PKI multiple public keys

2019-02-08 14:33发布

问题:

I'm wondering if I can have multiple public keys for a private key.

Can this be done? If so, what are the security issues!?

If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be "compatible"?

回答1:

In all asymmetric crypto-systems I can think off, there is a 1-1 correspondence between the public key and the private key: given the private key you can uniquely determine the public key and given the public key you can uniquely determine the private key (but it should of course be computationally infeasible to determine the private key from the public key).

However given one of the usual asymmetric schemes you can easily create such a scheme: To create a private key with n public keys, just generate n public-private keypairs in the normal scheme and define the "private key" to be the collection of the private keys. When signing just sign with all the private keys, when verifying try to verify one of the signatures. Encryption is the usual operation and decrypting should try to decrypt with all the keys (one of them should work).



回答2:

This is not possible with standard algorithms.

If you look at how key pairs are generated in RSA, you select a public key first by specifying the public exponent, then generate the private key.

I can't think of a use-case for multiple public keys. They are public and you can get any of them so it doesn't really improve security.



回答3:

It isn't clear why you think you need multiple public keys. It may help you to learn that if something is encrypted with the public key, it cannot be decrypted using the same public key.

If there are three people (A,B,C) with your public key, B and C cannot read a message encrypted by A, but you (with the private key) can.

If you want to be able to send a message that only one of A, B, or C can read, they should each have a private key, and share their public key with you.

It sounds like you want to treat public keys like private keys, and that's probably a bad plan.



回答4:

Private/Public keys have a 1-1 relationship, and so it's not possible to have more than one public key for a given private key.

However, you can have 3 separate certificates for the same public key, if that's the type of thing you're looking for.