0

Is it possible to generate 2 pre-shared keys on on system, distribute them to two host A and B, so that A and B can then use those keys for the encrypted connection between them? I'm not talking about Public Keys like RSA, but 2 pre-shared keys that get handed over to the two parties!

I'd have to implement that in C++, so if possible I'd need a working solution for that.

jww
  • 97,681
  • 90
  • 411
  • 885
wasp256
  • 5,943
  • 12
  • 72
  • 119
  • *"Is it possible to generate 2 pre-shared keys on on system, distribute them to two host A and B, so that A and B can then use those keys for the encrypted connection between them"* - Yes. TLS provides to families of cipher suites for it: TLS-SRP and TLS-PSK. Both use a shared secret to build a secure channel. SRP uses the Diffie-Hellman problem, and PSK uses a Block Cipher as the underlying primitive. – jww Jan 14 '17 at 18:08
  • However both of those only use the pre-shared keys for authentication. They still use a negotiated session key for the actual encryption. – user207421 Jan 14 '17 at 18:19
  • So how would I make the two hosts use the pre-shared keys? Can I simply copy them in a special directory where they are read from and applied when they receive an incoming connection? – wasp256 Jan 15 '17 at 08:42

1 Answers1

3

Yes, it's possible. What you seem to be looking for is the symmetric-key encryption.

In that case, the key is usually just a required number of random bytes. Any cryptographically secure RNG source is ok for that. If you're going to use openssl afterwards, RAND_bytes() will work.

Also see AES Encryption -Key Generation with OpenSSL

viraptor
  • 33,322
  • 10
  • 107
  • 191
  • But how would I place this generated key then on the hosts and make them use it for incoming SSL/TLS connections? – wasp256 Jan 14 '17 at 10:16
  • That's not what the text of the question asks. But you can find the example in the first link of googling "openssl tls psk" https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c?at=default – viraptor Jan 15 '17 at 11:53