Non-Programmatic Deterministic Key Generation for ED25519 and ED448 Keys

[Neil Horman]

I've never tried, but you might try replacing /dev/random with a pipe that
reads data from an input file to make the entropy fetch deterministic.

Note that's probably dangerous, so I'd recommend doing this in a container
to isolate it from your running system

On Sat, Jul 13, 2024, 8:52 PM Syfer Shock! via openssl-users <
openssl-users at openssl.org> wrote:

> I need a non-programmatic method for using seeds to generate ED25519
> and ED448 (Goldilocks) key pairs. This means using only shell-accessible
> tools within OpenSSL rather than binding programmatically.
>
> While reading the documentation it seems that neither 'genpkey' nor
> 'pkeyutl' have a facility for using a deterministic seed to generate
> the keys. Maybe I am missing something.
>
> I notice that OpenSSL has the 'asn1parse' utility for reading PEM and
> DER formatted keys. Is there an analogue that allows to write back a new
> value for the secret integers in private keys? Or can I encode data
> with 'asn1parse' and then output it in PEM format to build a key?
>
> Trying to de-serialize and reconstruct keys outside of OpenSSL is a pain
> and might hinder portability and require re-writing the same code to
> different targets. I would rather try to find a way to use the native
> shell commands so I may set it and forget it.
>
> --
>   www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240714/cf949c07/attachment.htm>