Creating deterministic key pairs in javascript for use in encrypting/decrypting/signing messages
Posted
by
SlickTheNick
on Programmers
See other posts from Programmers
or by SlickTheNick
Published on 2013-10-19T10:13:04Z
Indexed on
2013/10/30
4:13 UTC
Read the original article
Hit count: 226
JavaScript
|security
So I have been searching everywhere and havn't been able to find anything with the sufficient information I need.. so Im a bit stumped on this one at the moment
What I am trying to do is create a public/private key pair (like PGP) upon a users account creation, based on their passphrase and a random seed. The public key would be saved on the server, and ideally the private key would never be seen by the server whatsoever. The user could then sign in, and send a message to another user. Before the message is sent, the senders key pair would be re-generated on the fly based on their credentials (and maybe a password prompt) and used to encrypt the message. The receiver would then use their own re-generated private key to decrypt said message.
The server itself should never see any plaintext passwords, private keys or readable messages.
Bit unsure how on how I could go about implementing this. Iv been looking into PGP, specifically openPGP.js. The main trouble I am having is being able to regenerate the key-pair based off a specific seed. PGP seems to have a random output even if the inputs are the same. Storing the private key in a cookie or in HTML5 storage or something also isnt really an option, too unreliable.
Can anyone point me in the right direction?
© Programmers or respective owner