and use to sign messages send to server, the server stores the public key of the user in a database to verify messages from client.

Here's my problem, if the client lose its private key due to some accident(like hard-disk being destroyed), it will never be able to connect to server(unless call the administrator of the server to reset his key).

So I'm thinking, if there's an algorithm to generate a deterministic RSA key-pair from a password(which can be kept in the client's human brain), the problem mentioned above will be eliminated.

Is that possible to implement such algorithm using Rust-openssl?

Answer 1

Doing this basically boils down to using the password as input to seed a pseudo-random number generator. The same seed will yield the same pseudo-random numbers. An example of doing that to deterministically generate a prime number (which would be used to eventually generate an RSA key) can be found here . If this is a single-purpose standalone executable, you could then execute RSA_generate_key_ex , otherwise write an RSA key generator (using the BN functions) and import the key.

Answer 2

Check out dOpenSSL: https://github.com/bernardoaraujor/dopenssl.rs

It consists of a deterministic implementation of some of the OpenSSL functionalities, namely:

• Deterministic Big Number Generation
• Deterministic Pseudo Random Number Generation
• Deterministic RSA Keypair Generation

I started this repository as an exercise. I am also maintaining https://github.com/bernardoaraujor/dopenssl (fork), which is written in C.

My goal in dopenssl.rs is to use bindgen to autogenerate Rust Wrappers. dOpenSSL functionality is stable, but Rust Wrappers are a work-in-progress.

Contributions are welcome.