问题
As far as I understand, RSA keys are usually generated based on a (strong) random generator.
Instead, I want to create them based on a password.
Or rather on its hash, for example sha512(sha512(password+salt)+password+pepper)
This needs to be done client side, in JavaScript.
Would anyone know how to do this? Is there an easy JavaScript library that creates RSA key pairs deterministically, based on a given input?
(Actually, I'm mentioning RSA but any secure asymmetrical encryption would suffice, I just need public-private encryption)
Addition: I need this because I'm building some secure communication solution, that doesn't need to rely on the connection or even the server to be secure.
I'm encrypting all content with AES using random keys, and the keys are RSA-encrypted. The idea is Alice can RSA-encrypt her content (or actually, the AES-key for her content) with Bob's public key (therefore Bob's public key must be stored online).
Later, when Bob enters his password again, his browser can deterministically calculate his RSA private & public key on the spot, download the content from Alice, and decrypt it locally using his private key.
回答1:
Looks like Cryptico can help you, when you feed your password as a seed for RNG.
回答2:
RSA keys are not just random bits like most symmetric algorithms, they are exponents and modulouses derived from large prime numbers. Therefore I do not see any reasonable way you could generate them from a password. See this wikipedia article.
What are you using these key pairs for? Why must they be derived from a password? If you want to use a password to encrypt something, you could use a SHA256(password) to derive an AES256 key. (make sure to read up on key strengthening if you are going to do this).
回答3:
I can not comment on my punctuationbut, but additional to what he said +Eugene_Mayevski_'EldoS
for javascript pure: https://www.npmjs.com/package/cryptico
for nodejs: https://www.npmjs.com/package/cryptico you need:
npm install cryptico
And add this line:
var cryptico = require("cryptico");
to create objects:
function cryptoObj(passPhrase)
{
this.bits = 1024; //2048;
this.passPhrase = passPhrase;
this.rsaKey = cryptico.generateRSAKey(this.passPhrase,this.bits);
this.rsaPublicKey = cryptico.publicKeyString(this.rsaKey);
this.encrypt = function(message){
var result = cryptico.encrypt(message,this.rsaPublicKey);
return result.cipher;
};
this.decrypt = function(message){
var result = cryptico.decrypt(message, this.rsaKey);
return result.plaintext;
};
}
console.log('---------------------------------------------------------');
var localEncryptor = new cryptoObj("XXyour secret txt or number hereXX");
var encryptedMessage = localEncryptor.encrypt('new message or json code here');
var decryptedMessage = localEncryptor.decrypt(encryptedMessage);
console.log('');
console.log('>>> Encrypted Message: '+encryptedMessage);
console.log('');
console.log('>>> Decrypted Message: '+decryptedMessage);
来源:https://stackoverflow.com/questions/11156275/generate-rsa-key-pair-in-javascript-based-on-a-password