On Saturday, December 11, 2010 4:30:01 AM UTC+9, Steve Hugg wrote:
>
> More debugging on this issue...
>
> I am using this method to generate keys from a passphrase:
>
> KeyGenerator kgen = KeyGenerator.getInstance("AES", "BC");
> SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
> sr.setSeed(seed);
> kgen.init(128, sr);
> SecretKey skey = kgen.generateKey();
> byte[] raw = skey.getEncoded();
>
>
How exactly are you generating your key from a password? If 'seed' is your
password,
this code is very wrong. You should use password-based encryption to
generate
a key from password. Something like:
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKeyFactory keyFactory =
SecretKeyFactory.getInstance("PBEWithSHA1AndAES");
SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
