Package org.cryptacular.util
Class NonceUtil
java.lang.Object
org.cryptacular.util.NonceUtil
Utility class for generating secure nonce and initialization vectors.
- Author:
- Middleware Services
-
Method Summary
Modifier and TypeMethodDescriptionstatic org.bouncycastle.crypto.prng.drbg.SP80090DRBG
newRBG
(int length) Creates a new DRBG instance based on a SHA-256 digest.static org.bouncycastle.crypto.prng.drbg.SP80090DRBG
newRBG
(org.bouncycastle.crypto.Digest digest, int length) Creates a new hash-based DRBG instance that uses the given digest as the pseudorandom source.static org.bouncycastle.crypto.prng.drbg.SP80090DRBG
newRBG
(org.bouncycastle.crypto.Digest digest, int length, org.bouncycastle.crypto.prng.EntropySource es) Creates a new hash-based DRBG instance that uses the given digest as the pseudorandom source.static byte[]
nist80038d
(int length) Generates a nonce/IV using the strategy described in NIST SP-800-38d, section 8.2.2, "RBG-based Construction".static byte[]
nist80063a
(org.bouncycastle.crypto.BlockCipher cipher) Generates a random IV according to NIST SP-800-63a, appendix C, method 2 (pseudorandom), suitable for use with any block cipher mode described in that standard.static byte[]
nist80063a
(org.bouncycastle.crypto.BlockCipher cipher, SecretKey key) Generates a random IV according to NIST SP-800-63a, appendix C, method 1 (encrypted nonce), suitable for use with any block cipher mode described in that standard.static byte[]
nist80063a
(org.bouncycastle.crypto.prng.SP800SecureRandom prng, int blockSize) Generates a random IV according to NIST SP-800-63a, appendix C, method 2 (pseudorandom), suitable for use with any block cipher mode described in that standard.static org.bouncycastle.crypto.prng.EntropySource
randomEntropySource
(int length) Creates a new entropy source that wraps aSecureRandom
to produce random bytes.static byte[]
randomNonce
(int length) Generates a random nonce of the given length in bytes.static byte[]
timestampNonce
(int length) Generates a nonce of the given size by repetitively concatenating system timestamps (i.e.
-
Method Details
-
timestampNonce
public static byte[] timestampNonce(int length) Generates a nonce of the given size by repetitively concatenating system timestamps (i.e.System.nanoTime()
) up to the required size.- Parameters:
length
- Positive number of bytes in nonce.- Returns:
- Nonce bytes.
-
randomNonce
public static byte[] randomNonce(int length) Generates a random nonce of the given length in bytes.- Parameters:
length
- Positive number of bytes in nonce.- Returns:
- Nonce bytes.
-
randomEntropySource
public static org.bouncycastle.crypto.prng.EntropySource randomEntropySource(int length) Creates a new entropy source that wraps aSecureRandom
to produce random bytes.- Parameters:
length
- Size of entropy blocks.- Returns:
- New random entropy source.
-
nist80038d
public static byte[] nist80038d(int length) Generates a nonce/IV using the strategy described in NIST SP-800-38d, section 8.2.2, "RBG-based Construction". The implementation uses a hash-based DRBG based on a SHA-256 digest, and uses random data for all bits of the nonce; that is, the fixed field is null.This nonce generation strategy is suitable for GCM ciphers.
- Parameters:
length
- Number of bytes in nonce; MUST be 12 or more.- Returns:
- Nonce bytes.
-
nist80063a
Generates a random IV according to NIST SP-800-63a, appendix C, method 1 (encrypted nonce), suitable for use with any block cipher mode described in that standard. This method uses an instance ofEncryptedNonce
for the implementation.- Parameters:
cipher
- Block cipher.key
- Encryption key intended for use with IV.- Returns:
- Cipher block size number of random bytes.
- See Also:
-
nist80063a
public static byte[] nist80063a(org.bouncycastle.crypto.prng.SP800SecureRandom prng, int blockSize) Generates a random IV according to NIST SP-800-63a, appendix C, method 2 (pseudorandom), suitable for use with any block cipher mode described in that standard.- Parameters:
prng
- NIST SP800-63a approved pseudorandom number generator.blockSize
- Cipher block size in bytes.- Returns:
- Cipher block size number of random bytes.
-
nist80063a
public static byte[] nist80063a(org.bouncycastle.crypto.BlockCipher cipher) Generates a random IV according to NIST SP-800-63a, appendix C, method 2 (pseudorandom), suitable for use with any block cipher mode described in that standard. Uses an instance ofRBGNonce
internally with length equal to block size of given cipher.- Parameters:
cipher
- Block cipher.- Returns:
- Cipher block size number of random bytes.
- See Also:
-
newRBG
public static org.bouncycastle.crypto.prng.drbg.SP80090DRBG newRBG(int length) Creates a new DRBG instance based on a SHA-256 digest.- Parameters:
length
- Length in bits of values to be produced by DRBG instance.- Returns:
- New DRGB instance.
-
newRBG
public static org.bouncycastle.crypto.prng.drbg.SP80090DRBG newRBG(org.bouncycastle.crypto.Digest digest, int length) Creates a new hash-based DRBG instance that uses the given digest as the pseudorandom source.- Parameters:
digest
- Digest algorithm.length
- Length in bits of values to be produced by DRBG instance.- Returns:
- New DRGB instance.
-
newRBG
public static org.bouncycastle.crypto.prng.drbg.SP80090DRBG newRBG(org.bouncycastle.crypto.Digest digest, int length, org.bouncycastle.crypto.prng.EntropySource es) Creates a new hash-based DRBG instance that uses the given digest as the pseudorandom source.- Parameters:
digest
- Digest algorithm.length
- Length in bits of values to be produced by DRBG instance.es
- Entropy source.- Returns:
- New DRGB instance.
-