3

I am creating software tokens for future request authentication, and I want to use an HMAC for the token to make them tamper-resistant. To ensure I can check the HMAC later I need a secret, persistent key. Is there a security concern in using a private RSA key as the HMAC key? If not, what would the best values be from the key? This link says:

The security of RSA derives from the fact that, given the public key { e, n }, it is computationally infeasible to calculate d, either directly or by factoring n into p and q. Therefore, any part of the key related to d, p, or q must be kept secret.

I would expect it to be the private exponent (D) then, but I am not sure if some other combination of values would offer strong security (like P,Q, and D concatenated).

Edit: clarification

The reason I am asking about the RSA private key is the HMAC key needs to be stored so that the HMAC can be validated by the server on future requests. An RSA private key is an easy to manage, persistent value. I am not using the public key, or performing any aspect of public key crypto. I need a way to securely manage the HMAC key, and I am wondering if there are any good reasons not to use an RSA Private Key for this purpose.

Kyeotic
  • 133
  • 7

2 Answers2

2

The reason I am asking about the RSA private key is the HMAC key needs to be stored so that the HMAC can be validated by the server on future requests. An RSA private key is an easy to manage, persistent value.

You seem to be under the misguided and mistaken belief that an RSA key is somehow easier to manage and persist than a symmetric key.

I am wondering if there are any good reasons not to use an RSA Private Key for this purpose.

RSA private keys were not designed or intended for this purpose, and there seems to be no legitimate reason why you would actually want to do it. Use primitives for the purposes they were designed. Don't try to be clever. And don't invent your own crypto.

Stephen Touset
  • 11,162
  • 1
  • 39
  • 53
2

If you truly can't be dissuaded from 'using' an RSA key for HMAC, be sure to derive a strong symmetric key using HKDF with a salt and some associated data.

I have a suggestion for you based on your comment to Stephen's answer. If all you need to do is store the symmetric key in the key/cert store, why not encode some generated symmetric key in the format (PEM/ASN.1/DER/etc.) expected by the cert store and use application-layer code to read it in and use it as an HMAC key? You could even use some junk data/padding if there's a length problem.

EDIT in response to comment: I mean use the RSA private key as the input to a key derivation function like HKDF.

Community
  • 1
pg1989
  • 4,736
  • 25
  • 43