On Mon, Dec 17, 2012 at 8:59 AM, Matthew Fleming <mgf...@gmail.com> wrote:
> Got it. The problem was that I had replaced
>
> byte[] keyBytes = keyFactory.generateSecret(keySpec).getEncoded();
>
> SecretKey key = new SecretKeySpec(keyBytes, "AES");
>
>
> with
>
>
> SecretKey key = keyFactory.generateSecret(keySpec);
>
>
> This is not a problem for the generic version of the Bouncy Castle provider,
> but for some reason Android doesn't like it.
>
Right. That's kind of a tricky one. new SecretKeySpec() essentially
copies the key, stripping all associated parameters, etc. If you don't
do this, you will get the internal class that implements SecretKey and
if you pass it to some other algorithm it will usually check the actual
type (with instanceof) and try to do clever things if it finds a type
it knows about (like get associated IV, etc.). Unfortunately, this is
not something you usually want.
>
> For completeness, I've included the final version below. Does it look OK?
>
>
> Thanks again!
>
You are welcome. See comments inline.
>
>
> KeyGenerator generator = KeyGenerator.getInstance("AES");
>
> generator.init(128);
>
> Key keyToBeWrapped = generator.generateKey();
>
> Log.v("tag","input: " + new String(keyToBeWrapped.getEncoded()));
>
Passing random bytes to new String() is a recipe for disaster: it might
sort of work, but you will get all sorts of strange errors when it changes
the underlying byte array. Encode keys and cipher text with Base64
if you need to convert to string and save or pass around. Or to hex
strings if you want to check the contents easily. Even for logging
it can be confusing.
>
> int iterationCount = 100;
>
> int saltLength = 8;
>
I'd still use a bigger iteration count and a bigger salt.
The rest looks OK, just make sure you save both the
salt and the IV along with the encrypted key, otherwise
you won't be able to recover it.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
