/** * Generates a symmetric encryption key of the given length. * * @param bitLength Desired key length in bits. * @param cipher Cipher with with key will be used. * * @return Symmetric encryption key. */ public static SecretKey generate(final int bitLength, final BlockCipher cipher) { // Want as much nonce data as key bits final byte[] nonce = NonceUtil.randomNonce((bitLength + 7) / 8); return generate(bitLength, cipher, new SP800SecureRandomBuilder().buildHash(new SHA256Digest(), nonce, false)); }
HybridSecureRandom() { super(null, new HybridRandomProvider()); drbg = new SP800SecureRandomBuilder(new EntropySourceProvider() { public EntropySource get(final int bitsRequired) { return new SignallingEntropySource(bitsRequired); } }) .setPersonalizationString(Strings.toByteArray("Bouncy Castle Hybrid Entropy Source")) .buildHMAC(new HMac(new SHA512Digest()), baseRandom.generateSeed(32), false); // 32 byte nonce }
private static SecureRandom createBaseRandom(boolean isPredictionResistant) { if (System.getProperty("org.bouncycastle.drbg.entropysource") != null) { EntropySourceProvider entropyProvider = createEntropySource(); EntropySource initSource = entropyProvider.get(16 * 8); byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(initSource.getEntropy()) : generateNonceIVPersonalizationString(initSource.getEntropy()); return new SP800SecureRandomBuilder(entropyProvider) .setPersonalizationString(personalisationString) .buildHash(new SHA512Digest(), Arrays.concatenate(initSource.getEntropy(), initSource.getEntropy()), isPredictionResistant); } else { SecureRandom randomSource = new HybridSecureRandom(); // needs to be done late, can't use static byte[] personalisationString = isPredictionResistant ? generateDefaultPersonalizationString(randomSource.generateSeed(16)) : generateNonceIVPersonalizationString(randomSource.generateSeed(16)); return new SP800SecureRandomBuilder(randomSource, true) .setPersonalizationString(personalisationString) .buildHash(new SHA512Digest(), randomSource.generateSeed(32), isPredictionResistant); } }