jump to navigation

how to generate a key for symmetric encryption? February 7, 2007

Posted by TSAI HONG-BIN in Linux.

Please be aware that the generation of a key-pair for asymmetric encryption (RSA, ECC..etc.) is not the case discussed in this article. If you need one, use genrsa in openssl. Looking for more detail? ask man.

It’s kindda emberrasing. My research back at days in school is all about security, but it took me an hour to figure out how to generate a key, as specified in size, on Linux. If I have to defend myself, ( actually I truly want to), I’ll say, my focus is the essence of cryptography, the algorithm, the model … blah..

Anyway, we all know, a key (or key pair) supplied in an encryption/decryption scheme is supposed to be very difficult to be acquired by simply “guessing it.” Like times you register to net-banks and there are some passphase rules listing aside the password field. Must be 6-12 long, english character and number mixed, no blank, no observable pattern…sort of things. There are requirement/rules for the selection of key (or keys). Again, if you want to know more about the requirement of key selection in different cryptography, please go find a cryptography book.

Secret key in symmetric encryption requires such sort of “high entropy” as well, even higher. So the best way to “generate a key” is by “random.” Random number is another amazing mystery in cryptography, there’re lots of researches focusing on ways to make random number “random enough.” (So basically all random number generators available are called Pseudo-random number generator (PNG), the random they provide is by manipulation.) And that’s where a secret key should come from.

Linux kernel has implemented PNG as well, it’s a character device on the system. check /dev/random

Then, how to fetch an appliable key from the random?

#dd if=/dev/random bs=1 count=32 2> /dev/null | xxd -ps

This command will give you a 256 bits long secret key, comprised by a set of random (well, pseudo-random) numbers.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: