how to create a symmetric cipher

Sven Radde sven at radde.name
Wed Nov 15 07:46:21 CET 2006


Hello!

Wei Wu [H] schrieb:
> The data to be protected resides on a fixed harddisk in a Windows computer.
> I have a tool on Windows platform that does encryption using either a
> passphrase or a key file. Use of a key file is recommended as it is more
> secure (assuming passphrases can be cracked relatively easily). The key file
> is expected to be stored separately in a removable disk. So I need a tool to
> create a key. 
>
> I checked a few key tools such as java keytool and gpg, but their genkey
> option does not support the generation of a symmetric key/cipher.
No offense intended, but you are confusing the involved concepts quite
heavily.

What you need for your tool is merely a file filled with random data.
This "key" is totally different from what gnupg, java keytool, openssl
etc. use as keys for their sophisticated protocols.

However, gnupg offers to generate some random bytes using the
--gen-random command, which is probably what you need:

--gen-random /0|1|2/ [/count/]

    Emit COUNT random bytes of the given quality level. If count is not
    given or zero, an endless sequence of random bytes will be emitted.
    PLEASE, don't use this command unless you know what you are doing,
    it may remove precious entropy from the system!


So you would need to issue something like "gpg --gen-random 2 32 >
file.key" to generate a 32 Bytes (=256 Bit) file full with random data
to be used as a key by your other tool.
Note that I do not have an idea whether "0" or "2" is the highest
"quality" level for the random data. Probably others can clarify, but I
assume that 2 is highest quality.

HTH,
  Sven Radde



More information about the Gnupg-users mailing list