Hello All, I want to set up a simple system in which the private key is derived entirely from a pass phrase.
I.e. the pass phrase provides all the "Entropy" that is used. This means that the private key can be regenerated from the pass phrase at any time, without needing to maintain a secure key store. This is analogous to password based encryption for symmetric keys. Probably no need to "strengthen" it much given the cost of public key pair generation. Just some salt. My application is essentially like an encrypting zip program. But I want to be able to have a (number of) master keys that can guarantee decryption if the main symmetric key is lost. I know that PKI is supposed to be difficult, but I am trying to build a simple system for non-technical users to use. They can write down a pass phrase on a piece of paper (most of them can write). I could see no way of doing this using the openssl command line. Has anyone else done it or something similar? Thanks, Anthony -- Dr Anthony Berglas, anth...@berglas.org Mobile: +61 4 4838 8874 Just because it is possible to push twigs along the ground with ones nose does not necessarily mean that that is the best way to collect firewood.
