Upload
abdul-manaf-vellakodath
View
155
Download
0
Embed Size (px)
Citation preview
Cryptography - Key
Generation -
Symmetric Key
5 minutes series
Abdul Manaf Vellakodath
Security Architect
Asymmetric Key
Key Generation - Symmetric and Asymmetric Keys
Large
Random
Number
Symmetric
Key
Generation
Algorithm
Symmetric Key
Symmetric-key algorithms[1] are algorithms for cryptography
that use the same cryptographic keys for both encryption of
plaintext and decryption of ciphertext.
Wiki
Symmetric Key
Large
Random
Number
Asymmetric
Key
Generation
Algorithm
Asymmetric cryptography, is any cryptographic system that
uses pairs of keys: public keys that may be disseminated
widely paired with private keys which are known only to the
owner.
Wiki
PRIVATE KEY
PUBLIC KEY
As demonstrated above, the keys generated by Symmetric Key and Asymmetric Key generation algorithms are fundamentally
different. Symmetric Keys can be used for both encryption and decryption. Asymmetric Private Key can decrypt what Public
Key encrypts, and vice versa.
Symmetric Keys (RFC 2898)
● The symmetric keys are random bits of certain lengths, which ever way you
choose to set it. One specific implementation is:
○ RSA Public Key Cryptographic Standards (PKCS) has two algorithms to derive keys:
■ PBKDF1 (DK = PBKDF1 (P, S, c, dkLen))
● Hash = [underlying hash function] (option)
● P = Password
● S = Salt
● c = iteration count; a positive integer
● dkLen = lengths in octets (16 for MD2 or MD5, 20 for SHA-1)
● DK = Derived Key
■ PBKDF2 (DK = PBKDF2 (PRF, P, S, c, dkLen))
Octet
=
8 bits
Symmetric Keys - PBKDF1 - Algorithm
Hash
Concatenate
c - 1
iterations
Take first dkLen
octetsEnd
Hash
Function
Password, Salt
dkLen - number of
octets required
As per the RFC
2898, the maximum
length allowed for
dkLen is 20 octets
(for SHA1), which
means a total of 20
x 8 = 160 bits in key
length. For MD2
and MD5 hash
functions, the input
length is 16. I.e., 16
x 8 = 128 bits in key
length.
Symmetric Keys - PBKDF2 - Algorithm
u(1) = PRF(P,
Con)
Con = Concatenate
(Salt, INT(i))
Salt, INT(i)i is encoded
as 4 octets
Password
c-1
iterations
u(1) xor u(2) xor
… u(c)
u(i)=PRN(P, u(i-
1))Store as T(i)
Increment i
Set i = 1
i >
i(max)
Concatenate all
T(i)
hLen = length_in_bits(PRF output ÷ 8)
i(max) = CEIL (dkLen / hLen) ,
r = dkLen - (i - 1) * hLen .
Take the output
from above as DK
End