Is your problem that the PRNG is giving different results between the
releases? or that the bouncycastle KeyGenerator implementation has changed
between releases?
I'm not sure what guarantees these really have about stability across
implementations. Looking at the history of SHA1PRNG_SecureRandomImpl.java
which provides the SHA1PRNG implementation, an operator precedence bug was
fixed, so I'm not surprised that it is giving different results. If this is
indeed the problem, you could make your own Provider to register a copy of
the gingerbread verison of SHA1PRNG_SecureRandomImpl within your
application. You could look at OpenSSLProvider for a simple Provider.
Security.addProvider will register it at runtime, you can just specify
SecureRandom.getInstance("SHA1PRNG", "your provider name")
I think in general if you need such stability guarantees in creating a key
from a user password, there are PBE (Password Based Encryption) and PBKDF
(Password Based Key Derivation Functions)
-bri
On Sat, Mar 5, 2011 at 10:50 AM, nakvic <[email protected]> wrote:
> Hi there,
>
> I'm experiencing the same issue described in the following thread:
>
> http://stackoverflow.com/questions/4405334/bouncycastle-aes-error-when-upgrading-to-1-45
> .
>
> I've used 128 AES encryption on Android OS with BC as provider. Since
> Android 2.3 the new 1.45 version of BC is used, which returns
> completely different raw key for the same seed.
> This leads obviously to the issue with reading and decrypting data
> after upgrade from Android 1.6-2.2 to Android 2.3.
>
> The following code produces different keys with BC 1.34 (Android
> 1.6-2.2) and BC 1.45 (Android 2.3.x) for the same seed:
>
> kgen = KeyGenerator.getInstance("AES");
> sr = SecureRandom.getInstance("SHA1PRNG");
> sr.setSeed(password.getBytes());
> kgen.init(128, sr);
>
> SecretKey skey = kgen.generateKey();
> byte[] raw = skey.getEncoded();
> skeySpec = new SecretKeySpec(raw, "AES");
>
> Cipher encryptor = Cipher.getInstance("AES" +
> "/CBC/PKCS5Padding");
> IvParameterSpec CBC_SALT = new IvParameterSpec( ...
> blablabla ... );
> encryptor.init(Cipher.ENCRYPT_MODE, skeySpec, CBC_SALT);
>
> 1.34 gives the key: [-31, 58, 30, -52, 43, -48, 45, 21, -42, 19, 106,
> 76, -58, 94, 21, -91]
> 1.45 gives the key: [-40, -86, -89, 9, 36, -43, -114, 74, -15, -3, 18,
> 93, -59, -75, 77, 86]
>
> encryptor is always raises exception trying to decrypt with BC 1.34
> what has been encrypted with BC 1.45. the seed is the same, the code
> is the same.
>
> Caused by: javax.crypto.BadPaddingException: pad block corrupted
> at
>
> org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(JCEBlockCipher.java:
> 715)
> at javax.crypto.Cipher.doFinal(Cipher.java:1090)
>
> The issue is affecting almost 50 000 users (!)
>
> How to fix the code in the way it will produce the same raw key?
> Did anyone succeed to resolve the issue?
>
> Any help would be appreciated !!!!
>
>
> --
> Regards,
> Victor
>
> --
> You received this message because you are subscribed to the Google Groups
> "Android Security Discussions" group.
> To post to this group, send email to
> [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/android-security-discuss?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
