Creating AES 256 and Diffie Hellman keys

Tue Mar 28 08:53:46 UTC 2023

Hello Michael,

Apologies for delayed reply as was on travel!!

I understand your concern of clicking random links by strangers, however
thought that it will be a known link to few regular users of OpenSSL on
Windows. I will take care of providing text in new queries/reply as
mentioned.

I am not much into the dev side of Cryptography, as I am more into Applied
Cryptography depending upon the version used. Would surely like to explore
OpenSSL as well, and will send new email for that.

Regrading umask, I was referring to the cryptographic mask (Attributes) of
the key so that it will be used for specific purpse say
encryption/decryption/signing etc. I can relate the umask you were
referring to for Unix/like systems.

I will surely go through the references mentioned by you for blog post. I
am trying to explore the next level of cryptography based on my experience,
to see how things are designed that I have been using for years now. I
agree and believe the same thing to use an existing robust system, instead
of creating something from scratch.

I appreciate your time and help in answering the query.

On Sat, Mar 4, 2023 at 8:01 PM Michael Wojcik via openssl-users <
openssl-users at openssl.org> wrote:

> > From: Newbie User <n3wbie001 at gmail.com>
> > Sent: Saturday, 4 March, 2023 02:04
>
> > I am using OpenSSL on Windows from: was expecting an exe installer
> directly by OpenSSL
>
> OpenSSL is an open-source project. It doesn't install anything (leaving
> FIPS aside). You may have gotten an OpenSSL build from somewhere that
> includes the OpenSSL binaries (I'm not following links to random sites in
> email messages from people I don't know), but that's not relevant to my
> question, which was what OpenSSL version you're using and what commands
> you're running.
>
> In the future, please provide that information with your questions, and do
> it as text, not screenshots. Screenshots are a waste of resources, they
> have poor accessibility, and it's not possible to copy text out of them
> when replying. They're almost always a bad idea.
>
> That said, we now know you're using OpenSSL 3.0.8, and that you used
> openssl enc. Per the OpenSSL documentation and the warning message you
> received, by default that uses a deprecated key-derivation mechanism that
> does not provide what's now considered an adequate work factor for
> dictionary attacks on the key. (The documentation doesn't describe that
> mechanism, but a quick look at enc.c in the sources shows that it's
> EVP_BytesToKey, and a quick look at *that* suggests it's one of the
> versions of PKCS#5, and I think OpenSSL uses SHA256 as the digest.)
>
> And the documentation and warning message both suggest you use the -pbkdf2
> option, which uses PBKDF2 with 1000 iterations for derivation (again, as
> noted in the documentation and the output of "openssl enc -pbkdf2"), or
> -iter, which uses PBKDF2 with the specified number of iterations.
>
> If you don't know what that means, you don't yet know enough about modern
> cryptography to be doing low-level operations safely. There's no shame in
> that; *I* don't know enough about modern cryptography to be doing low-level
> operations safely, and I read about it on a regular basis. It's a
> specialized field.
>
> So the question here, as usual, is: What are you *actually* trying to do,
> and *why*? What problem are you trying to solve?
>
>
> > The command though I would need to explore the suggestions in output.
>
> Same command, with -pbkdf2 or -iter. "openssl enc -help" shows the syntax,
> and the documentation is online at openssl.org.
>
> > Also where can I see the standard umask table to use for the key usage
> type (incase required)
>
> I don't know what this means. The only technical meaning of "umask" I'm
> familiar with is the POSIX / SUS file-system permissions mask, which
> clearly doesn't apply here. You'll have to rephrase the question.
>
>
> > DH>> To generate the jointly established shared secret which is a
> symmetric key. Was wondering to achieve
> > the same via OpenSSL, first generating the DH parameters and then using
> it further.
>
> If you're trying to learn about cryptography, this sort of experimentation
> may be interesting, but it may not be the best way to go about it. You
> could start with primary sources like /Applied Cryptography/ and
> /Cryptographic Engineering/, but to be frank modern cryptography is far
> more complicated than what's described in texts. (I'm reminded of this
> every time I read a blog post from Filippo Valsorda or Soatok or Matt Green
> or the like.) Even using well-established, relatively simple algorithms
> like AES and DH in a relatively secure manner is not trivial, much less
> assembling them into a relatively secure protocol.
>
> If you're trying to build a cryptosystem to actually protect data from
> motivated attackers ... don't. Just don't. Use an existing one that's been
> vetted by experts.
>
> --
> Michael Wojcik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230328/53ea5dcf/attachment.htm>