如何从DH密钥获取AES密钥 [英] How to get AES secret key from DH secret key
问题描述
我有以下代码将DH秘密密钥转换为AES秘密密钥.直到 Oracle JRE 8u161 一直有效开始限制DH密钥的创建< java.security
文件中的1024.现在,我将在最后一行得到NoSuchAlgorithmException: Unsupported secret key algorithm AES
.
I have the following code that converts a DH secret key to AES secret key. This used to work until Oracle JRE 8u161 when they started restricting creation of DH keys < 1024 in java.security
file. Now, I will get NoSuchAlgorithmException: Unsupported secret key algorithm AES
at the last line.
PrivateKey privKey = null;
PublicKey pubKey = null;
PublicKey agreement = null;
KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
keyAgreement.init(privKey);
keyAgreement.doPhase(pubKey, false);
keyAgreement.doPhase(agreement, true);
SecretKey key = keyAgreement.generateSecret("AES");
我尝试将最后一行更改为此.我可以使用新密钥进行加密和解密,但这不适用于以前生成的旧密钥.
I tried changing the last line to this. I can encrypt and decrypt using the new keys but this does not work with the old keys generated before.
byte[] encodedKey = keyAgreement.generateSecret();
SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
我发现了一个类似的SO问题方法KeyAgreement.generateSecret(String algorithm)有什么作用? ,但是我仍然不知道如何在不破坏现有密钥的情况下解决此问题.
I found a similar SO question What metod KeyAgreement.generateSecret(String algorithm) does? but I am still clueless on how I can fix this without breaking the existing keys.
推荐答案
通常,密钥大小要求是在Cipher
和KeyAgreement
类本身中检查的,而不是由提供程序进行的服务实现.当然,不管[ EDIT ",我们都尝试测试其他提供程序,例如Bouncy Castle提供程序:在这种情况下,这似乎可行,因此密钥大小限制在Java运行时附带的默认提供程序中,使用"BC"提供程序似乎可以正常工作,
Generally key size requirements are checked in the Cipher
and KeyAgreement
class itself rather than the service implementation by the provider. It is of course try to test another provider such as the Bouncy Castle provider regardless [EDIT: this seems to work in this case, so the key size restraints are in the default provider delivered with the Java runtime, using the "BC" provider seems to work fine, see the comment below the answer].
如果使用其他提供程序不起作用,则使用Bouncy Castle轻量级API(org.bouncycastle.**
类)来使用DH的另一个软件实现,从而完全绕过KeyAgreement
类.但是,应避免单步执行JCA/KeyAgreement
.
If using another provider doesn't work then use the Bouncy Castle lightweight API (org.bouncycastle.**
classes) to use another software implementation of DH, bypassing the KeyAgreement
class altogether. Stepping outside the JCA / KeyAgreement
should however be avoided.
不用说,不使用<的要求;有1024位密钥是有原因的,它们不再被认为是安全的.尽快升级您的安全性!
Needless to say, the requirements of not using < 1024 bits keys are there for a reason, they are not considered secure anymore. Upgrade your security ASAP!
这篇关于如何从DH密钥获取AES密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!