0

Is there any way to derive the RSA private key from another RSA private key?

Let's say I have a base RSA key $(P, Q)$ (both prime), and then use some salt and an algorithm that creates a new primes, e.g. $(P', Q') = f(P, Q, \mathsf{salt})$.

Is there any security issue with my approach? Does anyone have a better solution for this or is this not possible at all?

I want to do key derivation, so I can only use a salt and recreate keys in my code. This will enable me to not store more than one base key and just derive it with a specific salt parameter.

Mark Schultz-Wu
  • 15,089
  • 1
  • 22
  • 53
simonS
  • 3
  • 1

1 Answers1

1

Is there any security issue with my approach?

Well, no, there doesn't have to be.

One approach would be to seed a cryptorng with $P, Q, salt$, and then use the output bits of your cryptorng as the seed for a standard RSA private key generation algorithm.

Of course, this doesn't try to take advantage of the fact that the inputs are a factorization of an RSA modulus; it would work equally well if $P, Q$ were random values. But it should answer your question.

poncho
  • 154,064
  • 12
  • 239
  • 382