|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Generate Encryption KeyDiscusses symmetric encryption key generation techniques for block encryption algorithms such as AES, Blowfish, and Twofish, or for other algorithms such as ChaCha20.
Use ChilkatAx-win32.pkg Procedure Test Boolean iSuccess Handle hoCrypt Handle hoPrng String sSecretKeyHex // Symmetric encryption algorithms are such that the encryptor and decryptor // share a pre-known secret key. This could be a "single-use" key that is // derived from a secure key exchange algorithm using RSA, ECC, or Diffie-Hellman, // or it could be a password known to both sides, or // it could simply be the binary bytes of the secret key known in advance on both // sides. // A secret key has no structure. It's nothing more than N bytes of data. // It should typically be random data, or bytes that resemble random data such // as the hash of a password. // The number of bytes in the secret key defines the bit-strength of an encryption // algorithm. For example, AES with a 32-byte key is 256-bit AES. Most algorithms // define restrictions on key sizes. For example, AES has 3 choices: 128-bit, 192-bit, // or 256-bit. In the ChaCha20 algorithm, the key size must always be 256-bits (32-bytes). // Both sides (encryptor and decryptor) must be in possession of the same secret key // in order to communicate. Whichever side generates the key, it must somehow // deliver the key to the other side beforehand. Key exchange algorithms, such as RSA, ECC, // and Diffie-Hellman define secure ways of exchanging symmetric encryption keys. // They do so using asymmetric encryption algorithms (public/private keys). It is not // required to use a key exchange algorithm to achieve the goal of having both sides // in possession of the same secret key. A long-living secret key could be exchanged // via any secure out-of-band means. For example, exchanging the information over a secure // TLS (HTTPS) or SSH connection... // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt If (Not(IsComObjectCreated(hoCrypt))) Begin Send CreateComObject of hoCrypt End Set ComCryptAlgorithm Of hoCrypt To "aes" Set ComKeyLength Of hoCrypt To 256 // Generate a 32-byte random secret key, // and use it in the crypt object. Get Create (RefClass(cComChilkatPrng)) To hoPrng If (Not(IsComObjectCreated(hoPrng))) Begin Send CreateComObject of hoPrng End Get ComGenRandom Of hoPrng 32 "hex" To sSecretKeyHex // It is important that the number of bytes in the secret key // matches the value specified in the KeyLength property (above). Send ComSetEncodedKey To hoCrypt sSecretKeyHex "hex" Showln "randomly generated key: " sSecretKeyHex // Alternatively, a password could be hashed using a hash algorithm // the results in the desired key length. Our desired key length // in this case is 32 bytes, so we wouldn't want MD5 (16 bytes), // nor would we want to use SHA-1 (20 bytes). SHA256 would be the // hash of choice because it results in 32-bytes of random-looking // key material. Set ComHashAlgorithm Of hoCrypt To "SHA256" Set ComEncodingMode Of hoCrypt To "hex" Get ComHashStringENC Of hoCrypt "mypassword" To sSecretKeyHex Send ComSetEncodedKey To hoCrypt sSecretKeyHex "hex" Showln "password-based key: " sSecretKeyHex End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.