Generally, one can use /dev/random. This is the most appropriate way, in my opinion, as it allows the system to take its own uncertainty and stir it into the entropy pool.
Alternatively, you can take a passphrase -- a section of a book that you pick, a set of words randomly chosen from the dictionary, or anything else -- and feed it to 'openssl dgst sha256 -hex', and then take 48 characters of the output and put it in there. Also, *WRITE THESE 48 CHARACTERS DOWN -- PREFERABLY PRINTED OUT, RATHER THAN WRITTEN, AND SAVE THE PAPER IN THE VAULT*. It's encryption, and if you don't keep it, your data is *lost forever*. -Kyle H On Sun, Sep 12, 2010 at 9:09 PM, Panikulam Vivek <vivekpaniku...@yahoo.co.uk > wrote: > hi Kyle > > Thanks for the response. How do you randomly generate a value? What are the > key-derivation functions and how do we use them? > > Regards > > ------------------------------ > *From:* "aerow...@gmail.com" <aerow...@gmail.com> > *To:* openssl-users@openssl.org > *Sent:* Fri, September 3, 2010 2:25:23 AM > *Subject:* Re: openssl and PeopleSoft > > The key that is sought in this field is a symmetric key, not an asymmetric > key. This means that RSA is not the correct type of key. > > Randomly generate a value, or use a particular passphrase and feed it into > a key-derivation function for the number of bits in the cipher size. > > -Kyle H > > On Thu, Sep 2, 2010 at 10:58 PM, Panikulam Vivek < > vivekpaniku...@yahoo.co.uk> wrote: > >> Hi >> >> I am trying to use openssl to generate RSA keys and use it in PeopleSoft. >> But PeopleSoft requires keys in hex notation with specific keysize of 168 >> which I am not able to generate with openSSL. Please let me know if anyone >> has experience working with OpenSSL for PeopleSoft.Any help is appreciated. >> Thanks >> >> Regards >> Vivek Panikulam >> >> >> >> *Use Entered Value* >> >> Select this option to use key values that aren't in the PeopleSoft >> keystore. Enter a key value that's formatted appropriately for the algorithm >> that you're configuring. This value will be entered into the PET keyset >> table, not the PeopleSoft keystore. >> >> The value that you enter has a length that depends on the keysize of the >> cipher. For triple DES with keysize 112, this is 16 bytes. For a keysize of >> 168, this is 24 bytes. This value should be represented in hex notation. >> >> You must generate the key value that you enter here. You can use any key >> generation utility capable of producing hex encoded keys of the required >> length. PeopleSoft delivers the core OpenSSL command line program >> precompiled and ready to use. You can use it to generate key values and >> perform other encryption-related tasks. The executable program is * >> PS_HOME*\bin\server\WINX86\ openssl.exe on Windows, and *PS_HOME*/bin/openssl >> on Unix and Linux platforms. >> >> > >
