Here you can find the source of getKey(String salt, String password)
private static SecretKey getKey(String salt, String password)
//package com.java2s; //License from project: Open Source License import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; public class Main { private static SecretKey getKey(String salt, String password) { try {/*from w w w . j a v a2 s . c o m*/ // https://tools.ietf.org/html/rfc2898 // sha1 with 1000 iterations and 256 bits is good enough here http://stackoverflow.com/questions/6126061/pbekeyspec-what-do-the-iterationcount-and-keylength-parameters-influence SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 1000, 256); SecretKey tmp = factory.generateSecret(spec); return new SecretKeySpec(tmp.getEncoded(), "AES"); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new IllegalStateException("cannot create key: " + e.getMessage(), e); } } }