java - SHA3-512 to Generate Keys in Java
问题描述
Is it possible to use SHA3-512(a subset of keccak available in Java9) to generate keys in Java?
I have searched through a lot of noise and documentation to try to figure this out. Currently it seems SHA3-512 is available as a hash for MessageDigest but not for generating keys. My code below tries to generate keys predictably(for wallet purposes like BIP32 but beyond currency to blockchain uses)
public static String GenerateSeed() throws Exception {
SecureRandom random = new SecureRandom();
byte[] seed = random.generateSeed(512);
return Base64.getEncoder().encodeToString(seed);
}
public static Keyz GenerateKey(String seedString) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keyGen1 = KeyPairGenerator.getInstance("ECDSA");
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256k1");
SecureRandom random1 = SecureRandom.getInstance("SHA1PRNG");
random1.setSeed(Base64.getDecoder().decode(seedString));
keyGen1.initialize(ecSpec, random1);
KeyPair keyPair1 = keyGen1.generateKeyPair();
PublicKey pub1 = keyPair1.getPublic();
PrivateKey priv1 = keyPair1.getPrivate();
//Keyz is a simple model that stores the 3 fields below and overrides equals and hashcode on those fields
return new Keyz("random", pub1, priv1);
}
As you can see, it uses SHA1PRNG to predictably generate keypair deterministically(I am fine with the security concerns on this) so that the keys can be recreated deterministically.
Here is a JUnit test to make sure the keys are deterministic(works for SHA1PRNG, needs to work in SHA3PRNG). Ideally what is needed is a SHA3-512 TRNG in the GenerateSeed and a SHA3PRNG in the GenerateKey. Since the keygenerator needs a SecureRandom I would be surprised if java.Security.SecureRandom is still on something as insecure as SHA1PRNG.
@Test
public void shouldReturnDeterministicKeys() throws Exception {
String seedString = GenerateSeed();
Keyz random1 = GenerateKey(seedString);
Keyz random2 = GenerateKey(seedString);
//This assertion works as we override equals and hashcode
assertEquals(random1, random2);
}
Can someone please let me know if they figured a way to get this to work
解决方案
您正在寻找的东西似乎不是开箱即用的:
请注意SHA1
和SHA1PRNG
不等价。前者是散列算法,后者是伪随机生成算法(SHA1
当然,它用于更新其内部状态。)这种差异的一个简单结果是,SHA1
输出固定大小的位,其中SHA1PRNG
输出与你喜欢。
由于这种差异,虽然它在 Java 中可用,但SHA3-512
不能直接用作。PRNG
您需要做的是,PRNG
使用实现一个算法SHA3-512
(这部分非常棘手,因为生成伪随机流非常困难。)并通过您的自定义Security Provider
(就像Bouncy Castle
做的那样)用一些名称注册它MySHA3PRNG
。之后,您可以MySHA3PRNG
像为SHA1PRNG
. 其余的保持原样。
这个棘手部分的一个主要问题可能如下:从这里引用,
论文“基于海绵的伪随机数生成器”讨论了这一点,它还描述了一种干净有效的方法来构建
PRNG
具有 (Keccak) 海绵函数的可重复种子。你会得到一个PRNG
基于加密哈希函数的......具有通常的安全含义。例如:该论文明确指出,您应该定期使用足够的熵重新播种,以防止攻击者在该周期内倒退
PRNG
(这可能是您所听说的)。
但是,您需要的是一种PRNG
不需要重新播种的算法。我希望你有足够的理论背景来证明你的自定义PRNG
算法是安全的。
祝你好运!
推荐阅读
- c# - 位置 2 处没有行 C# 运行时异常
- excel - 根据文件大小计算 aiff 音频的采样率和位深度
- ansible - 当我尝试使用“blockinfile”和“block”时,Ansible 不允许我在变量中添加引号
- c# - 在 .net core 2.0 的类库中创建全局缓存
- wso2 - WSO2 - 为用户获取活动会话
- r - 如何索引来自 S4 对象的信息
- c# - 在 C# 中使用 Google 登录网页和 API OAuth2
- java - 在 Java 中重定向到具有 404 状态代码的 URL
- java - Selenium chromedriver 禁用日志记录或将其重定向 java
- security - 安全使用 rsocket 的最佳实践是什么?