Can I recover RSA-keypair by generating them at the same time and date?

I would like to generate a rsa keypair with openssl. For security reasons - for example loss - I would like to ask, if it is possible to regenerate these using openssl and executing the same genrsa command at the exact date and time (same date and same time to the second)? Or does the generation of the keys depend also on other parameters like used hardware etc.?

Solution 1:

No. Cryptographic key generation is not based simply on the clock seconds or hardware IDs. Those are all predictable sources, and that's the exact opposite of what an RSA key needs to be – literally the whole point is that the key should be impossible to predict, i.e. "random".

(In other words, cryptographic keys are not the same thing as serial numbers or license keys!)

To achieve this unpredictability, OpenSSL seeds its generator with OS-provided random data (e.g. from /dev/urandom on Linux), and the OS collects such data from various "noise sources" – e.g. a nanosecond-resolution clock, the time between key presses, and hardware-generated random data. (Here's a detailed analysis of how it works.)

Basically, the whole process is designed to prevent someone from doing what you're trying to do.

Although if you create a virtual machine, snapshot it while running (so that it can be restored to exactly the same CPU and memory state), and have two identical clones of the same live snapshot run the same 'genkey' with nanosecond accuracy, then they might get the same results. But they probably still won't.