Ambarish Mitra wrote:
Hi all,
Background:
My application reads an encrpyted-base64 password from a config file and
decrypts the same inside the application. The password is encryped using
Triple-DES algorithm.
To encrypt and base64 the actual password, a stand-alone utility is
provided. We run this utility, and then copy-paste the generated password in
the config file. Of course, the key, the IV (Salt not used) are same
(hard-coded) in both the applications.
So far, so good.
Now, we have to make the keys available in another file (Which will be kept
under more security). Both the applications are to read the key from the
file. Now, we have to generate the key and then write out the key in the
file.
Question:
So, the question is: How can we generate a key for Triple DES encryption and
write out the same in a file?
Simple answer for 'how to generate a key for a symmetric cipher' is 'use
a pseudo-random generator' to generate key/IV pairs of desired length.
A more complicated answer would depend on 'if you want the key
generation to be deterministic based on a set of given parameters', then
you'd have to make the key generation a secure function of these
parameters (else look at the simple answer). Examples would pbe, key
generation in SSL sessions (well not exactly, but given the same random
values you do get the same keys). Formulating this function is better
left to a security expert; better still use one of the standard or
established techniques.
How to write out to a file? Simple answer: base64, or raw binary, or etc..
Have you considered if PKCS12 or PEM would suite your application's needs?
I tried the genrsa and dsa options but they seem to generate keys for
RSA/DSA encryptions. Also, we can specify the length of modulus in those
keys. But they will not map well in T-Des case.
Don't know how rsa/dsa can help with DES ;)
Any pointers would be welcome.
Thanks.
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
