问题
I want to generate a Symmetric key using Single-step Key Derivation Function (KDF) based on SHA-256. I think key derivations are in the lightweight API of Bouncy Castle since 1.50.
I have successfully generated the secret key "Z".And have a code for generating KDF from Z.
Please kind the code below
byte[] data = new byte[16];
SecretKey secretKeyA = generateSharedSecretZ(keyPairA.getPrivate(),
keyPairB.getPublic());
System.out.println(bytesToHex(secretKeyA.getEncoded()));
//Single-Step KDF specification using SHA256
Digest digest = new SHA256Digest();
System.out.println(digest.getDigestSize());
HKDFBytesGenerator kDF1BytesGenerator = new HKDFBytesGenerator(digest);
kDF1BytesGenerator.init(new HKDFParameters(secretKeyA.getEncoded(),
generateSalt(), null));
kDF1BytesGenerator.generateBytes(data, 0, 16);
System.out.println(new String(data));
System.out.println(data.length);
Using the below method for generating the salt
private static byte[] generateSalt() throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] salt = new byte[32];
random.nextBytes(salt);
return salt;
}
I am using org.bouncycastle.crypto.generators.HKDFBytesGenerator for generating the Symmetric key using sha-256. Is the above implemention, a single-step KDF? Am I missing any relevant steps in generating the Symmetric key using single-step KDF using sha-256 according to the NIST 800-56A document.
Is there any standard size for the Symmetric key. Iam using the Symmetric key for Generates the MAC as per GCM-GMAC specification.
回答1:
Beware that you need to communicate the salt value if you use one in HKDF. For a KDF after Key Agreement - which should already provide you with enough entropy in the secret - I would consider it strictly optional.
Yes, it is a single step KDF (at least it doesn't use multiple iterations as would be expected for a Password Based Key Derivation Function.
No, you don't seem to be missing any steps (not that there are that many). You could consider using "GCM.GMAC".getBytes(StandardCharsets.US_ASCII) as value for info; this makes it easier to generate more keys later on.
There is no standard size for symmetric keys. Modern crypto would require at least 128 bits (16 bytes). AES uses 128, 192 or 256 bit keys, neither of which is a bad choice. AES-128 may be slightly faster and does not require the Unlimited Crypto files for Java. AES-256 may protect against some future attacks that uses Quantum Cryptoanalysis.
来源:https://stackoverflow.com/questions/24889923/symmetric-key-generation-after-ecdhc-using-kdf-with-sha-256