I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I’d like to know which is better:
- Use the CSPRNG to generate two distinct keys of 32 byte each
- Use the CSPRNG to generate a master key of 32 byte and then use HKDF to derive the encryption and authentication key
I’d like to add that no human interaction is involved: this keys are stored inside a DB and are only used by machines.
Thank you very much!