1

I'm using scrypt to produce key derivation, but the problem is the output is bigger than 256bit and I want to use it in AES-GCM with 256 bit key. So how can I do that? I'm tying to make an application on Android.

Edit : I'm sorry guys for not giving you more information Okay .. the library that i'm using is this https://github.com/wg/scrypt

this is the out put that i'm getting

"$s0$e0801$eX8cPtmLjKSrZBJszHIuZA==$vapd0u4tYVdOXOlcIkFmrOEIr1Ml2Ue1l2+FVOJgbcI="

this is over than the AES engin can handle so how can i use it

Ahmad Almorabea
  • 21
  • 3
  • 1
    Please show us the part of your code where you perform the scrypt derivation. – Duncan Jones Feb 26 '15 at 08:25
  • AFAIK scrypt supports arbitrary length outputs via its PBKDF2 based final step. – CodesInChaos Feb 26 '15 at 11:42
  • In addition to Duncan's comment, please also edit into the question the scrypt library that you are using. Voted down until enough information is provided for us to answer the question. – Maarten Bodewes Feb 26 '15 at 20:58
  • @CodesInChaos Right: "dkLen: Intended output length in octets of the derived key; a positive integer less than or equal to (2^32 - 1) * hLen where hLen is 32." from the [source](http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-02) which seems a relatively new draft from IETF (interesting that they took that step after all that time). So the question becomes: why is the output bigger than 256 bits... – Maarten Bodewes Feb 26 '15 at 21:05
  • Okay i added more details .. sorry – Ahmad Almorabea Feb 27 '15 at 18:43
  • Good, now we can answer :), changed downvote into upvote. – Maarten Bodewes Feb 28 '15 at 03:04

1 Answers1

2

Scrypt is a key derivation algorithm. That means you can use it to generate an arbitrary number of psuedo-random bytes.

In the wg library, the way to do that is to call the Scrypt.scrypt function:

byte[] key = Scrypt.scrypt(password, salt, N, r, p, 32);

This will give you your desired 32 bytes of key material.

Key derivation vs Password storage

Your confusion understandable. The documentation of wg/scrypt doesn't mention the real use of scrypt. They only document its use a a password storage algorithm.

That is why you were mistakenly calling ScryptUtil.scrypt (rather than Scrypt.scrypt):

string hash = ScryptUtil.scrypt(password, N, r, p);

That method returns a string, which is not suitable a key for AES (or any other kind of) encryption.

Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219