这是一个系统的存根,它可以在OpenSSL中使用AES 256 CBC生成密钥对。下面代码的目标是生成两个随机密钥,一个AES密钥和一些其他公共数据。 AES密钥将用于交换共享密钥。基于PBKDF的AES密钥的强度
声明:我不是密码学或安全系统方面的专家。我意识到危险,但这个练习的重点是学术兴趣。如果有新手错误或者完全不正确的危险错误,请指出来帮助我学习。
// The key_generator() will produce the following public keys in addition
// to a couple of other private keys.
// public_identifier
// public_salt
// public_composite_identifier
// public_aes_key
int key_generator(/*some args*/)
{
// Step 1
//Obtain public_identifier. Possibly a hashed value of an unique ASCII string.
unsigned char *public_identifier;
// Step 2
//Generate 256 bit private_primary_random_passkey which is secret.
//This random key is generated once and reused later.
unsigned char *private_primary_random_passkey;
if(RAND_bytes(private_primary_random_passkey, 256) == 0)
return FAILURE;
// Step 3
//Generate private_composite_identifier using public_identifier
//and private_primary_random_passkey.
//IMPORTANT - The method to obtain private_composite_identifier
//may be publicly known.
//The public_identifier is also publicly known but the
//private_primary_random_passkey is secret.
unsigned char *private_composite_identifier;
//<Some code for generating private_composite_identifier>
//.....
//</code>
// Step 4
//Generate temporary temp_private_aes_key and temp_private_aes_IV;
//NOTE - Used dummy vars wherever key length is required.
//Assume correct length is passed in.
int aes_rounds = 25000;
unsigned char *temp_private_aes_key;
unsigned char *temp_private_aes_IV;
if(EVP_BytesToKey(EVP_aes_256_cbc(),
EVP_sha512(),
private_composite_identifier,
private_primary_random_passkey,
private_composite_identifier_length/8,
aes_rounds,
temp_private_aes_key,
temp_private_aes_IV) == 0)
return FAILURE;
// Step 5
//Generate 128 bit random salt which is public.
unsigned char *public_salt;
if(RAND_bytes(public_salt, 128) == 0)
return FAILURE;
// Step 6
//Generate private_composite_identifier and public_composite_identifier
//using temp_private_aes_key and public_salt.
unsigned char *public_composite_identifier;
unsigned char *private_composite_identifier;
if(EVP_BytesToKey(EVP_aes_256_cbc(),
EVP_sha512(),
temp_private_aes_key,
public_salt,
temp_private_aes_key_length/8,
aes_rounds,
private_composite_identifier,
public_composite_identifier) == 0)
return FAILURE;
// Step 7
//Generate 128 bit private_secondary_random_passkey which is secret.
//This random key is generated once and reused later.
unsigned char *private_secondary_random_passkey;
if(RAND_bytes(private_secondary_random_passkey, 128) == 0)
return FAILURE;
unsigned char *private_aes_key;
unsigned char *public_aes_key;
if(EVP_BytesToKey(EVP_aes_256_cbc(),
EVP_sha512(),
private_composite_identifier,
private_secondary_random_passkey,
private_composite_identifier_length/8,
aes_rounds,
private_aes_key,
public_aes_key) == 0)
return FAILURE
}
这里是我的问题:
- 如果一个RSA密钥对被用来替代AES密钥?为什么会比另一个更受欢迎?
- 由于用于生成密钥对的密钥很长,随机生成和腌制,以后使用相同的AES/RSA密钥对是否安全?我了解彩虹表和其他措施的风险,但不是那些随随着三级密钥生成随机盐和密钥而减轻的问题?
- 恶意攻击者可以使用公开可用的数据重新创建密钥对或破坏此系统的方式有哪些?
- 您可以考虑阻止或增强此系统的其他任何要点。
谢谢你的时间。
AES是对称的。 RSA是不对称的。 –
@JonathonReinhart - 感谢您指出n00b错误。 :)如果在第7步中我们从可用信息生成一个RSA密钥对并且使用此密钥对进行未来加密,您是否可以重新考虑这些问题? –