Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

is AES key random?

Tags:

java

aes

AES key may be generate by this code

KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128); 

but

If I have a "very reliable" method of generating random numbers can I use it in such a way

SecureRandom rnd = new SecureRandom();
byte[] key = new byte[16];
rnd.nextBytes(key);

is key obtained by this method reliable ?

or it ONLY must generated by some SPECIAL algorithm

like image 441
terentev Avatar asked Apr 20 '12 19:04

terentev


1 Answers

The AES key can be any 128 bits. It should be be practically unguessable, whatever the method of creating it.

For Example:

SecureRandom sr = new SecureRandom()

key = new byte[16];
iv = new byte[16];

sr.nextBytes(key);
sr.nextBytes(iv);

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(IV));

SecretKeySpec, by the way, is just a thin wrapper around a byte[] --- it does not transform the key in any way. No "special algorithm".

like image 97
maybeWeCouldStealAVan Avatar answered Sep 29 '22 00:09

maybeWeCouldStealAVan