问题
I have a Java Application that uses "AES-128 bits/ECB/PKCS5Padding" (java8 linux/window), the code is quite simple
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(seed.getBytes());
keygen.init(128, secureRandom);
...
Because I can't find the javascript equivalent to SHA1PRNG algorithm I can't decrypt the text using js code. But after reading Decrypt AES/CBC/PKCS5Padding with CryptoJS and with some trials I found that for an 128 bits seed (32 bits hex-string) using SHA1PRNG in java I can get the same result by SHA1 twice in js
CryptoJS.SHA1(CryptoJS.SHA1(seed)).toString().substring(0, 32) //using 'crypto-js'
The python code here also confirms that! But why ?
def get_sha1prng_key(key):
'''[summary]
encrypt key with SHA1PRNG
same as java AES crypto key generator SHA1PRNG
Arguments:
key {[string]} -- [key]
Returns:
[string] -- [hexstring]
'''
signature = hashlib.sha1(key.encode()).digest()
signature = hashlib.sha1(signature).digest()
return ''.join(['%02x' % i for i in signature]).upper()[:32]
---- update ----
The comments I got suggested my question is a duplicated question. But I checked those 2 questions and I don't think so. But first of all, I knew the java codes misuse a pseudo random number generator and it is seed as a key derivation function, it is bad. But that is actually someone else codes and my job is to use js to decrypt the encrypted text.
Second, I haven't figured out why sha1 a 32bit hex-string twice will get the same result as java 8 SHA1PRNG sun implementation(and hence the question).
I read Use of "SHA1PRNG" in SecureRandom Class
"SHA1PRNG" is the name of a pseudo random number generator (the PRNG in the name). That means that it uses the SHA1 hash function to generate a stream of random numbers... There is no clear description of the algorithm available
来源:https://stackoverflow.com/questions/64786678/javascript-equivalent-to-java-sha1prng