I need to generate a key to use when encrypting a file symmetrically using AES256/CBC
我需要生成一个密钥,以便在使用AES256 / CBC对称加密文件时使用
The key itself will be encrypted with RSA public/private so I don't need a password applied.
密钥本身将使用RSA公共/私有加密,因此我不需要应用密码。
In Java, this seems to be done as follows:
在Java中,这似乎如下所示:
SecureRandom random = new SecureRandom();
byte[] keyBytes = new byte[32]; //32 Bytes = 256 Bits
random.nextBytes(keyBytes);
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
However, SecretKeySpec isn't defined in the C# BouncyCastle library available via NuGet.
但是,SecretKeySpec未在通过NuGet提供的C#BouncyCastle库中定义。
What's the C# equivalent? Since I'm not using a password, is it sufficient to just grab the next n random bytes from SecureRandom (which does exist)?
什么是C#等价物?由于我没有使用密码,只需从SecureRandom(确实存在)中获取下n个随机字节就足够了吗?
2 个解决方案
#1
1
As long as you are just using AES, you can get away with just building a KeyParameter class directly. However, there are symmetric algorithms with classes of known weak keys and/or other restrictions on what is a valid key, e.g. DESEDE.
只要您使用AES,就可以直接构建KeyParameter类。然而,存在具有已知弱密钥类和/或对有效密钥的其他限制的对称算法,例如, DESEDE。
If your code needs to handle multiple algorithms (or modes) generically, then you will be better off using Org.BouncyCastle.Security.GeneratorUtilites to get an appropriate key generator for the algorithm. Likewise, ParameterUtilities is preferred in the general case e.g. for adding an IV.
如果您的代码需要一般地处理多种算法(或模式),那么最好使用Org.BouncyCastle.Security.GeneratorUtilites为算法获取适当的密钥生成器。同样,在一般情况下,例如,参数优先是优选的。添加IV。
Likewise the Java code you gave will work OK for AES, but if you want to generalise across ciphers and modes, you ought to be using the KeyGenerator and AlgorithmParameterGenerator APIs.
同样,您提供的Java代码也适用于AES,但如果您想要在密码和模式之间进行概括,则应该使用KeyGenerator和AlgorithmParameterGenerator API。
#2
1
You can certainly just use the Bouncy Castle KeyParameter class using any well seeded PRNG, yes. The KeyParameter class handles more or less the same as SecretKeySpec although you don't have to specify the algorithm.
你当然可以使用任何种子播种的PRNG使用Bouncy Castle KeyParameter类,是的。尽管您不必指定算法,但KeyParameter类与SecretKeySpec的处理方式大致相同。
#1
1
As long as you are just using AES, you can get away with just building a KeyParameter class directly. However, there are symmetric algorithms with classes of known weak keys and/or other restrictions on what is a valid key, e.g. DESEDE.
只要您使用AES,就可以直接构建KeyParameter类。然而,存在具有已知弱密钥类和/或对有效密钥的其他限制的对称算法,例如, DESEDE。
If your code needs to handle multiple algorithms (or modes) generically, then you will be better off using Org.BouncyCastle.Security.GeneratorUtilites to get an appropriate key generator for the algorithm. Likewise, ParameterUtilities is preferred in the general case e.g. for adding an IV.
如果您的代码需要一般地处理多种算法(或模式),那么最好使用Org.BouncyCastle.Security.GeneratorUtilites为算法获取适当的密钥生成器。同样,在一般情况下,例如,参数优先是优选的。添加IV。
Likewise the Java code you gave will work OK for AES, but if you want to generalise across ciphers and modes, you ought to be using the KeyGenerator and AlgorithmParameterGenerator APIs.
同样,您提供的Java代码也适用于AES,但如果您想要在密码和模式之间进行概括,则应该使用KeyGenerator和AlgorithmParameterGenerator API。
#2
1
You can certainly just use the Bouncy Castle KeyParameter class using any well seeded PRNG, yes. The KeyParameter class handles more or less the same as SecretKeySpec although you don't have to specify the algorithm.
你当然可以使用任何种子播种的PRNG使用Bouncy Castle KeyParameter类,是的。尽管您不必指定算法,但KeyParameter类与SecretKeySpec的处理方式大致相同。