ECDHC后使用KDF与SHA-256的对称密钥生成 [英] Symmetric key generation after ECDHC using KDF with SHA-256
问题描述
我想使用基于SHA-256的单步密钥导出函数(KDF)生成对称密钥。
我认为密钥派生在Bouncy Castle的轻量级API,自1.50以来。
我已经成功生成了密钥Z
byte [] data = new byte [16];
SecretKey secretKeyA = generateSharedSecretZ(keyPairA.getPrivate(),
keyPairB.getPublic());
System.out.println(bytesToHex(secretKeyA.getEncoded()));
//使用SHA256的单步KDF规范
Digest digest = new SHA256Digest();
System.out.println(digest.getDigestSize());
HKDFBytesGenerator kDF1BytesGenerator = new HKDFBytesGenerator(digest);
kDF1BytesGenerator.init(new HKDFParameters(secretKeyA.getEncoded(),
generateSalt(),null));
kDF1BytesGenerator.generateBytes(data,0,16);
System.out.println(new String(data));
System.out.println(data.length);
使用以下方法生成盐
private static byte [] generateSalt()throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance(SHA1PRNG);
byte [] salt = new byte [32];
random.nextBytes(salt);
返回盐;
}
我使用org.bouncycastle.crypto.generators.HKDFBytesGenerator生成对称键,使用sha-256。是上面的实现,单步KDF?根据NIST 800-56A文档,我缺少使用单步KDF使用sha-256生成对称密钥的任何相关步骤。
是否有任何标准尺寸对称键。 Iam使用对称密钥按照GCM-GMAC规范生成MAC。
注意,需要传递salt值如果你在HKDF中使用一个。对于一个KDF后的密钥协议 - 这应该已经提供了足够的熵在秘密 - 我认为它是严格可选的。
是的,它是一个单步KDF至少它不会像使用基于密码的密钥导出函数所期望的那样使用多次迭代。
不,你似乎你可以考虑使用GCM.GMAC.getBytes(StandardCharsets.US_ASCII)作为信息的值;这使得
对称密钥没有标准大小,现代密码需要至少128位(16字节)AES使用128, 192或256位密钥,这两个都不是一个坏选择。AES-128可能稍快,不需要Java的无限制加密文件.AES-256可以保护未来的攻击,使用量子密码分析。
I want to generate a Symmetric key using Single-step Key Derivation Function (KDF) based on SHA-256. I think key derivations are in the lightweight API of Bouncy Castle since 1.50.
I have successfully generated the secret key "Z".And have a code for generating KDF from Z.
Please kind the code below
byte[] data = new byte[16];
SecretKey secretKeyA = generateSharedSecretZ(keyPairA.getPrivate(),
keyPairB.getPublic());
System.out.println(bytesToHex(secretKeyA.getEncoded()));
//Single-Step KDF specification using SHA256
Digest digest = new SHA256Digest();
System.out.println(digest.getDigestSize());
HKDFBytesGenerator kDF1BytesGenerator = new HKDFBytesGenerator(digest);
kDF1BytesGenerator.init(new HKDFParameters(secretKeyA.getEncoded(),
generateSalt(), null));
kDF1BytesGenerator.generateBytes(data, 0, 16);
System.out.println(new String(data));
System.out.println(data.length);
Using the below method for generating the salt
private static byte[] generateSalt() throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[32];
random.nextBytes(salt);
return salt;
}
I am using org.bouncycastle.crypto.generators.HKDFBytesGenerator for generating the Symmetric key using sha-256. Is the above implemention, a single-step KDF? Am I missing any relevant steps in generating the Symmetric key using single-step KDF using sha-256 according to the NIST 800-56A document.
Is there any standard size for the Symmetric key. Iam using the Symmetric key for Generates the MAC as per GCM-GMAC specification.
Beware that you need to communicate the salt value if you use one in HKDF. For a KDF after Key Agreement - which should already provide you with enough entropy in the secret - I would consider it strictly optional.
Yes, it is a single step KDF (at least it doesn't use multiple iterations as would be expected for a Password Based Key Derivation Function.
No, you don't seem to be missing any steps (not that there are that many). You could consider using "GCM.GMAC".getBytes(StandardCharsets.US_ASCII) as value for info; this makes it easier to generate more keys later on.
There is no standard size for symmetric keys. Modern crypto would require at least 128 bits (16 bytes). AES uses 128, 192 or 256 bit keys, neither of which is a bad choice. AES-128 may be slightly faster and does not require the Unlimited Crypto files for Java. AES-256 may protect against some future attacks that uses Quantum Cryptoanalysis.
这篇关于ECDHC后使用KDF与SHA-256的对称密钥生成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
