Re: symmetric key generation..

Tue, 12 Jun 2012 04:52:25 -0700 

Hi Mr Newbie,
Joshua is right when saying you should be carefull using tech's you might not fully understand ( just like me, ;-) ) 

Perhaps RAND_bytes() is enough for your needs ?
http://www.openssl.org/docs/crypto/RAND_bytes.html

I am guessing it could be profitable for you to read :
http://csrc.nist.gov/publications/drafts/800-133/Draft-SP-800-133_Key-Generation.pdf,
(chapter 5), and perhaps :
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2_1.pdf
The OpenSSL implementation is PKCS5_PBKDF2_HMAC() in crypto/evp/p5_crpt2.c
(as far as I know, not documented)

Hope this will help,

Michel

Le 12/06/2012 11:32, Joshua Bowman a écrit :

On 6/10/2012 11:18 PM, vinayak.T.K wrote:

presently i m working on the project which includes the generation of
symmetric key from the public key....i m just a begginer....so can u please
help me out.

Victor Duchovni wrote:

On Wed, Nov 21, 2007 at 04:21:18AM -0800, Ramkumar Ganapathy wrote:

I am trying to use the OpenSSL crypto C libraries to generate symmetric
and assymetric keys. This is part of development of a key management server.
The library as such do not have any functions for symmetric key generation.
That is, all the "generate_key" functions are based out of assymetric crypto
algorithms. Wheras I see functions in the JCE(java cryptographic
extension) and the likes that has symmetric key generation utilities.

Does OpenSSL support what I am looking for? Any pointer to this will be
much appreciated !

Symmetric keys are just an array of random bytes of the right
length. OpenSSL includes a PRNG interface seeded by external entropy
sources (often /dev/urandom).
--
Viktor.

The symmetric and asymmetric keys have nothing to do with each other, and you 
don't generate one
from the other. The only purpose of the asymmetric key is to protect the 
symmetric key during
the initial exchange; after that all communication is encrypted by the 
symmetric key alone. You
can use any bits you want for the symmetric, although it helps if it's 
generated by a hardware
or well-known software randomizer like openssl uses.

If you really wanted to, I suppose you could generate the symmetric key by 
hashing the private
RSA key, or the concatenation of the public and private keys. I don't think 
that would make a
difference with a sufficiently strong hash, but I can't mathematically prove it 
is safe, either.
But generating it from the public key alone sounds like begging for a major 
breach the minute
anyone figures out what algorithm you use; if you don't understand how this all 
works, please
read up on it, or just use TLS instead of inventing your own key exchange.

Joshua Bowman


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to