Generating public/private key pair based on input

Question

OpenSSL provides tools to generate random public/private key pairs. Is there any mechanism to deterministically generate a pair based on some initial value?

For example, given the string 'abcd', generate a public/private key pair, such that the same public/private key pair can be generated again using the same string.

Answer 1

For sure, just use your password in a PBKDF to generate a key like array of bytes (random salt and high iteration count required). Then use this array of bytes as seed for a PRNG. Make sure that you always use the same PRNG! Then use that PRNG as input for RSA_generate_key. Make sure that generate key implementation is not changed.

Please read the answers on Initialize a PRNG with a password on crypto.stackexchange.com. Note that usually the private key is encrypted instead, e.g. using the PKCS#12 container. Note that both PKCS#12 containers and the method above are vulnerable to brute force attacks. Most passwords do deliver a very limited amount of entropy, making these brute force attacks more feasible. The advantage of the PKCS#12 container is that you do not have to store it with the ciphertext, it is only required during signature generation or decryption. Using a 128 bit hex value as password would alleviate the issue of brute forcing, but you likely won't be able to remember it.

Note that RSA key pair generation takes a lot of time (and finding a large prime has a nondeterministic running time, so it may take very long for specific key pairs). EC F(p) keys would be much less cumbersome.

Feasible? Certainly. Useful? Possibly. Fraught with danger? Certainly.