Bitcoin Forum

I'm looking at some Javascript AES, one of the things it will need to do is decrypt AES256 with password protection. In all the libraries I've been looking at they only look for the key.

So what do?

What is the difference between the key and a password? Both are used in the same way right?

Is there a way to generate the key from the password (is it a hash of the pasword?)

An AES key is what is actually used to do the encryption.  Somehow you have to arrive at such a key.  Many libraries use some kind of key derivation function to create such a key from a password.  There are several standards for key derivation and most have more parameters (like number of rounds and/or a salt).

Much obliged.

AES-256 needs a key of exactly 256 bits (128 bits for AES-128, etc.), so you often need to lengthen the password. It's also good to make a key of random bits instead of just ASCII text. So you hash the password with SHA-128/192/256, get 128/192/256 bits of "random" data, and use that as the key. Salting prevents the use of rainbow tables, and using multiple hash iterations slows down brute force attacks against the password.

If your password is somehow already exactly key size bits of random data, then you can use that as the key directly. One example of where this is useful is when you're encrypting a swap partition on Linux: the key can come directly from /dev/urandom, since no one needs to know it.

Thanks for the reply, the above information has been very usefull, and has pointed me to the solution. I want to decrpt some RSA keys that have been encrypted with Pythons m2crypto with AES-256.

Actually opening up the encrypted key you see this as the header.

DEK-Info is the important part. The first argument is the ancryption algorythm used, the second argument is the salt.

The password is then passed with the salt to PBKDF2 (Password-Based Key Derivation Function) which is what makes the actual key used to encrypt the keypair.