IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [key-generation]

Key generation is the process of generating keys for cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted.

323 questions
259
votes
7 answers

How do certification authorities store their private root keys?

Knowledge of a CA private key would allow MitM attackers to transparently supplant any certificates signed by that private key. It would also allow cyber criminals to start forging their own trusted certificates and selling them on the black…
lynks
  • 10,636
  • 5
  • 29
  • 54
214
votes
9 answers

Best Practice: ”separate ssh-key per host and user“ vs. ”one ssh-key for all hosts“

Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having one ssh-key for all…
static
  • 2,239
  • 2
  • 12
  • 7
186
votes
4 answers

SSH key-type, rsa, dsa, ecdsa, are there easy answers for which to choose when?

As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some information about differences between the types, but not…
user50849
  • 2,490
  • 2
  • 15
  • 15
69
votes
4 answers

What are requirements for HMAC secret key?

I'm creating HTTP REST service which will be available over tls only. For authentication purposes I plan to generate JWT token for every user using HMAC HS256. I need a secret key for HMAC. What are the requirements for secret key? Do I need a long…
ivstas
  • 793
  • 1
  • 6
  • 6
39
votes
6 answers

What does key signing mean?

What exactly does the "key signing" mean? So for example I have a private/public GPG key so that people could send me encrypted e-mail, because they know my public key. But: what does key signing mean in this example? E.g.: "a third person signs my…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
34
votes
1 answer

JSON Web Tokens - How to securely store the key?

I was building a RESTful Web Service when I came across JSON Web Tokens as an alternative to traditional cookies for authentication. The conceptual core of this method is that the server is the only agent that knows the secret key used to digest…
NMO
  • 443
  • 1
  • 4
  • 5
33
votes
2 answers

ssh-keygen: What is the passphrase for?

When using ssh-keygen: What is the passphrase for? Why is it optional? What are the security implications of specifying (or not specifying) one? Below is an excerpt taken from a shell session (some details may have been altered): user@localhost:~$…
voices
  • 1,649
  • 7
  • 22
  • 36
31
votes
2 answers

What exactly is a subkey?

I fairly understand the math behind RSA, Elgamal, AES, SHA but not how things are used in practise. How are subkeys different from master key? I understand its purpose from various websites but How is it internally implemented? How is it bound to…
balki
  • 817
  • 3
  • 9
  • 12
31
votes
1 answer

How should API keys be generated?

I want to make sure requests can't be forged and sent on to my server. In order to do this I need to generate an API key per user on my system. The purpose of the key will be to sign requests on the client side & validate them on the server. The…
James
  • 1,698
  • 3
  • 13
  • 18
30
votes
2 answers

Creating user specific authentication methods in SSH

I have configured sshd on an Ubuntu server to use key authentication and it is working fine. I had to disable password authentication for key authentication to work. Server is always accessed via remote terminals or putty. Now all user accounts…
Hrish
  • 411
  • 1
  • 4
  • 6
29
votes
1 answer

Where do I get prime numbers for Diffie-Hellman? Can I use them twice?

I realise it's very hard to generate suitable prime numbers and generators for the Diffie-Hellman key exchange. What is the best way to generate them? And if I have one, can I use it twice? According to Wikipedia, they are considered "public".
Stefano Palazzo
  • 971
  • 2
  • 11
  • 18
25
votes
4 answers

Why OpenSSL can't use /dev/random directly?

I couldn't find the answer for the reason anywhere, even the wiki page doesn't explain it. This seems like using a PRNG for seeding an another PRNG. The first one (/dev/random) may itself be seeded by a PRNG. I can 'understand' why the-randoption…
user2284570
  • 1,402
  • 1
  • 14
  • 33
24
votes
6 answers

Alternatives to HTML's deprecated for client certs?

The keygen tag is used to make browsers generate private keys and POST the resulting CSR to the server, which can then issue a certificate. It's now been deprecated, for rather stupid reasons but that's besides the point. So, what are the…
André Borie
  • 12,706
  • 3
  • 39
  • 76
22
votes
4 answers

Generate cryptographically strong pseudorandom numbers in Javascript?

Is there any good way to generate cryptographically strong pseudorandom (or true random) numbers in Javascript? The crucial requirement: if a.com's Javascript generates some random numbers, no one else should be able to predict those random numbers.…
D.W.
  • 98,420
  • 30
  • 267
  • 572
19
votes
2 answers

What is the difference between DHE and ECDH?

I learned that perfect forward secrecy is implemented through DHE and ECDH but what is the difference between these 2 key exchanges? Also can someone explain how perfect forward secrecy works? I've found a variety of answers online ranging from:…
Matthew Clenney
  • 293
  • 1
  • 2
  • 4
1
2 3
21 22