I'd use method #1, because the Java API specifies the following for the Cipher.init()
API that just takes the encryption/decryption mode and key:
If this cipher instance needs any algorithm parameters or random values that the specified key can not provide, the underlying implementation of this cipher is supposed to generate the required parameters (using its provider or random values).
(emphasis mine).
So it is not clear what different providers will do when method 2 is chosen. Looking at the Android source code, it seems that at least some versions (including version 21?) will not create a random IV - the random IV creation seems commented out.
Method 1 is also more transparent and it is - in my opinion - easier on the eyes.
Note that it is generally better to use new SecureRandom()
and let the system figure out which RNG is best. "SHA1PRNG"
is not well defined, may differ across implementations and is known to have had implementation weaknesses, especially on Android.
So the end result should be something like:
SecureRandom randomSecureRandom = new SecureRandom();
byte[] iv = new byte[cipher.getBlockSize()];
randomSecureRandom.nextBytes(iv);
IvParameterSpec ivParams = new IvParameterSpec(iv);
Beware that GCM mode works best with a 12 byte IV instead of the 16 byte IV - the block size of AES.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…