How to Generate a Symmetric Key by Usingthe pktool Command

/generate-pre-shared-key-wpa2.html. Some applications require a symmetric key for encryption and decryptionof communications. In this procedure, you create a symmetric key and storeit.

Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted. A device or program used to generate keys is called a key generator or keygen. Nov 04, 2014 The RSA Encryption Algorithm (2 of 2: Generating the Keys) Eddie Woo. Unsubscribe from Eddie Woo? Cancel Unsubscribe. Subscribe Subscribed Unsubscribe 873K.

• If your site has a random number generator, you can use thegenerator to create a random number for the key. This procedure does not useyour site's random number generator.

• You can instead use the dd command withthe Solaris /dev/urandom device as input. The dd commanddoes not store the key. For the procedure, see How to Generate a Symmetric Key by Using the dd Command.

1. (Optional) If you plan touse a keystore, create it.

   • To create and initialize a PKCS #11 keystore, see How to Generate a Passphrase by Using the pktool setpin Command.

   • To create and initialize an NSS database, see Example 15–5.

2. Generate a random number for use as a symmetric key.

   Useone of the following methods.

   • Generate a key and store it in a file.

     The advantageof a file-stored key is that you can extract the key from this file for usein an application's key file, such as the /etc/inet/secret/ipseckeys fileor IPsec.

     keystore

     The value file specifies the file typeof storage location for the key.

     outkey=key-fn

     Is the filename when keystore=file.

     keytype=specific-symmetric-algorithm

     For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

     keylen=size-in-bits

     Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

     dir=directory

     Is the directory path to key-fn.By default, directory is the current directory.

     print=n

     Prints the key to the terminal window. By default, the valueof print is n.

   • Generate a key and store it in a PKCS #11 keystore.

     Theadvantage of the PKCS #11 keystore is that you can retrieve the key by itslabel. This method is useful for keys that encrypt and decrypt files. Youmust complete Step 1 beforeusing this method.

     label=key-label

     Is a user-specified label for the key. The key can be retrievedfrom the keystore by its label.

     keytype=specific-symmetric-algorithm

     For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

     keylen=size-in-bits

     Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

     token=token

     Is the token name. By default, the token is Sun SoftwarePKCS#11 softtoken.

     sensitive=n

     Specifies the sensitivity of the key. When the value is y, the key cannot be printed by using the print=y argument.By default, the value of sensitive is n.

     extractable=y

     Specifies that the key can be extracted from the keystore.Specify n to prevent the key from being extracted.

     print=n

     Prints the key to the terminal window. By default, the valueof print is n.

   • Generate a key and store it in an NSS keystore.

     Youmust complete Step 1 beforeusing this method.

     keystore

     The value nss specifies the NSS type ofstorage location for the key.

     label=key-label

     Is a user-specified label for the key. The key can be retrievedfrom the keystore by its label.

     keytype=specific-symmetric-algorithm

     For a symmetric key of any length, the value is generic. For a particular algorithm, specify aes, arcfour, des, or 3des.

     keylen=size-in-bits

     Is the length of the key in bits. The number must be divisibleby 8. Do not specify for des or 3des.

     token=token

     Is the token name. By default, the token is the NSS internaltoken.

     dir=directory

     Is the directory path to the NSS database. By default, directory is the current directory.

     prefix=directory

     Is the prefix to the NSS database. The default is no prefix.

     print=n

     Prints the key to the terminal window. By default, the valueof print is n.

3. (Optional) Verify that the key exists.

   Useone of the following commands, depending on where you stored the key.

   • Verify the key in the key-fn file.

   • Verify the key in the PKCS #11 or the NSS keystore.

Example 14–5 Creating a Symmetric Key by Using the pktool Command

In the following example, a user creates a PKCS #11 keystore for thefirst time, and then generates a large symmetric key for an application. Finally,the user verifies that the key is in the keystore.

Example 14–6 Creating a DES Key by Using the pktool Command

In the following example, a secret key for the DES algorithm is created.The key is stored in a local file for later decryption. The command protectsthe file with 400 permissions. When the key is created,the print=y option displays the generated key in the terminalwindow.

DES mechanisms use a 64-bit key. The user who owns the keyfile retrievesthe key by using the od command.

