Generate 256-bit Key

[Otilia Mojarro]

Ourfree mobile-friendly tool offers a variety of randomly generated keys and passwords you can use to secure any application, service or device. Simply click to copy a password or press the 'Generate' button for an entirely new set.

Your online passwords should always be between 8-12 characters long (more is always better) and should always include a combination of letters (both upper and lowercase), digits and symbols. And, don't forget to change your passwords regularly.

I have a 256bit fully random entropy source from dices, which is probably not cryptographically secure. I have read that it's customary to take the hash of the entropy source in order to generate a safe key.

If you roll enough dice, the rolls are fair, and no adversary can monitor them, it is cryptographically secure. The reason is simple: an adversary who can't snoop on the dice rolls can't guess the results in any reasonable amount of time either.

In such cases you might need more than 100 dice rolls to get to a full 256 bits of entropy. Or alternatively and much more practically, you could just convince yourself that the 100 dice rolls, even if somewhat unfair, are actually way more than enough to provide adequate security. You almost certainly don't need 256 bits of entropy anyway. Why not just settle for about 128 bits? Won't you get bored rolling 100 dice? Be practical!

What you need to do is encode the outcome of the rolls into a 256-bit string so that none of the possible 256-bit strings is significantly likelier than the others. Hashing a string with the results is a convenient way of achieving that.

This also answers your questions of "What happens if I cram more entropy into the hash function, say 270 bits" and "What happens if the hash function's output is of more bits than the entropy source (hash 256 bits, but entropy source only 250 bits), what happens then to the security of the key?"

Since ECC over P-256 provides only 128 bits of security, I'd like to cut corners and generate a private key using HKDF to generate 32 bytes of key material from an input secret that's only 16 bytes long, on the theory that it's no harder to brute-force the KDF than it is to break the key using Pollard-rho.

If you did use, say, 17 bytes (136 bits) of entropy for your KDF, then the attacker would simply choose to break the ECC using Pollard Rho, instead of breaking the KDF using brute-force, and in this case they would still not need to do any more than $ 2^128 $ work. (This is the weakest-point principle in action). This means that using more than 128 bits of entropy to generate a 256-bit ECC key is useless, unless your attacker is trying to break multiple keys.

The best attacks for (general) elliptic curves are square-root attacks (i.e., Pollard rho method and the likes). This means that ECC with a 256-bit key offers 128 bits of security. As a result, 128 bits of entropy are enough to generate a 256-bit ECC key.

P.S. Thank you - this asset has been a saviour to my development cycle and the documentation is great especially since I'm very technically unskilled at this stuff.

Apologies if this has been asked before, but I had searched and couldn't find the question.

At the moment tke Keychain tool UI can't generate certificate signing requests with the ECC algorithm, it only supports RSA. I have to update it. Meanwhile you can generate such a certificate signing request "by hand" with the OpenSSL binary that comes with the toolchain.

Note that for this you need an ECC private key too, which means you'll have two private keys (associated with two sets of certificates): one with the RSA algorithm for code signing your iOS apps, and one with the ECC algorithm for your Apple Pay needs.

I don't want to store a base64 string because that is too complicated for the person who might have to change the configuration. I want to store a string containing any characters. What is the best way to convert this password to a key for use in AES?

You might ask why you need the key: If you would change your password (and you had encrypted all your files with your password), you would need to first decrypt all your files with your orignal password and then re-encrypt them with your new password. With this implementation all you need to do is decrypt and re-encrypt the key (as this key serves as your password).

If you don't care about being able to change your password (I would consider this a very important feature, but maybe you don't), then you could skip the steps involving k1, and use k2 as your AES key and k3 to verify it.

You may also find it useful to generate another key for HMAC, so you can verify that the encrypted files haven't been tampered with. If you want to do that, you can generate a 128-bit HMAC key, and encrypt and store that with the main AES key.

If you generate a key you should somehow hash it, considering that a hash function is "sort-of" like a pseudo-rng. So using PBKDF2 is always good, since it is a key derivation method and is used specifically for this purpose. You pass in a password, and it generates a key you can use based on your password and a salt. As far as Salt, it is automagically part of PBKDF2 so you shouldn't have to worry about it.

If you use something like .NET and store the key in your web.config file you can encrypt parts of your web.config with either the machine key or an RSA key -us/library/dtkwfdky%28v=vs.100%29.aspx , the nice thing about this is that windows will take care of storing the RSA key and or machine key. You can even automate this process with your build server.

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

Returns a unique symmetric data key for use outside of KMS. This operation returns a plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the plaintext key are random; they are not related to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and store the encrypted data key with the encrypted data.

To generate a data key, specify the symmetric encryption KMS key that will be used to encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the type of your KMS key, use the DescribeKey operation.

To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec value of AES_128 or a NumberOfBytes value of 16 . The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.

To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext . To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure random byte string, use GenerateRandom .

You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext , you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException . For more information, see Encryption Context in the Key Management Service Developer Guide .

We recommend that you use the following pattern to encrypt data locally in your application. You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK , the Amazon DynamoDB Encryption Client , or Amazon S3 client-side encryption to do these tasks for you.

Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/" . To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency . For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide .

When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The CiphertextBlob field in the response contains a copy of the data key encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in the response is null or empty.

--cli-input-json (string)Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

3a8082e126