On 6/10/2012 11:18 PM, vinayak.T.K wrote: > presently i m working on the project which includes the generation of > symmetric key from the public key....i m just a begginer....so can u please > help me out. > > Victor Duchovni wrote: >> On Wed, Nov 21, 2007 at 04:21:18AM -0800, Ramkumar Ganapathy wrote: >> >>> I am trying to use the OpenSSL crypto C libraries to generate symmetric >>> and >>> assymetric keys. This is part of development of a key management server. >>> The >>> library as such do not have any functions for symmetric key generation. >>> That >>> is, all the "generate_key" functions are based out of assymetric crypto >>> algorithms. Wheras I see functions in the JCE(java cryptographic >>> extension) >>> and the likes that has symmetric key generation utilities. >>> >>> Does OpenSSL support what I am looking for? Any pointer to this will be >>> much >>> appreciated! >> Symmetric keys are just an array of random bytes of the right >> length. OpenSSL includes a PRNG interface seeded by external entropy >> sources (often /dev/urandom). >> >> -- >> Viktor. >> >> The symmetric and asymmetric keys have nothing to do with each other, and you don't generate one from the other. The only purpose of the asymmetric key is to protect the symmetric key during the initial exchange; after that all communication is encrypted by the symmetric key alone. You can use any bits you want for the symmetric, although it helps if it's generated by a hardware or well-known software randomizer like openssl uses.
If you really wanted to, I suppose you could generate the symmetric key by hashing the private RSA key, or the concatenation of the public and private keys. I don't think that would make a difference with a sufficiently strong hash, but I can't mathematically prove it is safe, either. But generating it from the public key alone sounds like begging for a major breach the minute anyone figures out what algorithm you use; if you don't understand how this all works, please read up on it, or just use TLS instead of inventing your own key exchange. Joshua Bowman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
