How to generate strong one time session key for AES in python

Question

I am using M2Crypto's AES for encrypting message, but confused about how to generate a strong random session key and of what length. Does M2Crypto provide any function for generation random key.

score 19 · Accepted Answer · answered Feb 15 '11 at 08:55

19

AES-128 has 128 bit key = 16 bytes.

random_key = os.urandom(16)

should be sufficient for most uses. When you feed this random value to M2 (or whatever crypto library), it is transformed internally into a "key schedule" actually used for encryption.

answered Feb 15 '11 at 08:55

Dmitry Dvoinikov

411
3
3

score 4 · Answer 2 · answered Feb 15 '11 at 10:38

4

M2Crypto is notorious for lack of good documentation.

Here is what I could gather from their test cases:

import os
from M2Crypto import EVP

k = EVP.Cipher(alg='aes_128_cbc', key=os.urandom(16), iv=os.urandom(16), op=enc)

answered Feb 15 '11 at 10:38

user7305

5,741
9
28
23

score 0 · Answer 3 · answered Feb 15 '11 at 09:50

If you are encrypting to send to another party then you want to do something like Diffie Hellman or ECDH key exchange to establish a shared secret. If you just want to encrypt for storage, then you need a secure random number generator. I do not believe M2Crypto provides this?

It looks like M2Crypto does support Diffie Hellman.

How to generate strong one time session key for AES in python

3 Answers3