Thursday 18 December 2014
» » » » » » » SSH Key Generator POC One Keypair At A Time
0 comments
11:38:00

SSH Key Generator POC One Keypair At A Time



SSH Key Generator POC One Keypair At A Time. A utility for deterministically generating SSH keypairs.

SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. 



 There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on..

 Each keypair is generated by hashing together a "seed" or "master key" (should be at least 32 bytes, randomly generated, and kept secret) and a unique "handle" (using the same handle will result in the same keypair, but the handle does not need to be kept secret); the resulting SHA256 hash is used as the input for generating an Ed25519 keypair.

 This allows the creation of a large number of unique keypairs without having to actually manage the keypairs individually. This allows for, say, using a different keypair for every host you need to log into, thus preventing someone from correlating different user accounts on different hosts by the public keys in authorized_keys.

 This proof of concept implementation just generates one keypair at a time; ideally the keypairs would be generated on demand, perhaps by an SSH agent implementation (the key generation step should only take a few milliseconds).

 Note that while Ed25519 allows for using any 32-byte input to generate a keypair, making this implementation trivial, implementing a similar scheme for other key types is probably possible in some cases (eg. ECDSA), and infeasible in others (DSA/RSA, probably).

Usage

You will need ghc and cabal, as well as the libsodium development files; on Debian/Ubuntu, the ghc and libsodium-dev packages are what you need.

 $ git clone https://github.com/mithrandi/ssh-key-generator.git
$ cd ssh-key-generator
$ cabal sandbox init
$ cabal install
$ head -c 32 /dev/urandom > seed
$ cabal run ./seed HIMOM ./id_ed25519
$ ssh-keygen -y -f ./id_ed25519

 ./seed is the master key, HIMOM is the key handle, and ./id_ed25519 is the output file into which the private key will be placed. ssh-keygen is then invoked to print the public key out.

 Download now
Share This To :

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)
 
Toggle Footer
Top