Generating the same Symmetric Key without using random seed
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Generating the same Symmetric Key without using random seed
Hi group,
I have a C program that does peer to peer functions. I am using RSA PKI to encrypt the packets. I need to be able to generate the same PKI keys on both machines. So I don't want to use a random seed. RSA_generate_key() calls random. Is there another API I can use that does not use random?
Wouldn't it be better to use the public-key encryption to send a common (random) passphrase, and then use symmetric encryption for the data itself? IIRC this is how SSL works.
(DISCLAIMER: I'm a total newbie at the moment. Take everything I say with several grains of salt.)
Just save yourself a lot of trouble and set up a VPN connection or an SSH tunnel between the two machines ... using digital certificates to secure the link.
If you are using PKI and feel the need to have "identical keys on both machines," you're missing the entire point ... barking up the wrong tree, as they say. Step back from your strategy and take a closer look. Or, describe what you're doing on this forum so that others can help you to use PKI more effectively.
Basically ... I think that you shouldn't have to "cobble up your own" solution here. (Actum Ne Agas: Do Not Do A Thing Already Done.™) And that, if for some reason you do, you're definitely not using PKI in the manner that its designers intended. Don't keep banging your head against this problem, because it's the wrong problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.