Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PKI multiple public keys

Tags:

security

encryption

pki

I'm wondering if I can have multiple public keys for a private key.

Can this be done? If so, what are the security issues!?

If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be "compatible"?

like image 492
André Moreira Avatar asked Jun 23 '10 08:06

André Moreira

3 Answers

In all asymmetric crypto-systems I can think off, there is a 1-1 correspondence between the public key and the private key: given the private key you can uniquely determine the public key and given the public key you can uniquely determine the private key (but it should of course be computationally infeasible to determine the private key from the public key).

However given one of the usual asymmetric schemes you can easily create such a scheme: To create a private key with n public keys, just generate n public-private keypairs in the normal scheme and define the "private key" to be the collection of the private keys. When signing just sign with all the private keys, when verifying try to verify one of the signatures. Encryption is the usual operation and decrypting should try to decrypt with all the keys (one of them should work).

like image 196
Rasmus Faber Avatar answered Oct 27 '22 00:10

Rasmus Faber

This is not possible with standard algorithms.

If you look at how key pairs are generated in RSA, you select a public key first by specifying the public exponent, then generate the private key.

I can't think of a use-case for multiple public keys. They are public and you can get any of them so it doesn't really improve security.

like image 23
ZZ Coder Avatar answered Oct 27 '22 00:10

ZZ Coder

It isn't clear why you think you need multiple public keys. It may help you to learn that if something is encrypted with the public key, it cannot be decrypted using the same public key.

If there are three people (A,B,C) with your public key, B and C cannot read a message encrypted by A, but you (with the private key) can.

If you want to be able to send a message that only one of A, B, or C can read, they should each have a private key, and share their public key with you.

It sounds like you want to treat public keys like private keys, and that's probably a bad plan.

like image 23
Slartibartfast Avatar answered Oct 27 '22 00:10

Slartibartfast
Sign in to Comment

Related questions

HTTP Digest Authentication
Running a bookmarklet on an iFrame that is coming from a different domain
My site is infected with obfuscated PHP malware - what is it doing + how do I get rid of it?
How to provide highlevel API call Security - iOS
Safely using String for passwords by using reflection to scrub contents prior to garbage collection
Importing ECC-based certificate from the Windows Certificate Store into CngKey
Best way define important credentials in spring boot
C#: What are Partially Trusted Callers?
Is this use of System.Security.Principal.WindowsIdentity reasonably secure?
How do I integrate the value of __webpack_nonce___ with my Content Security Policy?
Unlock Windows workstation programmatically
Java trustmanager behavior on expired certificates
How to set the Evil Bit on outgoing traffic
Android - How are you dealing with 9774d56d682e549c ? Android ID
In ELMAH with MVC 3, How can I hide sensitive form data from the error log?
Do I need to sanitize user-inputted data, before sending it in an email
SecurityContextHolder.getContext().getAuthentication() returning null
Are git push and pulls encrypted?
Secure encrypted database design
TLS/SRP in browsers?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!