本文讨论了在Java中如何使用标准JDK生成安全的随机AES密钥。推荐的方式是通过KeyGenerator实例化并使用SecureRandom来初始化。代码示例中,我们不指定随机数生成的具体实现,而是让提供商选择最佳方法。为了确保密钥的安全性,作者建议使用硬件安全模块(HSM)来生成和保护密钥,并提到了提供商可能提供的JCE提供程序。
What is the recommended way of generating a secure, random AES key in Java, using the standard JDK?
In other posts, I have found this, but using a SecretKeyFactory might be a better idea:
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
SecureRandom random = new SecureRandom(); // cryptograph. secure random
keyGen.init(random);
SecretKey secretKey = keyGen.generateKey();
It would be great if the answer included an explanation of why it is a good way of generating the random key. Thanks!
解决方案
I would use your suggested code, but with a slight simplification:
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256); // for example
SecretKey secretKey = keyGen.generateKey();
Let the provider select how it plans to obtain randomness - don't define something that may not be as good as what the provider has already selected.
This code example assumes (as Maarten points out below) that you've configured your java.security file to include your preferred provider at the top of the list. If you want to manually specify the provider, just call KeyGenerator.getInstance("AES", "providerName");.
For a truly secure key, you need to be using a hardware security module (HSM) to generate and protect the key. HSM manufacturers will typically supply a JCE provider that will do all the key generation for you, using the code above.
1384
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
