All geek questions in one place

Is HKDF implemented in the Java cryptography architecture?

In the application I'm writing, I need to do HKDF to get two different keys from the same password. Searching for examples on how to do this in Java, I found the following two:

In both cases, HKDF is implemented on top of the HMAC provided by the JCA. I have not read these implementations in detail yet, but I was wondering, is this not implemented either in the JCA or in myself? Should I implement my own HKDF?

The part that worries me the most is wrong in applying the info argument. He looks nontrivial and critical.

+4
source share
1 answer

HKDF implementations in Java

No, the hashed message key derivation function (HMAC) (HKDF) , like most KDFs, does not have a standard implementation in the JCA.

There are several implementations implemented in other projects (for example, you already said):

, , Bouncy Castle, Hmac/Mac API. BC, , , . . , java lib ( RFC 5869), javax.crypto.Mac :

, , , , JCA Hmac.

HKDF

RFC 5869:

"info" HKDF, . - . (...) , .

, , IV , ( lib):

//example input
String userInput = "this is a user input with bad entropy";

HKDF hkdf = HKDF.fromHmacSha256();

//extract the "raw" data to create output with concentrated entropy
byte[] pseudoRandomKey = hkdf.extract(staticSalt32Byte, userInput.getBytes(StandardCharsets.UTF_8));

//create expanded bytes for e.g. AES secret key and IV
byte[] expandedAesKey = hkdf.expand(pseudoRandomKey, "aes-key".getBytes(StandardCharsets.UTF_8), 16);
byte[] expandedIv = hkdf.expand(pseudoRandomKey, "aes-iv".getBytes(StandardCharsets.UTF_8), 16);

//Example boilerplate encrypting a simple string with created key/iv
SecretKey key = new SecretKeySpec(expandedAesKey, "AES"); //AES-128 key
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(expandedIv));
byte[] encrypted = cipher.doFinal("my secret message".getBytes(StandardCharsets.UTF_8));
+4

Source: https://habr.com/ru/post/1684834/

More articles:


All Articles