generating AES 256 bit key value
You can construct the Rfc2898DeriveBytes Class
with an arbitrary sized password and then derive a key of your desired size in this case, 256 bits (32 bytes):
private static byte[] CreateKey(string password, int keyBytes = 32)
{
const int Iterations = 300;
var keyGenerator = new Rfc2898DeriveBytes(password, Salt, Iterations);
return keyGenerator.GetBytes(keyBytes);
}
In order to produce a deterministic output (i.e. same input will produce the same output) you will need to hard-code the salt. The salt must be at least 8 bytes:
private static readonly byte[] Salt =
new byte[] { 10, 20, 30 , 40, 50, 60, 70, 80};
Generating AES 256 GCM secret using a given key in python
In Java the Base64 decoded value of GIVEN_KEY
is used as key, in Python, the SHA256 hash of GIVEN_KEY
. Both are not the same.
The counterpart in Python would be something like:
import base64
...
secret = base64.b64decode(GIVEN_KEY.encode()) # by default UTF8 encoded
EDIT:
In the linked code (p. 31) the key is Base64url encoded without padding:
QOahfcdo98NLjYJuhP4-VKigx51NkUETsKlIu9uXZFY
which can be recognized by the character -
and the length which is not divisible by 4.
This corresponds Base64url decoded to the byte sequence
40e6a17dc768f7c34b8d826e84fe3e54a8a0c79d4d914113b0a948bbdb976456
which represents a 32 bytes key (AES-256) and can be tested e.g. here.
In Python you can Base64url decode with urlsafe_b64decode
. However, a padded Base64url encoded value is expected, so that the padding has to be added first, e.g. with the repad
method from here.
import base64
# from https://stackoverflow.com/a/9024884/9014097
def repad(data):
return data + "=" * (-len(data)%4)
GIVEN_KEY = 'QOahfcdo98NLjYJuhP4-VKigx51NkUETsKlIu9uXZFY'
secret = base64.urlsafe_b64decode(repad(GIVEN_KEY).encode())
print(secret.hex()) # 40e6a17dc768f7c34b8d826e84fe3e54a8a0c79d4d914113b0a948bbdb976456
How to derive an AES 256 bit key from an arbitary byte array it Java?
What is required here is a KBKDF or Key Based Key Derivation Function. A KBKDF converts a secret value that contains enough entropy into a different key of a specific size. A PBKDF is used when you have a passphrase with potentially too little entropy into a key using key strenghtening (using the salt and work factor or iteration count). The work factor / iteration count doesn't need to be used if the input value is already strong enough not to be guessed / brute forced.
SHA-256 in general suffices if you only want a resulting 128 bit value. However, using a key derivation function may still offer benefits. First of all, it is a function that is explicitly defined for the function, so it is easier to prove that it is secure. Furthermore, it is generally possible to add additional data to the key derivation function so that you can e.g. derive more keys or a key and an IV. Or you can expand the configurable output size to output enough data for different keys or key / IV.
That said, most cryptographers won't frown too much if you use SHA-256 (or SHA-512 in case you require more bits for key / IV). The output is still supposed to be randomized using all possible bits from the input, and it is impossible to inverse the function.
Generating secret key for AES 256 Encryption from Keychain
If you do not want to declare a static key or derive a key from the static password, you can certainly derive a random key and store that value in the Keychain. SecRandomCopyBytes
will return an array of arbitrary length that was generated in a cryptographically secure manner. You can request 32 bytes (256 bits) from this service and store that as your key in the keychain. Obviously be aware that if you call this multiple times it will not return the same result, so you must not lose the key once you have stored it.
Related Topics
Convert Date Format of String to Datetime Mm/Dd/Yyyy When System Date Formate Is Dd/Mm/Yyyy
Httpclient Post With Parameters in Body
Discord.Net C# 1.0.2 How to Send Messages to Specific Channels
Convert Character to Its Alphabet Integer Position
How to Get a Specific Column Value from a Datatable
How to Pass Jquery Variable Value to C# MVC
How to Iterate Though Each Child Node in an Xml File
Console.Writeline Does Not Show Up in Output Window
Deserialize Json String in to Multiple C# Objects
Convert Time With Milliseconds to Datetime in C#
How to Display Values Only Upto 2 Decimal Places
C# Percentage Calculation Explanation
Fetching Value from a Datatable into Datatable With Where Clause
How to Provide Success Messages ASP.NET MVC
How to Download Image from Url
How to Remove Time Portion of Date in C# in Datetime Object Only