Opened 10 years ago

Last modified 9 years ago

#221 new enhancement

Add script for generating zcrypt keys — at Version 1

Reported by: Owned by:
Priority: minor Milestone:
Component: zephyr Keywords:

Description (last modified by

Creating a zcrypt key has some pitfalls for the unwary user: in particular, zcrypt will stop reading a key at a null byte or newline (AIUI). It's also not totally obvious how long a key should be. We should have a script in the source tree and the locker for easily generating zcrypt keys of the proper length and character set, so people don't accidentally generate weak keys.

Change History (1)

comment:1 Changed 10 years ago by

  • Description modified (diff)

I think this is most logically an option to zcrypt instead of a separate script.

But FTR, the script I use is tr -d '\000\n' < /dev/urandom | head -c 126. (126 bytes is the maximum length of an old-style DES key. An AES key can be more like 10998 bytes, but it’s hashed down to 16 bytes anyway. Both key types have the restriction against containing \0 or \n.)

Note: See TracTickets for help on using tickets.