Portable Key Derivation from a password
in [Java Programming]
|
Prev: large XML files
Next: refresh JSP webpage when jms message is received or Apache DB database is changed
From: Tank on 8 Feb 2010 02:51 Adding some Java Newsgroups - no replies from the Microsoft newsgroup. I am coding a server which uses the Microsoft Crypto API for getting an HMAC. The clients may be written in Java - hence need to maintain compatibility. "Tank" <pp(a)pp.com> wrote in message news:hkj8ia$a77$1(a)news.eternal-september.org... >I am trying to derive a symmetric key from a password. > This will be used for generating the HMAC digest of a message. > > It looks like CryptDeriveKey doesn't use any standard algorithm for > key derivation. > > What can I use in my Native Program for key derivation which I can > also do in Java or any other Language. > > Basically my Server is going to be a Native Windows program using > Crypto API but my clients can pretty much be written in any language > & can be running on any platform. > So I was wondering what's the best way to go about this without using > CryptDeriveKey? > > Searching archives of this newsgroup gave me implementations of > CryptDeriveKey on Java etc - however, I don't want to go this route > because I won't be writing & clients & it could written in any language. > > > > > >
From: rossum on 8 Feb 2010 07:37
On Mon, 8 Feb 2010 13:21:54 +0530, "Tank" <pp(a)pp.com> wrote: >Adding some Java Newsgroups - no replies from the Microsoft newsgroup. > >I am coding a server which uses the Microsoft Crypto API for getting an >HMAC. >The clients may be written in Java - hence need to maintain compatibility. > >"Tank" <pp(a)pp.com> wrote in message >news:hkj8ia$a77$1(a)news.eternal-september.org... >>I am trying to derive a symmetric key from a password. >> This will be used for generating the HMAC digest of a message. >> >> It looks like CryptDeriveKey doesn't use any standard algorithm for >> key derivation. >> >> What can I use in my Native Program for key derivation which I can >> also do in Java or any other Language. >> >> Basically my Server is going to be a Native Windows program using >> Crypto API but my clients can pretty much be written in any language >> & can be running on any platform. >> So I was wondering what's the best way to go about this without using >> CryptDeriveKey? >> >> Searching archives of this newsgroup gave me implementations of >> CryptDeriveKey on Java etc - however, I don't want to go this route >> because I won't be writing & clients & it could written in any language. The issue with the incorrect key derivation im the MS Crypto API is discussed in a thread on sci.crypt, http://groups.google.co.uk/group/sci.crypt/browse_thread/thread/49f554d0c0f0343f# That thread includes advice and code examples for the RFC 2104 KDF. The point about HMACs being different if different versions of the same file have different EoL formats is also worth noting. I usually use the Bouncy Castle Crypto library, though there are others. rossum |