Example of authentication and encryption keys

ubccr / mokey

FreeIPA self-service account management portal

BSD 3-Clause "New" or "Revised" License

194 stars 46 forks source link

Example of authentication and encryption keys #40

Closed ian-s-mcb closed 5 years ago

ian-s-mcb commented 5 years ago

Could you give an example of what auth_key and enc_key should look like and how to generate them?

I was sure if those keys should be plaintext or the hash of some plaintext. Also, I wasn't sure how to specify bytes in a YAML file.

In Python 3.6, I can generate 16 secure random bytes by running:

import secrets
print(secrets.token_bytes(16))

All the project README has to say about those keys is:

auth_key: "32 or 64 bytes random key" enc_key: "16, 24, or 32 byte random key"

aebruno commented 5 years ago

These values are used to create secure cookies. For more details about how these values are used check out the docs here. auth_key = hashKey and enc_key = blockKey.

For your python example you could also use print(secrets.token_hex(16)) and copy the hex string to the yaml file. Another way to generate these might be to use openssl. For example, to generate the enc_key:

$ openssl rand -hex 16

ian-s-mcb commented 5 years ago

Thanks! That clarified everything. I suspected that the openssl command was an option. Very helpful!