5

In Java I would like to generate a public and private key based on a string in my app.

I'm not going for security, I'm going for "Can I generate the same public and private key using this string".

How would I do that?

I was looking at these methods:

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);

But I want to seed the key pair generator with my own string, which ideally will get hashed by these algorithms. KeyGen only takes the SecureRandom object. I want the same resulting key pair, anytime I pass that string.

CQM
  • 42,592
  • 75
  • 224
  • 366

1 Answers1

5

Try adding the following line after initializing random:

random.setSeed(myString.hasCode())

The hash code value of your string will always be the same given the same string during one execution of the program, and it is considered very unlikely to find two strings with the same hash code.

If you want to generate a hash that will be guaranteed to be the same during multiple executions of the program, or if you want to be sure that it's truly infeasible to find two String's that generate the same hash, try using something like MessageDigest instead of String.hashCode(). Like this:

MessageDigest md = MessageDigest.getInstance("SHA-256");
random.setSeed(md.digest(myString.getBytes())

Also, note that the String must always have the same character encoding each time in order for you to generate the same MessageDigest value and public and private key pair.

Charles Spencer
  • 626
  • 1
  • 6
  • 17
  • 3
    "Considered infeasible to find two strings with the same hash code" — that's only true of a cryptographic hash function, which Java's `String.hashCode` method is not. There's also no guarantee that `hashCode` will return the same value for the same string in different runs of the program; it's only required to be consistent within a single execution. A cryptographic hash function like SHA-256 is a much better choice here than a Java hashcode. – Wyzard Aug 05 '15 at 05:00
  • Thanks! I edited my answer to address your comments and the issue of character encodings affecting the hash. – Charles Spencer Aug 05 '15 at 05:11
  • I wouldn't even say it's "very unlikely" to find a hash collision with Java's `hashCode` method. Read about the [birthday attack](https://en.wikipedia.org/wiki/Birthday_attack): since `hashCode` produces a 32-bit result, you only need about 77,000 (random) strings to have a 50% chance that two of them will have the same hashcode. And the algorithms used to implement `hashCode` aren't designed to resist [preimage attacks](https://en.wikipedia.org/wiki/Preimage_attack), so it's not difficult for someone to deliberately *make* a string with a chosen hashcode. – Wyzard Aug 05 '15 at 05:36
  • Well, the OP specifically said that they are not going for security, and I think it would be unlikely to get a hash collision without someone deliberately trying to attack it. – Charles Spencer Aug 05 '15 at 05:48