Recommeded Way To Generate Symmetric Key
Recommeded Way To Generate Symmetric Key 4,8/5 877 reviews

There are multiple ways of generating an encryption key. Most implementations rely on a random object. All examples mentioned here use a secure cryptographic randomizer. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.The keys may be identical or there may be a simple transformation to go between the two keys. This topic describes how to create identical symmetric keys on two different servers in SQL Server 2019 (15.x) by using Transact-SQL. In order to decrypt ciphertext, you need the key that was used to encrypt it.

Symmetric-key algorithms[a] are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys.[1] The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.[2] This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key encryption).[3][4]

Types[edit]

Symmetric-key encryption can use either stream ciphers or block ciphers.[5]

  • Stream ciphers encrypt the digits (typically bytes), or letters (in substitution ciphers) of a message one at a time. An example is the Vigenère Cipher.
  • Block ciphers take a number of bits and encrypt them as a single unit, padding the plaintext so that it is a multiple of the block size. Blocks of 64 bits were commonly used. The Advanced Encryption Standard (AES) algorithm approved by NIST in December 2001, and the GCM block cipher mode of operation use 128-bit blocks.

Implementations[edit]

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.[6]

Cryptographic primitives based on symmetric ciphers[edit]

Symmetric ciphers are commonly used to achieve other cryptographic primitives than just encryption.[citation needed]

Encrypting a message does not guarantee that this message is not changed while encrypted. Hence often a message authentication code is added to a ciphertext to ensure that changes to the ciphertext will be noted by the receiver. Message authentication codes can be constructed from symmetric ciphers (e.g. CBC-MAC).[citation needed]

However, symmetric ciphers cannot be used for non-repudiation purposes except by involving additional parties.[7] See the ISO/IEC 13888-2 standard.

Another application is to build hash functions from block ciphers. See one-way compression function for descriptions of several such methods.

Construction of symmetric ciphers[edit]

Many modern block ciphers are based on a construction proposed by Horst Feistel. Feistel's construction makes it possible to build invertible functions from other functions that are themselves not invertible.[citation needed]

Security of symmetric ciphers[edit]

Symmetric ciphers have historically been susceptible to known-plaintext attacks, chosen-plaintext attacks, differential cryptanalysis and linear cryptanalysis. Careful construction of the functions for each round can greatly reduce the chances of a successful attack.[citation needed]

Key management[edit]

Key establishment[edit]

Symmetric-key algorithms require both the sender and the recipient of a message to have the same secret key.All early cryptographic systems required one of those people to somehow receive a copy of that secret key over a physically secure channel.

Nearly all modern cryptographic systems still use symmetric-key algorithms internally to encrypt the bulk of the messages, but they eliminate the need for a physically secure channel by using Diffie–Hellman key exchange or some other public-key protocol to securely come to agreement on a fresh new secret key for each message (forward secrecy).

Key generation[edit]

When used with asymmetric ciphers for key transfer, pseudorandom key generators are nearly always used to generate the symmetric cipher session keys. However, lack of randomness in those generators or in their initialization vectors is disastrous and has led to cryptanalytic breaks in the past. Therefore, it is essential that an implementation use a source of high entropy for its initialization.[8][9][10]

Reciprocal cipher[edit]

A reciprocal cipher is a cipher where, just as one enters the plaintext into the cryptography system to get the ciphertext, one could enter the ciphertext into the same place in the system to get the plaintext. A reciprocal cipher is also sometimes referred as self-reciprocal cipher.

Practically all mechanical cipher machines implement a reciprocal cipher, a mathematical involution on each typed-in letter.Instead of designing two kinds of machines, one for encrypting and one for decrypting, all the machines can be identical and can be set up (keyed) the same way.[11]

Examples of reciprocal ciphers include:

  • Beaufort cipher[12]
  • Enigma machine[13]
  • Marie Antoinette and Axel von Fersen communicated with a self-reciprocal cipher.[14]
  • the Porta polyalphabetic cipher is self-reciprocal.[15]
  • Purple cipher[16]

Practically all modern ciphers can be classified as either a stream cipher, most of which use a reciprocol XOR cipher combiner, or a block cipher, most of which use use Feistel cipher or Lai–Massey scheme with a reciprocal transformation in each round.

