Ambarish Mitra wrote:
Ambarish Mitra wrote:
Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined..
Question:
So, the question is: How can we generate a key for Triple DES encryption and
write out the same in a file?
Simple answer for 'how to generate a key for a symmetric cipher' is 'use
a pseudo-random generator' to generate key/IV pairs of desired length.
--- This will be sufficient for my case. Is there a way to generate the same
from the command line,
or we have to generate in a program using "DES_random_key". I could not find a way to do from the
command line.
$openssl rand -base64 <number of bytes>
- There are 2 concerns here.
1) When we do this (with number of bytes = 24 for T-DES), and use the same as keys, then how do we know that it is a strong key for t-des encryption?
A DES weak key could be checked for using DES_is_weak_key(). 'man des'
explains the chances that a random key could be weak. Going by that, you
might just want to use a proper PRNG/random source.
2) Also, in the application, we have to do base64 decode, and the resultant may
not be ascii. It can have special characters. I am just wondering if sending
this key in any decryption function will cause problems.
A key isn't meant to be ascii or representable as a C string, treat it
as binary data (and it'll treat you well ;) If you want to transmit or
convert to ascii-form that's what base64 is for.
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
