I am not able to generate RSA key pair inside VSS through macros. I am in need of script to gerate key inside and compute Public CA and do RSA computation inside. Please help in this regard.
As far as I know, it is not possible to generate a RSA keypair inside VSS (v4.0).
You might want to try generating a keypair using the embedded openssl and then store it into the key slot (beware that there are probably some constraints on some key slots (modulus length,exponent length) -- check your documentation).
Beware that the RSACOMP operation does only a raw RSA computation (modular exponentiation) and you will have to handle the padding stuff yourself (and correctly).
A much simpler alternative is to generate the keypair outside (HSM?) and inject it securely to the terminal (I do not understand your use case -- but some certificate for this keypair could be injected as well)
Good luck!
Related
I try to manage in a C library multiple RSA keys and certificates in a PKCS#12 structure. Managing a single key with the primitives PKCS12_create and PKCS12_parse works fine, but I can't find anything about managing multiple keys. I tried to use the safes and bags primitives but I only succeed to corrupt my PKCS12.
Does OpenSSL's PKCS#12 allow multiple keys and certificates in PKCS#12 structure? If so, then how do I manage multiple keys and certificates using the PKCS#12 API?
Thanks all
PKCS#12 is a complicated data structure. All of the operations that PKCS12_parse use are public API, it just tries to simplify the simple case. The entire 245 lines of p12_kiss.c (one presumes Keep It Simple, Stupid) are PKCS12_parse and its (non-public) helper routines.
p12_crt.c is another 291 lines of "man, this file format is complicated", which is just PKCS12_create.
Managing multiple files is easier code, but if you want to take the complexity into your code you can simplify your file operations.
Don't forget to call PKCS12_SAFEBAG_create_pkcs8_encrypt on the private key bags. Your keys aren't encrypted unless you call it, and (IIRC) Apple's PFX reader won't load keys out of unencrypted bags (probably not an intentional decision, they just likely never experienced it).
I finally succeed to add/parse multiple RSA keys and they certs into/from a PKCS12 structure/file.
My parse function is based on the OpenSSL parse_pk12 function in p12_kiss.c file. This function seems to return the last bag only. I adapt it to check each bags friendly name and return the one who match.
The add function begin with unpacking the safes (STACK_OF(PKCS7)) from the existing PKCS12, and then working on this safes in order to add a new stack of bags to it. I then create a new PKCS12 with the PKCS12_add_safes function and delete the previous one.
Thanks all
Currently I am investigating https://github.com/orlp/ed25519 , and it has example for signing but how to use it for encrypting/decrypting data? Thanks
Assuming you want to send a message to Alice who has the public key A.
Generate a new ephemeral key pair e, E
Compute the shared DH secret between e and A using the ed25519_key_exchange function.
Use some kind of of KDF of that secret. In the simplest case a hash.
Use the value derived in step 3 as key in a symmetric algorithm
NaCl's crypto_box works almost like this. The main differences are that it uses Montgomery form public keys and uses HSalsa20 as hash in step 3.
Some people don't feel comfortable with using the same keypair for signing and encryption. Use at your own risk. If you don't need this key reuse, I'd recommend LibSodium as an alternative.
You don't. ED25519 is a public-key signature system, not an encryption system. Trying to use it for a purpose it was not designed for is likely to introduce security vulnerabilities.
I am working on AES security in Contiki OS.I have AES library, which supports two type of encryption/decryption:
On the fly
Fixed key
In on-the-fly, when I encrypt data using key, new key and encrypted data get generated.This newly generated key is used to decrypt data. So every time I perform enc/dec operation, my key get changed.
In the fixed-key algorithm, one fixed key is used for all enc/dec.
I am confused , which method I should select? I don't know pros and cons of this two methods.
The difference between on-the-fly vs fix-key is explained in the original Rijndael proposal section 4.3.2 the Note section.
"The key schedule can be implemented without explicit use of the array W[Nb*(Nr+1)].
For implementations where RAM is scarce, the Round Keys can be computed on-the-fly using
a buffer of Nk words with almost no computational overhead."
Essentially on-the-fly key scheduling will be save some memory because you do not need to store the whole expanded key, but you compute it in every round. The advantages of on the fly key scheduling are only really matter in very small micro controllers or hardware implementations.
Disadvatages are that its slower to do the decryption, because you need to expand the key first before starting to decrypt.
I would like to generate a certificate with only a few information to get a very small certificate, maybe just the Version, Serial Number, Issuer, Validaty, Public Key and the signature.
I am asking this because the certificate I have just generated using openssl has about 900Bytes which is too much for the purposes I want.
I want a certificate to use with ecdsa 256 with nistp256.
Why do not you consider some good compression algorithm to reduce the size?
Or you can reduce the key size to reduce the overall size. As far as I know, you can generate minimal certificate with some basic information (Version, Serial Number, Issuer, Subject, Validity, public key and signature are required). You can omit the extensions and keep these fields too small.
To reduce the size, you can reduce the size of these information. However, version (as governed by standard), serial number, issuer (governed by issuer authority) and validity are not in your control. Signature is also depends on signer's public key which may not be in your control (unless you are signing yourself or using self-signed certificate) as it depends on size of the signing private key and hashing algorithm.
Only things in your control are subject (you may on your choice can keep it very small) and public key (you can choose size and algorithm but that may compromise the security or issuer may not allow).
Over and above, you can use some compression if that can reduce the size of certificate significantly.
I have a passphrase and I want to generate 128bit or 256bit WEP key from that. Any pointers or links will be helpful on how to generate WEP key from a plain text.
Hopefully the original poster has found the answer by now but I for one found this information SHOCKINGLY difficult to come by as it's beyond deprecated. As mentioned repeatedly, in this thread and others, WEP is horribly unsecure but for some reason nobody is willing to give a straight answer otherwise and there are a lot of suggestions to go learn something else.
To the original question, the 128-bit key is an MD5 hash of a 64-byte string. This 64-byte string is the ASCII pass phrase repeated over and over then truncated at 64-bytes. In SQL Server for instance, this would appear as,
SELECT CAST(HASHBYTES('MD5', LEFT(REPLICATE(#phrase, CEILING(64.0 / LEN(#phrase))), 64)) AS varbinary(13))
Start by reading about Key Derivation Functions. High quality modern KDFs are scrypt, bcrypt and PBKDF2. All of them have open source implementations.
For PBKDF2, you can specify the length of the derived key. For scrypt, you can pick the first N bits of the output and use them as the key.
The most straightforward way of doing this without using a KDF is to concatenate your passphrase with a 24 bit IV (initialization vector) and form an RC4 key.
Mind that WEP combines your key and IV to seed an RC4 stream which keys the data stream; for this reason, WEP has a number of shortcomings, which make it unable to provide adequate data confidentiality. You can read more about it by following the Wikipedia page links.
Do NOT use a cryptographic hash as a derived key.