Notes[edit]

  1. ^Other terms for symmetric-key encryption are secret-key, single-key, shared-key, one-key, and private-key encryption. Use of the last and first terms can create ambiguity with similar terminology used in public-key cryptography. Symmetric-key cryptography is to be contrasted with asymmetric-key cryptography.

References[edit]

  1. ^Kartit, Zaid (February 2016). 'Applying Encryption Algorithms for Data Security in Cloud Storage, Kartit, et al'. Advances in ubiquitous networking: proceedings of UNet15: 147.
  2. ^Delfs, Hans & Knebl, Helmut (2007). 'Symmetric-key encryption'. Introduction to cryptography: principles and applications. Springer. ISBN9783540492436.CS1 maint: uses authors parameter (link)
  3. ^Mullen, Gary & Mummert, Carl (2007). Finite fields and applications. American Mathematical Society. p. 112. ISBN9780821844182.CS1 maint: uses authors parameter (link)
  4. ^'Demystifying symmetric and asymmetric methods of encryption'. Cheap SSL Shop. 2017-09-28.
  5. ^Pelzl & Paar (2010). Understanding Cryptography. Berlin: Springer-Verlag. p. 30.
  6. ^Roeder, Tom. 'Symmetric-Key Cryptography'. www.cs.cornell.edu. Retrieved 2017-02-05.
  7. ^14:00-17:00. 'ISO/IEC 13888-2:2010'. ISO. Retrieved 2020-02-04.
  8. ^Ian Goldberg and David Wagner.'Randomness and the Netscape Browser'.January 1996 Dr. Dobb's Journal.quote:'it is vital that the secret keys be generated from an unpredictable random-number source.'
  9. ^Thomas Ristenpart , Scott Yilek.'When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography (2010)'CiteSeerx: 10.1.1.183.3583quote from abstract:'Random number generators (RNGs) are consistently a weak link in the secure use of cryptography.'
  10. ^'Symmetric Cryptography'. James. 2006-03-11.
  11. ^Greg Goebel.'The Mechanization of Ciphers'.2018.
  12. ^'.. the true Beaufort cipher. Notice that we have reciprocal encipherment; encipherment and decipherment are identically the same thing.'--Helen F. Gaines.'Cryptanalysis: A Study of Ciphers and Their Solution'.2014.p. 121.
  13. ^Greg Goebel.'The Mechanization of Ciphers'.2018.
  14. ^Friedrich L. Bauer.'Decrypted Secrets: Methods and Maxims of Cryptology'.2006.p. 144
  15. ^David Salomon.'Coding for Data and Computer Communications'.2006.p. 245
  16. ^Greg Goebel.'US Codebreakers In The Shadow Of War'.2018.
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Symmetric-key_algorithm&oldid=948081123'

How to Generate a Symmetric Key by Usingthe pktool Command

Some applications require a symmetric key for encryption and decryptionof communications. In this procedure, you create a symmetric key and storeit.

  • If your site has a random number generator, you can use thegenerator to create a random number for the key. This procedure does not useyour site's random number generator.

  • You can instead use the dd command withthe Solaris /dev/urandom device as input. The dd commanddoes not store the key. For the procedure, see How to Generate a Symmetric Key by Using the dd Command.

  1. (Optional) If you plan touse a keystore, create it.

    • To create and initialize a PKCS #11 keystore, see How to Generate a Passphrase by Using the pktool setpin Command.

    • To create and initialize an NSS database, see Example 15–5.

  2. Generate a random number for use as a symmetric key.

    Useone of the following methods.

