Symmetric key generation based on public-key cryptography

[brianmwaters]

Hello, I'm evaluating some encrypted Storage libraries for inclusion in a project, and I noticed a potential issue in the way secret-local-storage generates keys.

The keygen function in https://github.com/little-core-labs/secret-local-storage/blob/master/keygen.js is intended to generate a key for later use with with crypto_secretbox_easy, which wraps a symmetric encryption algorithm. According to the Sodium documentation (https://libsodium.gitbook.io/doc/secret-key_cryptography/secretbox#example), the proper way to do this is to call crypto_secretbox_keygen.

What keygen actually does is to call crypto_sign_seed_keypair, which generates a public-private keypair using Ed25519. keygen then discards the public key, and extracts 256 bits from the private key, for later use as a 256-bit key for symmetric cryptography.

I am not an expert in elliptic curve cryptography, and I do not know how Sodium stores Ed25519 private keys internally, but my concern is that by using part of an asymmetric private key as a symmetric key, the resulting key may not have the level of entropy necessary for secure operation.

Is there any particular reason that keygen works this way? Perhaps I am missing something here. Thanks for your time time and for this library.

[jwerle]

Hi @brianmwaters,

Thanks for reaching out. I cannot recall exactly but I believe the decision to generate symmetric keys this way was because sodium-javascript lacked support for the crypto_secretbox_keygen implementation.