0

I am looking for a python module to create a pair of matching tokens with the following two properties:

  • they can be checked for match
  • it is impossible to obtain one token from the other

PS: It is my understanding that an RSA public key can be derived by the holder of the private key, so this does not help us.

Community
  • 1
  • 1
Konstantin Schubert
  • 3,242
  • 1
  • 31
  • 46
  • No, you cannot make one key from the other. RSA public and private keys are the same thing, the name just indicates which one you keep private. The question you linked talks about a .pem file, which can hold both keys. – Jochen Ritzel May 11 '13 at 15:18
  • I might be misunderstanding the question, but are looking for hash functions? token1=random string, token2=md5(token1+salt) meets your specs. – georg May 11 '13 at 21:19
  • @thg435 that's pretty close, but I would say that token2 is the pair of *hash and salt*, otherwise the owner of token1 could guess it. Now, if there was a higher level wrapper for your idea, it would be what I wanted. I will write it if it doesn't exist. – Konstantin Schubert May 11 '13 at 22:57

1 Answers1

1

You are looking for a signature function that uses a random part. It is e.g. possible to sign something using RSA-PSS and a private key. Then the token would be the combination of the public key and the signature. RSA-PSS differs from standard PKCS#1 v1.5 signatures that they contain this random component; PKCS#1 v1.5 delivers the same signature for identical input.

Note that RSA requires relatively large keys and signatures (2048 bit is the minimum by now) If you need a smaller token you may take a look at Elliptic Curves, but that's a lot harder to understand and implement. If you go that way you could use a named NIST curve such as P-256. That would make the minimum signature size about 3 to 4 times the EC key size (up to 128 bytes) instead of 512 bytes for RSA.

It seems PSS signatures are supported by M2Crypto, but as I don't program Python, you'll have to ask another question if you get stuck.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263