Generate Pre-Shared Key (PSK)

Generate Pre Shared Key [🔐PSK] - A reference

Pre-Shared Key?

In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

A PSK can be used to authenticate the VPN tunnel to your peer VPN gateway. It is recommended that you generate a strong 32-character pre-shared key.

When creating an IPsec VPN connection, the VPN server will not allow the authentication process to continue until the correct string of text is given. Unless the VPN server receives the shared secret, a username and password cannot be sent, and the connection will be refused.

Generator methods for your OS?

1. OpenSSL

On a Linux or macOS system, run the following OpenSSL command:

openssl rand -base64 24


2. /dev/urandom

On a Linux or macOS system, you can also use /dev/urandom as a pseudorandom source to generate a pre-shared key:

On Linux or macOS, send the random input to base64:

head -c 24 /dev/urandom | base64

Pass the random input through a hashing function, such as sha256:

On Linux:

head -c 4096 /dev/urandom | sha256sum | cut -b1-32

On macOS:

head -c 4096 /dev/urandom | openssl sha256 | cut -b1-32

3. JavaScript

You can also generate the pre-shared key directly in a document by using JavaScript with the W3C Web Cryptography API. This API uses the Crypto.getRandomValues() method, which provides a cryptographically sound way of generating a pre-shared key.

The following code creates an array of 24 random bytes, and then base64 encodes those bytes to produce a random 32-character string:

var a = new Uint8Array(24);

console.log(btoa(String.fromCharCode.apply(null, a)));