Generate key from user input? #97
Comments
You're right that there's no other way. It's intentional because we want to minimize user mistakes. For your purpose, you might want to use the subtle APIs directly. Although there's no compatibility guarantee, we want to reserve the right to change them without notice, but they're fairly stable. What I would do is to take a user password or something, and extract a key using a password-based key derivation function like scrypt or PBKDF. With that key you can now call for example com.google.crypto.tink.subtle.AesGcmJce or the equivalent class in C++. If you want to use the main, backward-compatible APIs, another approach is to generate a key from a password then use that key to encrypt the keyset generated from a template. Does it make sense? |
|
Hey Andres, please reopen this ticket if you have any other questions. |
I'm working on a steganography tool, and am using Tink to encrypt data. I've been scouring the Java-HOWTO and did a couple Google searches, but I have not found any way to generate keys from a source other than the templates.
I don't know much about cryptography in general, so pardon my ignorance, but from my perspective the only way to use Tink would be to embed the key in the image, which defeats the purpose of having a key in the first place, since it can be recovered with ease, as it would have to be stored without any protection.
Is there any way I could generate a key based on user input, so that the key would not have to be stored alongside the encrypted data, but would not be easily recoverable? I know in essence this is akin to having two passwords, one for generating the key and one for decrypting the data, but leaving the key unprotected and easily recoverable seems to me like a bad idea.
Thank you.
The text was updated successfully, but these errors were encountered: