Join Log in
Score:1
sandeep kiran p avatar Crypto

Generating public/private key pair from data and shared password

ec flag
sandeep kiran p

Two parties share a password. They need to now exchange some data. Is there a way where one party generates a public/private key pair from the data and password and shares just the public key with the other party. The other party should retrieve the data using the shared password and just the public key. Is this possible?

Basically, the communication between the two parties should happen via the shared password and the public key (that keeps changing with the data that they want to exchange).

Sorry if I am vague on what I intend to do.

104
2 + 0
Score:1
enzian avatar Crypto
ck flag
enzian

If two parties have a shared secret, they can use that to encrypt the sent data symmetrically, e.g., using AES. There is no need for additional asymmetric encryption, if you want to use the pre-shared password/key. Public key cryptography is used when there is no pre-shared secret. If each party has a public/private key, they can generate as many shared secrets as they want. Those keys need to be generated randomly and I don't see why you would want to derive asymmetric keys from a common password.

+ 0
Score:1
avatar Crypto
kr flag
mentallurg

Usage of public key in such scenario makes no sense. If you want to prevent that the same key is used for multiple data sets, then one party can each time generate a new password, encrypt data using it, and send the encrypted password to the other party. The other party will decrypt the key, then decrypt data.

A shared key has some risk on the long run, because if it is leaked, then the whole previous communication can be decrypted.

The more reliable scenario is, when both parties generate key pairs independently on each other and obtain certificates from some CA, which they both trust. Then they can use hybrid encryption for data exchange.

+ 7
sandeep kiran p avatar
ec flag
sandeep kiran p
We could do what you said. But in my case, the only visible communication between the two parties is via the public key which gets posted on a web page. I want to masquerade sending data via the public key.
0
Reply
kr flag
mentallurg
@sandeepkiranp: See update.
0
Reply
sandeep kiran p avatar
ec flag
sandeep kiran p
as I said, this is not a new protocol that I can change. Is it mathematically possible to hide data in a public key (which is made public) such that the receiver can retrieve the data as well as recreate the corresponding private key?
0
Reply
sandeep kiran p avatar
ec flag
sandeep kiran p
yes that is what I want to do. The public/private key pair should also be a legitimate one using which I should be able to do ECDSA signature generation and verification. The receiver only has the shared password and the resultant public key. From this he should be able to get back the data.
0
Reply
kr flag
mentallurg
@sandeepkiranp: Mathematically? No. Because mathematically a private key is a pair of two numbers. You cannot add any data, because you will modify these numbers. And one more point: Keys are generated in pairs. Mathematically, you cannot derive private key from public key. Otherwise TLS and thus communication security the modern Internet would be impossible, digital signatures would be impossible, etc.
0
Reply
jp flag
user253751
@sandeepkiranp If you have a way to generate a key from a password, why don't both parties just generate the same key and then they don't need to put it on a website?
0
Reply
sandeep kiran p avatar
ec flag
sandeep kiran p
Currently there is an existing mechanism in place where one party puts up genuine public keys on their website. The other party later proves (using signature scheme) that it owns the corresponding private key. I want to hack this scheme to give party #1 a genuine public key as well as encode some data within it that I want to send to party #2. So I need to generate public key such that it also encrypts some data which the other party can decrypt since they both share a password. But as @mentallurg said, this is not possible.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.