How to generate keys

[vegardlarsen]

Thanks for this project. I have been reading through trying to get a grasp on things, and I think an important function for your API would be generating keys in a secure matter.

I see from your tests that symmetric keys for v2 are generated from 32 random bytes. Is 256 bits considered secure enough here? Could this be documented somewhere?

I think it would be useful if ProtocolInteface had two extra methods that would correspond to the algorithms in use:

• generateAsymmetricKeys(): generates asymmetric keys
• generateSymmetricKey(): generates a symmetric key

It would be up to each version to decide what is considered a secure enough key. These could take an optional key length, preferably with guidance in the documentation as to which length to choose?

[paragonie-scott]

Is 256 bits considered secure enough here?

Yes.

These could take an optional key length, preferably with guidance in the documentation as to which length to choose?

At no point in the Paseto protocol is the key size dynamic.

• Version 1:
  • RSA: 2048-bit
  • AES: 256-bit
• Version 2:
  • Ed25519: 256-bit (Elliptic Curve Cryptography)
  • ChaCha20: 256-bit

This is all hard-coded into each protocol version. The goal of Paseto was to reduce the number of knobs and levers that developers have to mess with.

[vegardlarsen]

Thanks for the quick response.

I must have missed the part about static key lengths; but my point still stands. It should be easy to generate keys for use with each protocol version, and standardizing (in code) how keys are generated in each version would remove another opportunity for doing the wrong thing.

I love this project by the way. :)

[paragonie-scott]

That was a good idea, and it also uncovered a deficiency in the implementation. 👍