List of usage examples for org.bouncycastle.crypto.generators PKCS5S2ParametersGenerator PKCS5S2ParametersGenerator
public PKCS5S2ParametersGenerator(Digest digest)
From source file:com.github.horrorho.inflatabledonkey.cache.StreamCryptorPBKDF2.java
License:Open Source License
@Override public byte[] apply(byte[] password, byte[] salt) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digests.get()); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(keyLength * 8)).getKey(); }
From source file:com.github.horrorho.inflatabledonkey.crypto.PBKDF2.java
License:Open Source License
public static byte[] generate(Digest digest, byte[] password, byte[] salt, int iterations, int lengthBits) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(lengthBits)).getKey(); }
From source file:dorkbox.util.crypto.Crypto.java
License:Apache License
/** * Secure way to generate an AES key based on a password. * * @param password/*from w ww .j a v a 2 s . c o m*/ * The password that you want to mix * @param salt * should be a RANDOM number, at least 256bits (32 bytes) in size. * @param iterationCount * should be a lot, like 10,000 * * @return the secure key to use */ public static byte[] PBKDF2(byte[] password, byte[] salt, int iterationCount) { SHA256Digest digest = new SHA256Digest(); PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(digest); pGen.init(password, salt, iterationCount); KeyParameter key = (KeyParameter) pGen.generateDerivedMacParameters(digest.getDigestSize() * 8); // *8 for bit length. // zero out the password. Arrays.fill(password, (byte) 0); return key.getKey(); }
From source file:edu.tamu.tcat.crypto.bouncycastle.PBKDF2Impl.java
License:Apache License
@Override public byte[] deriveKey(byte[] password, byte[] salt, int rounds, int keySizeInBytes) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(bouncyDigest); generator.init(password, salt, rounds); KeyParameter keyParameter = (KeyParameter) generator.generateDerivedMacParameters(keySizeInBytes * 8); return keyParameter.getKey(); }
From source file:net.nharyes.secrete.curve.Curve25519PrivateKey.java
License:Open Source License
private static byte[] deriveKey(char[] password, byte[] salt) throws UnsupportedEncodingException { // generate key using PBKDF2 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA512Digest()); gen.init(new String(password).getBytes("UTF-8"), salt, PBKDF2_ITERATIONS); return ((KeyParameter) gen.generateDerivedParameters(AES_KEY_SIZE_BITS)).getKey(); }
From source file:net.nharyes.secrete.curve.TestCurve25519PrivateKey.java
License:Open Source License
@Test public void testPBKDF() throws Exception { Security.addProvider(new BouncyCastleProvider()); Random r = new Random(); char[] cPassword = "ThePa55wordToU5e".toCharArray(); byte[] salt = new byte[64]; r.nextBytes(salt);//from w ww. j a va 2 s.c om SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec keyspec = new PBEKeySpec(cPassword, salt, 5000, 256); Key key = factory.generateSecret(keyspec); byte[] k1 = key.getEncoded(); factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "BC"); key = factory.generateSecret(keyspec); byte[] k2 = key.getEncoded(); assertArrayEquals(k1, k2); PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA1Digest()); gen.init(new String(cPassword).getBytes("UTF-8"), salt, 5000); byte[] k3 = ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); assertArrayEquals(k1, k3); assertArrayEquals(k2, k3); }
From source file:org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm.java
License:Apache License
static byte[] createDerivedKey(String keyAlgoJwt, int keySize, byte[] password, byte[] saltInput, int pbesCount) { byte[] saltValue = createSaltValue(keyAlgoJwt, saltInput); Digest digest = null;/*from w w w .j av a 2 s . co m*/ int macSigSize = PBES_HMAC_MAP.get(keyAlgoJwt); if (macSigSize == 256) { digest = new SHA256Digest(); } else if (macSigSize == 384) { digest = new SHA384Digest(); } else { digest = new SHA512Digest(); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(digest); gen.init(password, saltValue, pbesCount); return ((KeyParameter) gen.generateDerivedParameters(keySize * 8)).getKey(); }
From source file:org.apache.nifi.processors.standard.util.crypto.PBKDF2CipherProvider.java
License:Apache License
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); }/*from w ww . j ava2 s .co m*/ if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with PBKDF2"); } String algorithm = encryptionMethod.getAlgorithm(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException( String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } if (salt == null || salt.length < DEFAULT_SALT_LENGTH) { throw new IllegalArgumentException("The salt must be at least " + DEFAULT_SALT_LENGTH + " bytes. To generate a salt, use PBKDF2CipherProvider#generateSalt()"); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(this.prf); gen.init(password.getBytes(StandardCharsets.UTF_8), salt, getIterationCount()); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(keyLength)).getKey(); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
From source file:org.apache.openmeetings.util.crypt.SHA256Implementation.java
License:Apache License
private static String hash(String str, byte[] salt, int iter) { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(str.getBytes(StandardCharsets.UTF_8), salt, iter); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(KEY_LENGTH)).getKey(); return Base64.encodeBase64String(dk); }
From source file:org.bunkr.core.descriptor.PBKDF2Descriptor.java
License:Open Source License
@Override public Inventory readInventoryFromBytes(byte[] source, UserSecurityProvider usp) throws BaseBunkrException { try {//from www . ja v a2 s. c om if (this.encryptionAlgorithm == Encryption.NONE) throw new IllegalArgumentException("PBKDF2Descriptor requires an active encryption mode"); PKCS5S2ParametersGenerator g = new PKCS5S2ParametersGenerator(new SHA256Digest()); g.init(usp.getHashedPassword(), this.pbkdf2Salt, this.pbkdf2Iterations); ParametersWithIV kp = (ParametersWithIV) g.generateDerivedParameters( this.encryptionAlgorithm.keyByteLength * 8, this.encryptionAlgorithm.ivByteLength * 8); byte[] decryptedInv = SimpleAES.decrypt(this.encryptionAlgorithm, source, ((KeyParameter) kp.getParameters()).getKey(), kp.getIV()); return InventoryJSON.decode(new String(decryptedInv)); } catch (IllegalPasswordException | CryptoException e) { throw new BaseBunkrException(e); } }