C
C
Generate Encryption Key
See more Encryption Examples
Discusses symmetric encryption key generation techniques for block encryption algorithms such as AES, Blowfish, and Twofish, or for other algorithms such as ChaCha20.Chilkat C Downloads
#include <C_CkCrypt2.h>
#include <C_CkPrng.h>
void ChilkatSample(void)
{
BOOL success;
HCkCrypt2 crypt;
HCkPrng prng;
const char *secretKeyHex;
success = FALSE;
// Symmetric encryption algorithms are such that the encryptor and decryptor
// share a pre-known secret key. This could be a "single-use" key that is
// derived from a secure key exchange algorithm using RSA, ECC, or Diffie-Hellman,
// or it could be a password known to both sides, or
// it could simply be the binary bytes of the secret key known in advance on both
// sides.
// A secret key has no structure. It's nothing more than N bytes of data.
// It should typically be random data, or bytes that resemble random data such
// as the hash of a password.
// The number of bytes in the secret key defines the bit-strength of an encryption
// algorithm. For example, AES with a 32-byte key is 256-bit AES. Most algorithms
// define restrictions on key sizes. For example, AES has 3 choices: 128-bit, 192-bit,
// or 256-bit. In the ChaCha20 algorithm, the key size must always be 256-bits (32-bytes).
// Both sides (encryptor and decryptor) must be in possession of the same secret key
// in order to communicate. Whichever side generates the key, it must somehow
// deliver the key to the other side beforehand. Key exchange algorithms, such as RSA, ECC,
// and Diffie-Hellman define secure ways of exchanging symmetric encryption keys.
// They do so using asymmetric encryption algorithms (public/private keys). It is not
// required to use a key exchange algorithm to achieve the goal of having both sides
// in possession of the same secret key. A long-living secret key could be exchanged
// via any secure out-of-band means. For example, exchanging the information over a secure
// TLS (HTTPS) or SSH connection...
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
crypt = CkCrypt2_Create();
CkCrypt2_putCryptAlgorithm(crypt,"aes");
CkCrypt2_putKeyLength(crypt,256);
// Generate a 32-byte random secret key,
// and use it in the crypt object.
prng = CkPrng_Create();
secretKeyHex = CkPrng_genRandom(prng,32,"hex");
// It is important that the number of bytes in the secret key
// matches the value specified in the KeyLength property (above).
CkCrypt2_SetEncodedKey(crypt,secretKeyHex,"hex");
printf("randomly generated key: %s\n",secretKeyHex);
CkCrypt2_Dispose(crypt);
CkPrng_Dispose(prng);
}