BouncyCastleAesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) { if (ivGenerator.getKeyLength() != 16) { throw new IllegalArgumentException("ivGenerator key length != block size 16"); } this.ivGenerator = ivGenerator; PBEParametersGenerator keyGenerator = new PKCS5S2ParametersGenerator(); byte[] pkcs12PasswordBytes = PBEParametersGenerator .PKCS5PasswordToUTF8Bytes(password.toCharArray()); keyGenerator.init(pkcs12PasswordBytes, Hex.decode(salt), 1024); this.secretKey = (KeyParameter) keyGenerator.generateDerivedParameters(256); } }
BouncyCastleAesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) { if (ivGenerator.getKeyLength() != 16) { throw new IllegalArgumentException("ivGenerator key length != block size 16"); } this.ivGenerator = ivGenerator; PBEParametersGenerator keyGenerator = new PKCS5S2ParametersGenerator(); byte[] pkcs12PasswordBytes = PBEParametersGenerator .PKCS5PasswordToUTF8Bytes(password.toCharArray()); keyGenerator.init(pkcs12PasswordBytes, Hex.decode(salt), 1024); this.secretKey = (KeyParameter) keyGenerator.generateDerivedParameters(256); } }
/** * To create a binary seed from the mnemonic, we use the PBKDF2 function with a * mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" * + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set * to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the * derived key is 512 bits (= 64 bytes). * * @param mnemonic The input mnemonic which should be 128-160 bits in length containing * only valid words * @param passphrase The passphrase which will be used as part of salt for PBKDF2 * function * @return Byte array representation of the generated seed */ public static byte[] generateSeed(String mnemonic, String passphrase) { if (isMnemonicEmpty(mnemonic)) { throw new IllegalArgumentException("Mnemonic is required to generate a seed"); } passphrase = passphrase == null ? "" : passphrase; String salt = String.format("mnemonic%s", passphrase); PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA512Digest()); gen.init(mnemonic.getBytes(UTF_8), salt.getBytes(UTF_8), SEED_ITERATIONS); return ((KeyParameter) gen.generateDerivedParameters(SEED_KEY_SIZE)).getKey(); }
private byte[] generateKey(byte[] salt) throws UnsupportedEncodingException { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(this.passphrase.getBytes("UTF-8"), salt, PBKDF2_ITERATIONS); return ((KeyParameter) gen.generateDerivedParameters(AES_KEY_LENGTH_BITS)).getKey(); } }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with PBKDF2"); } String algorithm = encryptionMethod.getAlgorithm(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } if (salt == null || salt.length < DEFAULT_SALT_LENGTH) { throw new IllegalArgumentException("The salt must be at least " + DEFAULT_SALT_LENGTH + " bytes. To generate a salt, use PBKDF2CipherProvider#generateSalt()"); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(this.prf); gen.init(password.getBytes(StandardCharsets.UTF_8), salt, getIterationCount()); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(keyLength)).getKey(); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
public String encode(String password, byte[] salt, int rounds) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes( password.toCharArray()), salt, rounds); return format("%s:%s:%d", encode(salt), encode(((KeyParameter)generator.generateDerivedParameters(s_keylen)).getKey()), rounds); }
/** {@inheritDoc} */ protected PBEParametersGenerator newParamGenerator() { return new PKCS5S2ParametersGenerator(); }
private static PBEParametersGenerator getGenerator(final Digest digest, final byte[] pwBytes, final byte[] saltBytes, final int rounds) { final PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(pwBytes, saltBytes, rounds); return generator; }
@Override public byte[] apply(byte[] password, byte[] salt) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digests.get()); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(keyLength * 8)).getKey(); }
public static byte[] generate(Digest digest, byte[] password, byte[] salt, int iterations, int lengthBits) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(lengthBits)).getKey(); } }
BouncyCastleAesBytesEncryptor(String password, CharSequence salt, BytesKeyGenerator ivGenerator) { if (ivGenerator.getKeyLength() != 16) { throw new IllegalArgumentException("ivGenerator key length != block size 16"); } this.ivGenerator = ivGenerator; PBEParametersGenerator keyGenerator = new PKCS5S2ParametersGenerator(); byte[] pkcs12PasswordBytes = PBEParametersGenerator .PKCS5PasswordToUTF8Bytes(password.toCharArray()); keyGenerator.init(pkcs12PasswordBytes, Hex.decode(salt), 1024); this.secretKey = (KeyParameter) keyGenerator.generateDerivedParameters(256); } }
public byte[] generateHash(byte[] rawPassword, byte[] salt) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(rawPassword, salt, ITERATION_COUNT); KeyParameter output = (KeyParameter) generator.generateDerivedMacParameters(OUTPUT_SIZE_BITS); return output.getKey(); }
private static String hash(String str, byte[] salt, int iter) { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(str.getBytes(StandardCharsets.UTF_8), salt, iter); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(KEY_LENGTH)).getKey(); return Base64.encodeBase64String(dk); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen) { PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA256Digest()); pGen.init(P, S, 1); KeyParameter key = (KeyParameter)pGen.generateDerivedMacParameters(dkLen * 8); return key.getKey(); }
public byte[] encodeHash(byte[] rawPassword, byte[] salt, int iteration) { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(rawPassword, salt, iteration); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] SingleIterationPBKDF2(byte[] P, byte[] S, int dkLen) { PBEParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA256Digest()); pGen.init(P, S, 1); KeyParameter key = (KeyParameter) pGen.generateDerivedMacParameters(dkLen * 8); return key.getKey(); }