    • Generate a key and store it in a file.

      The advantageof a file-stored key is that you can extract the key from this file for usein an application's key file, such as the /etc/inet/secret/ipseckeys fileor IPsec.


      keystore

      The value file specifies the file typeof storage location for the key.

      outkey=key-fn

      Is the filename when keystore=file.

      keytype=specific-symmetric-algorithm

      For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

      keylen=size-in-bits

      Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

      dir=directory

      Is the directory path to key-fn.By default, directory is the current directory.

      print=n

      Prints the key to the terminal window. By default, the valueof print is n.

    • Generate a key and store it in a PKCS #11 keystore.

      Theadvantage of the PKCS #11 keystore is that you can retrieve the key by itslabel. This method is useful for keys that encrypt and decrypt files. Youmust complete Step 1 beforeusing this method.


      label=key-label

      Is a user-specified label for the key. The key can be retrievedfrom the keystore by its label.

      keytype=specific-symmetric-algorithm

      For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

      keylen=size-in-bits

      Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

      Windows xp 64 bit key generator download pc

      token=token

      Is the token name. By default, the token is Sun SoftwarePKCS#11 softtoken.

      sensitive=n

      Specifies the sensitivity of the key. When the value is y, the key cannot be printed by using the print=y argument.By default, the value of sensitive is n.

      extractable=y

      Specifies that the key can be extracted from the keystore.Specify n to prevent the key from being extracted.

      print=n

      Prints the key to the terminal window. By default, the valueof print is n.

    • Generate a key and store it in an NSS keystore.

      Youmust complete Step 1 beforeusing this method.


      keystore

      The value nss specifies the NSS type ofstorage location for the key.

      label=key-label

      Is a user-specified label for the key. The key can be retrievedfrom the keystore by its label.

      keytype=specific-symmetric-algorithm

      For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

      keylen=size-in-bits

      Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

      token=token

      Is the token name. By default, the token is the NSS internaltoken.

      dir=directory

      Is the directory path to the NSS database. By default, directory is the current directory.

      prefix=directory

      Is the prefix to the NSS database. The default is no prefix. Infamous second son cd key free download.

      print=n

      Prints the key to the terminal window. By default, the valueof print is n.

  3. (Optional) Verify that the key exists.

    Useone of the following commands, depending on where you stored the key.

    • Verify the key in the key-fn file.


    • Verify the key in the PKCS #11 or the NSS keystore.


Example 14–5 Creating a Symmetric Key by Using the pktool Command

Create Symmetric Key


In the following example, a user creates a PKCS #11 keystore for thefirst time, and then generates a large symmetric key for an application. Finally,the user verifies that the key is in the keystore.


Recommeded Way To Generate Symmetric Key
Example 14–6 Creating a DES Key by Using the pktool Command

In the following example, a secret key for the DES algorithm is created.The key is stored in a local file for later decryption. The command protectsthe file with 400 permissions. When the key is created,the print=y option displays the generated key in the terminalwindow.

DES mechanisms use a 64-bit key. The user who owns the keyfile retrievesthe key by using the od command.


Example 14–7 Creating a Symmetric Key for IPsec Security Associations

How To Generate A Symmetric Key


In the following example, the administrator manually creates the keyingmaterial for IPsec SAs and stores them in files. Then, the administrator copiesthe keys to the /etc/inet/secret/ipseckeys file and destroysthe original files.

  • First, the administrator creates and displays the keys thatthe IPsec policy requires:


  • Then, the administrator creates the following /etc/inet/secret/ipseckeys file:


  • After verifying that the syntax of the ipseckeys fileis valid, the administrator destroys the original key files.


  • The administrator copies the ipseckeys fileto the communicating system by using the ssh command oranother secure mechanism. On the communicating system, the protections arereversed. The first entry in the ipseckeys file protectsinbound packets, and the second entry protects outbound packets. No keys aregenerated on the communicating system.