DataPower does not seem to provide a tool to generate a Shared Key that can be used with 3DES or AES algorithms. DataPower does provide a tool for generating X509 private keys, certificate requests, and self-signed certificates-in the Crypto Tools section-but we are concerned with Shared Keys today. This post will show you how to generate a shared key and use with it with DataPower.
A Shared Key is a cryptographic key that is used by a symmetric key algorithm such as 3DES or AES. A key can be any length; common algorithm lengths are usually a power of two
It is fairly easy to generate a Shared Key at the Unix command line using the information provided here. For example, for a 256 bit key, use the following command:
$ dd if=/dev/random count=32 bs=1 | xxd -ps
32+0 records in
32+0 records out
32 bytes (32 B) copied, 0.0176411 s, 1.8 kB/s
d58d25f4f0c68755ad60304d6ddc327798aeab21a4af35be9ef5d70db138
e874
The highlighted line above is the 256 bit key.
To generate a 128 bit key, use -count=16.
To generate a 192 bit key, use -count=24.
To generate a 256 bit key, use -count=32.
- Put the hex string generated by this command into a file called secret.key.
- Upload the key to the cert:/// directory on the appliance.
- Navigate to Objects->Crypto Configuration->Crypto Shared Secret Key.
- Click Add.
- Enter a name for the shared key.
- From the drop down, chose the secret.key file that was uploaded a moment ago.
- Click Apply.
- If no errors are displayed, the key was successfully read.
- Click Save.
This Crypto Shared Key object can now be used by Actions and XSLT functions that required a Shared Key for cryptographic operations.