Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Tcl) Generate Encryption KeyDiscusses symmetric encryption key generation techniques for block encryption algorithms such as AES, Blowfish, and Twofish, or for other algorithms such as ChaCha20.
load ./chilkat.dll # Symmetric encryption algorithms are such that the encryptor and decryptor # share a pre-known secret key. This could be a "single-use" key that is # derived from a secure key exchange algorithm using RSA, ECC, or Diffie-Hellman, # or it could be a password known to both sides, or # it could simply be the binary bytes of the secret key known in advance on both # sides. # A secret key has no structure. It's nothing more than N bytes of data. # It should typically be random data, or bytes that resemble random data such # as the hash of a password. # The number of bytes in the secret key defines the bit-strength of an encryption # algorithm. For example, AES with a 32-byte key is 256-bit AES. Most algorithms # define restrictions on key sizes. For example, AES has 3 choices: 128-bit, 192-bit, # or 256-bit. In the ChaCha20 algorithm, the key size must always be 256-bits (32-bytes). # Both sides (encryptor and decryptor) must be in possession of the same secret key # in order to communicate. Whichever side generates the key, it must somehow # deliver the key to the other side beforehand. Key exchange algorithms, such as RSA, ECC, # and Diffie-Hellman define secure ways of exchanging symmetric encryption keys. # They do so using asymmetric encryption algorithms (public/private keys). It is not # required to use a key exchange algorithm to achieve the goal of having both sides # in possession of the same secret key. A long-living secret key could be exchanged # via any secure out-of-band means. For example, exchanging the information over a secure # TLS (HTTPS) or SSH connection... # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set crypt [new_CkCrypt2] CkCrypt2_put_CryptAlgorithm $crypt "aes" CkCrypt2_put_KeyLength $crypt 256 # Generate a 32-byte random secret key, # and use it in the crypt object. set prng [new_CkPrng] set secretKeyHex [CkPrng_genRandom $prng 32 "hex"] # It is important that the number of bytes in the secret key # matches the value specified in the KeyLength property (above). CkCrypt2_SetEncodedKey $crypt $secretKeyHex "hex" puts "randomly generated key: $secretKeyHex" # Alternatively, a password could be hashed using a hash algorithm # the results in the desired key length. Our desired key length # in this case is 32 bytes, so we wouldn't want MD5 (16 bytes), # nor would we want to use SHA-1 (20 bytes). SHA256 would be the # hash of choice because it results in 32-bytes of random-looking # key material. CkCrypt2_put_HashAlgorithm $crypt "SHA256" CkCrypt2_put_EncodingMode $crypt "hex" set secretKeyHex [CkCrypt2_hashStringENC $crypt "mypassword"] CkCrypt2_SetEncodedKey $crypt $secretKeyHex "hex" puts "password-based key: $secretKeyHex" delete_CkCrypt2 $crypt delete_CkPrng $prng |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.