private static byte[] function(char[] password, byte[] salt) { try { PBEKeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, HASH_SIZE * Byte.SIZE); return factory.generateSecret(spec).getEncoded(); } catch (InvalidKeySpecException e) { throw new SecurityException(e); } }
/** * Computes the PBKDF2 hash of a password. * * @param password the password to hash. * @param salt the salt * @param iterations the iteration count (slowness factor) * @param bytes the length of the hash to compute in bytes * @return the PBDKF2 hash of the password */ private static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int bytes) { PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8); SecretKeyFactory skf = null; try { skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); return skf.generateSecret(spec).getEncoded(); } catch (NoSuchAlgorithmException ignore) { return null; } catch (InvalidKeySpecException e) { throw new IllegalArgumentException(e); } }
private String encrypt(String property) throws GeneralSecurityException, UnsupportedEncodingException { SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey key = keyFactory.generateSecret(new PBEKeySpec(habridgeKey)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return base64Encode(pbeCipher.doFinal(property.getBytes("UTF-8"))); }
KeySpec spec = new PBEKeySpec (mPassword.toCharArray (), mSalt, ITERATIONS, KEYLEN_BITS); tmp = factory.generateSecret (spec); SecretKey secret = new SecretKeySpec (tmp.getEncoded(), "AES"); mEcipher.init (Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = mEcipher.getParameters (); KeySpec spec = new PBEKeySpec(mPassword.toCharArray (), mSalt, ITERATIONS, KEYLEN_BITS); mDecipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(mInitVec));
public OutputStream encrypt(char[] password, OutputStream out) throws Exception { PBEKeySpec pbeKeySpec = new PBEKeySpec(password); SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec); final Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES"); cipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); return new CipherOutputStream(out, cipher); }
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return base64Encode(pbeCipher.doFinal(property.getBytes("UTF-8"))); SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return new String(pbeCipher.doFinal(base64Decode(property)), "UTF-8");
private String decrypt(String property) throws GeneralSecurityException, IOException { SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); SecretKey key = keyFactory.generateSecret(new PBEKeySpec(habridgeKey)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return new String(pbeCipher.doFinal(base64Decode(property)), "UTF-8"); }
public static byte[] salting(String pass, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException { final int iterations = 500; final int keyLength = 512; final SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); final PBEKeySpec spec = new PBEKeySpec(pass.toCharArray(), salt, iterations, keyLength); final SecretKey key = skf.generateSecret(spec); final byte[] tmp = key.getEncoded(); return tmp; }
private SecretKey getSecretKey(SecretKeyFactory kf) throws CryptException { try { return kf.generateSecret(new javax.crypto.spec.PBEKeySpec(SECRET_KEY.toCharArray())); } catch (InvalidKeySpecException e) { throw new CryptException(e); } }
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES"); pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20)); return new String(pbeCipher.doFinal(Base64.decode(property)));
private static Cipher cipher(char[] masterPassword, byte[] salt, int cipherMode) throws ConfigEncryptionException { try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec keySpec = new PBEKeySpec(masterPassword, salt, HASH_ITERATIONS, KEY_LENGTH); SecretKeySpec spec = new SecretKeySpec(secretKeyFactory.generateSecret(keySpec).getEncoded(), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(cipherMode, spec, new IvParameterSpec(salt)); return cipher; } catch (Exception e) { throw new ConfigEncryptionException("Failed to prepare a cipher instance", e); } }
private SecretKey deriveSecretKey() throws GeneralSecurityException { SecretKeyFactory secretKeyFactory; try { if (provider != null) { secretKeyFactory = SecretKeyFactory.getInstance(keyAlgorithm, provider); } else { secretKeyFactory = SecretKeyFactory.getInstance(keyAlgorithm); } } catch (NoSuchAlgorithmException e) { throw log.noSuchKeyAlgorithm(keyAlgorithm, e); } PBEKeySpec pbeKeySpec = keyLength == 0 ? new PBEKeySpec(password, salt, iteration) : new PBEKeySpec(password, salt, iteration, keyLength); SecretKey partialKey = secretKeyFactory.generateSecret(pbeKeySpec); return new SecretKeySpec(partialKey.getEncoded(), transformation); }
