确定性的产生RSA密钥对 [英] Deterministic generation of RSA encryption key pairs

问题描述

我试图确定性产生于Android使用Java的RSA密钥对。我的要求是这样的，我不能存储密钥对，并且它必须在运行时产生等同于任何previous /未来的运行。

I am trying to deterministically generate an RSA key pair using Java on Android. My requirements are such that I can't store the key pair and it must be generated at run time to be equivalent to any previous/future runs.

我的思想过程，我会确定性地播种随机数生成器，并沿传递生成器来创建密钥。我的code是：

My though process was that I would deterministically seed a random number generator and pass that generator along to create the keys. My code is:

SecureRandom random=SecureRandom.getInstance("SHA1PRNG");
random.setSeed(1234);   //something device specific will be used to set this
KeyPairGenerator keyGen=KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024, random);

KeyPair pair=keyGen.generateKeyPair();
PublicKey pub=pair.getPublic();
PrivateKey priv=pair.getPrivate();

由此产生的键是在每次运行的不同。然而，SecureRandom的数字是从运行相同的运行，甚至同一个跨设备。

The resulting keys are different from run to run. However, the SecureRandom numbers are the same from run to run and even the same across devices.

我在想什么？我如何能重复地我产生这些密钥？

What am I missing? How can I can I repeatably generate these keys?

感谢

推荐答案

你到底想干什么？即使这个工作，这个code将依靠Android上的SHA1PRNG实现的怪癖，所以它随时可能破裂。一般来说，过setSeed（）增加熵，所以你不能保证，即使你播种的SecureRandom 使用相同的种子。如果您尝试在桌面Java这个code将最有可能失败。到目前为止，它适用于大多数（所有？）目前的Andr​​oid版本，但不能保证这一点。

What are you trying to do? Even if this works, this code would rely on a quirk of the SHA1PRNG implementation on Android, so it might break at any time. Generally, setSeed() adds entropy so you can't guarantee that you will get the same numbers even if you seed the SecureRandom with the same seed. If you try this code on desktop Java it will most probably fail. So far it works on most (all?) current Android versions, but this is not guaranteed.

如果您想predictable键，您可能需要提供与pre-生成的密钥每个设备。如果你需要将它们存储安全，请使用ICS的钥匙链 API，或pre-ICS设备一个密码短语保护的密钥库。即使你不存储实际的关键，如果有人知道密钥是如何生成的（种子），他们可以产生相同的密钥，你的钥匙都只能作为种子安全。如果是设备特定的，没准它不是太难找。

If you want predictable keys, you might need to provision each device with pre-generated keys. If you need to store them securely, use the KeyChain API on ICS, or a pass-phrase protected keystore on pre-ICS devices. Even if you don't store the actual key, if someone knows how the keys are generated (the seed), they could generate the same keys, and your keys are only as secure as the seed. If it is device specific, chances are it's not too hard to find.

至于为什么这不起作用，RSA密钥生成器基本上产生随机 BigIntegers 在一个循环中，素数测试。黄金测试是概率性的，所以你可能会选择在每次运行时不同的素数。你可能想获得 SpongyCastle ，在模拟器上运行这个和 RSAKeyPairGenerator.java 来检查究竟是怎么回事。

As for why this doesn't work, the RSA key generator basically generates random BigIntegers in a loop, testing for primes. The prime test is probabilistic, so you might get different primes chosen on each run. You might want to get SpongyCastle, run this on an emulator and set breakpoints in RSAKeyPairGenerator.java to check what exactly is going on.

这篇关于确定性的产生RSA密钥对的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！