The key size can be reduced to 128 bits, which is still considered "strong" encryption, but it doesn't give much of a safety margin if attacks are discovered that weaken AES. The iteration count can be changed depending on the computing resources available. The key derivation function is iterated to require significant computational effort, and that prevents attackers from quickly trying many different passwords. The magic numbers (which could be defined as constants somewhere) 65536 and 256 are the key derivation iteration count and the key size, respectively. SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES") SecretKey tmp = factory.generateSecret(spec) KeySpec spec = new PBEKeySpec(password, salt, 65536, 256) SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256") Then to derive a good key from this information: /* Derive the key, given password and salt. Share the password (a char) and salt (a byte-8 bytes selected by a SecureRandom makes a good salt-which doesn't need to be kept secret) with the recipient out-of-band. The "TODO" bits you need to do yourself :-) byte key = null // TODOĬipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding") Ĭipher.init(Cipher.ENCRYPT_MODE, keySpec) The following is some code I am using now that I have some more experience with this. I was actually padding the password out to 256 bytes, not bits, which is too long. Kgen.init(128) // 192 and 256 bits may not be available KeyGenerator kgen = KeyGenerator.getInstance("AES") I do have the unlimited jurisdiction patch installed, so thats not the problem :) How can I create my own key? I have tried padding it out to 256 bits, but then I get an error saying that the key is too long. I need to implement 256 bit AES encryption, but all the examples I have found online use a "KeyGenerator" to generate a 256 bit key, but I would like to use my own passkey.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |