Symmetric Keys—Addendum

A couple of weeks ago I wrote a brief post about how to generate symmetric keys that can be used with DataPower.  It demonstrates how to generate shared keys of various lengths using the Unix dd command.  Today, someone asked how a shared key (or symmetric key) can be generated using the openssl command.

A shared key is really just a large number.  So, the openssl random number generator functionality can be used to generate a shared key that can be used with DataPower.

To generate a 256 bit key, run the following command:

openssl rand -hex -out secret.key 32

This will create a file named secret.key that contains a random number that is 32 bytes long.

The file will contain something like:

11b14cf4978ea922981376ed3d5433e50bf446fc53fdc4dd7da793a10128c0ae

I didn’t explicitly explain the length details in the last post.  A 32 byte random number is 32 * 8 bits = 256 bits long.  Thus, what was just created is a 256 bit key.

The “-hex” parameter generates hex output (base 16 numbers).  This is needed by DataPower.

So, now we have two ways to generate symmetric keys.