Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use /dev/random to create a key #22

Merged
merged 1 commit into from
Apr 19, 2022
Merged

Use /dev/random to create a key #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion man/stenc.1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ Allows you to manage hardware encryption on SSP enabled tape devices (LTO4, LTO5
.SH OPTIONS
.TP
\fB\-g \fIlength\fR \fB\-k\fR \fB<file to save as>\fR [\fB\-kd\fR \fI<key descriptor(uKAD)>\fR]
Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key. This will seed the random number generator so that your key is more secure. Specify the file to save the key into with the -k option (you will need write permissions to that file location). Lastly you can enter an optional key description using the -kd flag (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits.
Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key. This will seed the random number generator so that your key is more secure. On systems with \fB/dev/random\fR, the key is automatically generated from the random content read from this file. Specify the file to save the key into with the -k option (you will need write permissions to that file location). Lastly you can enter an optional key description using the -kd flag (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits.

.TP
\fB\-f\fR \fIdevice\fR
Expand Down
48 changes: 31 additions & 17 deletions src/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -550,21 +550,35 @@ std::string timestamp(){

string randomKey(int length)
{
cout<<"Enter random keys on the keyboard to seed the generator."<<endl<<"End by pressing enter..."<<endl;
double check=0;
char c=0;
echo(false);
while(c!=10){
check+=(int)c;
c=getchar();
}
echo(true);
srand(time(NULL)+(int)check);
stringstream retval;
for (int i=0; i<length; i++)
{
retval <<HEX(rand() % 256);
}
retval << endl;
return retval.str();
unsigned char rnd;
stringstream retval;
ifstream random;

//Under Linux and AIX /dev/random provides much more cryptographically secure random output than rand()
random.open("/dev/random", ios::in|ios::binary);
if(random.is_open()){
for(int i=0; i<length; i++)
{
random.read(reinterpret_cast<char*>(&rnd), 1);
retval <<HEX(rnd);
}
random.close();
}else{
cout<<"Enter random keys on the keyboard to seed the generator."<<endl<<"End by pressing enter..."<<endl;
double check=0;
char c=0;
echo(false);
while(c!=10){
check+=(int)c;
c=getchar();
}
echo(true);
srand(time(NULL)+(int)check);
for(int i=0; i<length; i++)
{
retval <<HEX(rand() % 256);
}
}
retval << endl;
return retval.str();
}