|
Chilkat • HOME • Android™ • Classic ASP • C • C++ • C# • Mono C# • .NET Core C# • C# UWP/WinRT • DataFlex • Delphi ActiveX • Delphi DLL • Visual FoxPro • Java • Lianja • MFC • Objective-C • Perl • PHP ActiveX • PHP Extension • PowerBuilder • PowerShell • PureBasic • CkPython • Chilkat2-Python • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • Visual Basic 6.0 • VB.NET • VB.NET UWP/WinRT • VBScript • Xojo Plugin • Node.js • Excel • Go
(VB.NET UWP/WinRT) Generate Encryption KeyDiscusses symmetric encryption key generation techniques for block encryption algorithms such as AES, Blowfish, and Twofish, or for other algorithms such as ChaCha20.
' Symmetric encryption algorithms are such that the encryptor and decryptor ' share a pre-known secret key. This could be a "single-use" key that is ' derived from a secure key exchange algorithm using RSA, ECC, or Diffie-Hellman, ' or it could be a password known to both sides, or ' it could simply be the binary bytes of the secret key known in advance on both ' sides. ' A secret key has no structure. It's nothing more than N bytes of data. ' It should typically be random data, or bytes that resemble random data such ' as the hash of a password. ' The number of bytes in the secret key defines the bit-strength of an encryption ' algorithm. For example, AES with a 32-byte key is 256-bit AES. Most algorithms ' define restrictions on key sizes. For example, AES has 3 choices: 128-bit, 192-bit, ' or 256-bit. In the ChaCha20 algorithm, the key size must always be 256-bits (32-bytes). ' Both sides (encryptor and decryptor) must be in possession of the same secret key ' in order to communicate. Whichever side generates the key, it must somehow ' deliver the key to the other side beforehand. Key exchange algorithms, such as RSA, ECC, ' and Diffie-Hellman define secure ways of exchanging symmetric encryption keys. ' They do so using asymmetric encryption algorithms (public/private keys). It is not ' required to use a key exchange algorithm to achieve the goal of having both sides ' in possession of the same secret key. A long-living secret key could be exchanged ' via any secure out-of-band means. For example, exchanging the information over a secure ' TLS (HTTPS) or SSH connection... ' This example assumes the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. Dim success As Boolean Dim crypt As New Chilkat.Crypt2 crypt.CryptAlgorithm = "aes" crypt.KeyLength = 256 ' Generate a 32-byte random secret key, ' and use it in the crypt object. Dim prng As New Chilkat.Prng Dim secretKeyHex As String = prng.GenRandom(32,"hex") ' It is important that the number of bytes in the secret key ' matches the value specified in the KeyLength property (above). crypt.SetEncodedKey(secretKeyHex,"hex") Debug.WriteLine("randomly generated key: " & secretKeyHex) ' Alternatively, a password could be hashed using a hash algorithm ' the results in the desired key length. Our desired key length ' in this case is 32 bytes, so we wouldn't want MD5 (16 bytes), ' nor would we want to use SHA-1 (20 bytes). SHA256 would be the ' hash of choice because it results in 32-bytes of random-looking ' key material. crypt.HashAlgorithm = "SHA256" crypt.EncodingMode = "hex" secretKeyHex = crypt.HashStringENC("mypassword") crypt.SetEncodedKey(secretKeyHex,"hex") Debug.WriteLine("password-based key: " & secretKeyHex) |
||||
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.