@Override public String encode(String secret) throws Exception { char[] chars = secret.toCharArray(); byte[] salt = getSalt(); StringBuilder builder = new StringBuilder(); builder.append(iterations).append(SEPARATOR).append(ByteUtil.bytesToHex(salt)).append(SEPARATOR); PBEKeySpec spec = new PBEKeySpec(chars, salt, iterations, keyLength); byte[] hash = skf.generateSecret(spec).getEncoded(); String hexValue = ByteUtil.bytesToHex(hash); builder.append(hexValue); return builder.toString(); }
static Cipher cipher(char[] masterPassword, byte[] salt, int cipherMode) throws HttpAuthException { try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec keySpec = new PBEKeySpec(masterPassword, salt, 10000, 128); SecretKeySpec spec = new SecretKeySpec(secretKeyFactory.generateSecret(keySpec).getEncoded(), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(cipherMode, spec, new IvParameterSpec(salt)); return cipher; } catch (Exception e) { throw new HttpAuthException("Failed to prepare a cipher instance", e); } }
/** * Computes the PBKDF2 hash of a password. * * @param password the password to hash. * @param salt the salt * @param iterations the iteration count (slowness factor) * @param bytes the length of the hash to compute in bytes * @return the PBDKF2 hash of the password */ private static byte[] pbkdf2(final char[] password, final byte[] salt, final int iterations, final int bytes) { PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8); try { SecretKeyFactory skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); return skf.generateSecret(spec).getEncoded(); } catch (NoSuchAlgorithmException ignore) { return null; } catch (InvalidKeySpecException e) { throw new IllegalArgumentException(e); } }
@Override public boolean verify(char[] plainChars, String storedValue) { String[] parts = storedValue.split(SEPARATOR); int originalIterations = Integer.parseInt(parts[0]); byte[] salt = ByteUtil.hexToBytes(parts[1]); byte[] originalHash = ByteUtil.hexToBytes(parts[2]); PBEKeySpec spec = new PBEKeySpec(plainChars, salt, originalIterations, originalHash.length * 8); byte[] newHash; try { newHash = skf.generateSecret(spec).getEncoded(); } catch (InvalidKeySpecException e) { return false; } return Arrays.equals(newHash, originalHash); } }
/** * Method to compute masked password based on class attributes. * * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}. * @throws Exception */ private String computeMaskedPassword() throws Exception { // Create the PBE secret key SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(CHARSET), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(CHARSET), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec); return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass; }
private byte[] encode(CharSequence rawPassword, byte[] salt) { try { PBEKeySpec spec = new PBEKeySpec(rawPassword.toString().toCharArray(), concatenate(salt, this.secret), this.iterations, this.hashWidth); SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm); return concatenate(salt, skf.generateSecret(spec).getEncoded()); } catch (GeneralSecurityException e) { throw new IllegalStateException("Could not create hash", e); } }
public static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int length) { try { PBEKeySpec keySpec = new PBEKeySpec(password, salt, iterations, length); return getPBKDFInstance().generateSecret(keySpec).getEncoded(); } catch (Exception e) { throw U.rte(e); } }
/** * Initializes a {@link Cipher} object with the given PBE parameters. * * @param algorithm the algorithm * @param provider the JCA provider * @param password the password * @param salt the salt * @param iterationCount the KDF iteration count * @param encryptMode true to encrypt; false to decrypt * @return the initialized Cipher * @throws IllegalArgumentException if any parameter is invalid */ public static Cipher initPBECipher(String algorithm, String provider, String password, byte[] salt, int iterationCount, boolean encryptMode) throws IllegalArgumentException { try { // Initialize secret key from password final PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); final SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm, provider); SecretKey tempKey = factory.generateSecret(pbeKeySpec); final PBEParameterSpec parameterSpec = new PBEParameterSpec(salt, iterationCount); Cipher cipher = Cipher.getInstance(algorithm, provider); cipher.init(encryptMode ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, tempKey, parameterSpec); return cipher; } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) { throw new IllegalArgumentException("One or more parameters to initialize the PBE cipher were invalid", e); } }