Example 14–7 Creating a Symmetric Key for IPsec Security Associations

In the following example, the administrator manually creates the keyingmaterial for IPsec SAs and stores them in files. Then, the administrator copiesthe keys to the /etc/inet/secret/ipseckeys file and destroysthe original files.

• First, the administrator creates and displays the keys thatthe IPsec policy requires:

• Then, the administrator creates the following /etc/inet/secret/ipseckeys file:

• After verifying that the syntax of the ipseckeys fileis valid, the administrator destroys the original key files.

• The administrator copies the ipseckeys fileto the communicating system by using the ssh command oranother secure mechanism. On the communicating system, the protections arereversed. The first entry in the ipseckeys file protectsinbound packets, and the second entry protects outbound packets. No keys aregenerated on the communicating system.

What is that all about?

The task is to generate Armstrong Numbers from 1 up to the length of N decimal digits.

Armstrong number (aka Narcissistic number) of length N digits is a number which is equal to the sum of its digits each in power of N. For example: 153 = 1^3 + 5^3 + 3^3 = 3 + 125 + 27 = 153

More info at wiki

Brute force algorithm

There is an obvious bruteforce algorithms that:

0. Pre-generation of all powers i^j, where i is a digits, and j is possible length from 1 to N - this is necessary for all solutions
1. For each integer i from 1 to K
2. Divides i by digits
3. Calculate power of each digit
4. Sum up those powers
5. If this sum is equal to i - add it to the result list

Implementation: ArmstrongNumbersBruteforce.java

It can be improved by parallel calculation of sum of digit powers to the number generation.

Implementation: ArmstrongNumbersBruteforceOpt.java

Hash Approach - Divide At Impera

There is another interesting idea of bruteforce approach improvement.

1. Divide a number for two equal parts. In case of an odd N first part will be a bit longer. For example, if N=7, the number will be divide like XXXXYYY, where XXXX the first part (4 decimal digits), and YYY the second part with 3 digits.
2. Generate all integers i of the second part (in our example there will be integers from 001 to 999).
3. Calculate p equal to sum of digits in power of N.
4. Add to some hash the following pair {p-i, i}. For example, for i=725, p=7^7+2^7+5^7=901796. We add pair {901071, 725}.
5. Generate all integers i of the first part without leading zeros (in our example there will be integers from 1000 to 9999).
6. Calculate p equal to sum of digits in power of N.
7. Check if hash has a key of (i*10^(N/2)-p). For example, i=1741, thus p=1^7 + 7^7 + 4^7 + 1^7=839929. We look for key (1741000 - 839929) = (901071). OMG! It exists!!!
8. In case that key exists we unite the Armstrong number from two parts and add it to the result list. 1741000 + 725 = 1741725

One addition, is that we cannot store simply (key, value), we need to store multiple values, for example to be able to generate 370 and 371.

Generate All Keys Using Armstrong Axiom Algorithm 2

Implementation: ArmstrongNumbersHash.java

Multi Sets Approach

We may note that for each multi-set of digits, like [1, 1, 2, 4, 5, 7, 7] there is only one sum of powers, which in its turn may either be or be not represented by the digits from set. In the example 1^7 + 1^7 + 2^7 + 4^7 + 5^7 + 7^7 + 7^7 = 1741725, which can be represented by the digits and thus is an Armstrong number.

We may build an algorighm basing on this consideration.

1. For each number length from 1 to N
2. Generate all possible multi-sets of N digits
3. For each multi-set calculate sum of digits^N
4. Check if it's possible to represent the number we got on step 4 with the digits from the multi-set
5. If so - add the number to the result list

Generate All Keys Using Armstrong Axiom Algorithm Code

Complexity assestment The number of cases calculated for each length N is equal to the number of combinations (N + 9, 9) = (N+9)!/(9!N!). Thus for all Ns less than 10 we will generate 92,377 cases. For N<20: 20,030,009 cases.

Implementation: ArmstrongNumbersMultiSetLong.java

With optimizations:

• For long: ArmstrongNumbersMultiSetLongOpt.java
• For BigInteger: ArmstrongNumbersMultiSetBigIntegerOpt.java

Benchmarking

Generate All Keys Using Armstrong Axion Algorithm List

Let's compare the algorithms performance for different numbers of length N. I did the tests with my MacBook Pro.

Generate All Keys Using Armstrong Axiom Algorithm Video

Generate All Keys Using Armstrong Axion Algorithm Code

Clear win of the multi-set algorithm!