Creating deterministic key pairs in javascript for use in encrypting/decrypting/signing messages

Posted by SlickTheNick on Programmers See other posts from Programmers or by SlickTheNick
Published on 2013-10-19T10:13:04Z Indexed on 2013/10/30 4:13 UTC
Read the original article Hit count: 222

Filed under:
|

So I have been searching everywhere and havn't been able to find anything with the sufficient information I need.. so Im a bit stumped on this one at the moment

What I am trying to do is create a public/private key pair (like PGP) upon a users account creation, based on their passphrase and a random seed. The public key would be saved on the server, and ideally the private key would never be seen by the server whatsoever. The user could then sign in, and send a message to another user. Before the message is sent, the senders key pair would be re-generated on the fly based on their credentials (and maybe a password prompt) and used to encrypt the message. The receiver would then use their own re-generated private key to decrypt said message.

The server itself should never see any plaintext passwords, private keys or readable messages.

Bit unsure how on how I could go about implementing this. Iv been looking into PGP, specifically openPGP.js. The main trouble I am having is being able to regenerate the key-pair based off a specific seed. PGP seems to have a random output even if the inputs are the same. Storing the private key in a cookie or in HTML5 storage or something also isnt really an option, too unreliable.

Can anyone point me in the right direction?

© Programmers or respective owner

Related posts about JavaScript

Related posts about security