I've never tried, but you might try replacing /dev/random with a pipe that reads data from an input file to make the entropy fetch deterministic.
Note that's probably dangerous, so I'd recommend doing this in a container to isolate it from your running system
On Sat, Jul 13, 2024, 8:52 PM Syfer Shock! via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
I need a non-programmatic method for using seeds to generate ED25519
and ED448 (Goldilocks) key pairs. This means using only shell-accessible
tools within OpenSSL rather than binding programmatically.
While reading the documentation it seems that neither 'genpkey' nor
'pkeyutl' have a facility for using a deterministic seed to generate
the keys. Maybe I am missing something.
I notice that OpenSSL has the 'asn1parse' utility for reading PEM and
DER formatted keys. Is there an analogue that allows to write back a new
value for the secret integers in private keys? Or can I encode data
with 'asn1parse' and then output it in PEM format to build a key?
Trying to de-serialize and reconstruct keys outside of OpenSSL is a pain
and might hinder portability and require re-writing the same code to
different targets. I would rather try to find a way to use the native
shell commands so I may set it and forget it.
--
www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb
