Creating AES 256 and Diffie Hellman keys

Michael Wojcik Michael.Wojcik at microfocus.com
Sat Mar 4 14:30:58 UTC 2023


> From: Newbie User <n3wbie001 at gmail.com> 
> Sent: Saturday, 4 March, 2023 02:04
 
> I am using OpenSSL on Windows from: was expecting an exe installer directly by OpenSSL

OpenSSL is an open-source project. It doesn't install anything (leaving FIPS aside). You may have gotten an OpenSSL build from somewhere that includes the OpenSSL binaries (I'm not following links to random sites in email messages from people I don't know), but that's not relevant to my question, which was what OpenSSL version you're using and what commands you're running.

In the future, please provide that information with your questions, and do it as text, not screenshots. Screenshots are a waste of resources, they have poor accessibility, and it's not possible to copy text out of them when replying. They're almost always a bad idea.

That said, we now know you're using OpenSSL 3.0.8, and that you used openssl enc. Per the OpenSSL documentation and the warning message you received, by default that uses a deprecated key-derivation mechanism that does not provide what's now considered an adequate work factor for dictionary attacks on the key. (The documentation doesn't describe that mechanism, but a quick look at enc.c in the sources shows that it's EVP_BytesToKey, and a quick look at *that* suggests it's one of the versions of PKCS#5, and I think OpenSSL uses SHA256 as the digest.)

And the documentation and warning message both suggest you use the -pbkdf2 option, which uses PBKDF2 with 1000 iterations for derivation (again, as noted in the documentation and the output of "openssl enc -pbkdf2"), or -iter, which uses PBKDF2 with the specified number of iterations.

If you don't know what that means, you don't yet know enough about modern cryptography to be doing low-level operations safely. There's no shame in that; *I* don't know enough about modern cryptography to be doing low-level operations safely, and I read about it on a regular basis. It's a specialized field.

So the question here, as usual, is: What are you *actually* trying to do, and *why*? What problem are you trying to solve?


> The command though I would need to explore the suggestions in output.

Same command, with -pbkdf2 or -iter. "openssl enc -help" shows the syntax, and the documentation is online at openssl.org.

> Also where can I see the standard umask table to use for the key usage type (incase required)

I don't know what this means. The only technical meaning of "umask" I'm familiar with is the POSIX / SUS file-system permissions mask, which clearly doesn't apply here. You'll have to rephrase the question.


> DH>> To generate the jointly established shared secret which is a symmetric key. Was wondering to achieve
> the same via OpenSSL, first generating the DH parameters and then using it further.

If you're trying to learn about cryptography, this sort of experimentation may be interesting, but it may not be the best way to go about it. You could start with primary sources like /Applied Cryptography/ and /Cryptographic Engineering/, but to be frank modern cryptography is far more complicated than what's described in texts. (I'm reminded of this every time I read a blog post from Filippo Valsorda or Soatok or Matt Green or the like.) Even using well-established, relatively simple algorithms like AES and DH in a relatively secure manner is not trivial, much less assembling them into a relatively secure protocol.

If you're trying to build a cryptosystem to actually protect data from motivated attackers ... don't. Just don't. Use an existing one that's been vetted by experts.

-- 
Michael Wojcik


More information about the openssl-users mailing list