Open brianmwaters opened 4 years ago
Hi @brianmwaters,
Thanks for reaching out. I cannot recall exactly but I believe the decision to generate symmetric keys this way was because sodium-javascript lacked support for the crypto_secretbox_keygen
implementation.
Hello, I'm evaluating some encrypted
Storage
libraries for inclusion in a project, and I noticed a potential issue in the way secret-local-storage generates keys.The
keygen
function in https://github.com/little-core-labs/secret-local-storage/blob/master/keygen.js is intended to generate a key for later use with withcrypto_secretbox_easy
, which wraps a symmetric encryption algorithm. According to the Sodium documentation (https://libsodium.gitbook.io/doc/secret-key_cryptography/secretbox#example), the proper way to do this is to callcrypto_secretbox_keygen
.What
keygen
actually does is to callcrypto_sign_seed_keypair
, which generates a public-private keypair using Ed25519.keygen
then discards the public key, and extracts 256 bits from the private key, for later use as a 256-bit key for symmetric cryptography.I am not an expert in elliptic curve cryptography, and I do not know how Sodium stores Ed25519 private keys internally, but my concern is that by using part of an asymmetric private key as a symmetric key, the resulting key may not have the level of entropy necessary for secure operation.
Is there any particular reason that
keygen
works this way? Perhaps I am missing something here. Thanks for your time time and for this library.