PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
/** * To create a binary seed from the mnemonic, we use the PBKDF2 function with a * mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" * + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set * to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the * derived key is 512 bits (= 64 bytes). * * @param mnemonic The input mnemonic which should be 128-160 bits in length containing * only valid words * @param passphrase The passphrase which will be used as part of salt for PBKDF2 * function * @return Byte array representation of the generated seed */ public static byte[] generateSeed(String mnemonic, String passphrase) { if (isMnemonicEmpty(mnemonic)) { throw new IllegalArgumentException("Mnemonic is required to generate a seed"); } passphrase = passphrase == null ? "" : passphrase; String salt = String.format("mnemonic%s", passphrase); PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA512Digest()); gen.init(mnemonic.getBytes(UTF_8), salt.getBytes(UTF_8), SEED_ITERATIONS); return ((KeyParameter) gen.generateDerivedParameters(SEED_KEY_SIZE)).getKey(); }
private byte[] generateKey(byte[] salt) throws UnsupportedEncodingException { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(this.passphrase.getBytes("UTF-8"), salt, PBKDF2_ITERATIONS); return ((KeyParameter) gen.generateDerivedParameters(AES_KEY_LENGTH_BITS)).getKey(); } }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
protected Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String password, byte[] salt, byte[] iv, int keyLength, boolean encryptMode) throws Exception { if (encryptionMethod == null) { throw new IllegalArgumentException("The encryption method must be specified"); } if (!encryptionMethod.isCompatibleWithStrongKDFs()) { throw new IllegalArgumentException(encryptionMethod.name() + " is not compatible with PBKDF2"); } String algorithm = encryptionMethod.getAlgorithm(); final String cipherName = CipherUtility.parseCipherFromAlgorithm(algorithm); if (!CipherUtility.isValidKeyLength(keyLength, cipherName)) { throw new IllegalArgumentException(String.valueOf(keyLength) + " is not a valid key length for " + cipherName); } if (StringUtils.isEmpty(password)) { throw new IllegalArgumentException("Encryption with an empty password is not supported"); } if (salt == null || salt.length < DEFAULT_SALT_LENGTH) { throw new IllegalArgumentException("The salt must be at least " + DEFAULT_SALT_LENGTH + " bytes. To generate a salt, use PBKDF2CipherProvider#generateSalt()"); } PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(this.prf); gen.init(password.getBytes(StandardCharsets.UTF_8), salt, getIterationCount()); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(keyLength)).getKey(); SecretKey tempKey = new SecretKeySpec(dk, algorithm); KeyedCipherProvider keyedCipherProvider = new AESKeyedCipherProvider(); return keyedCipherProvider.getCipher(encryptionMethod, tempKey, iv, encryptMode); }
public String encode(String password, byte[] salt, int rounds) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(); generator.init(PBEParametersGenerator.PKCS5PasswordToBytes( password.toCharArray()), salt, rounds); return format("%s:%s:%d", encode(salt), encode(((KeyParameter)generator.generateDerivedParameters(s_keylen)).getKey()), rounds); }
/** * Generate a key parameter for use with a MAC derived from the password, * salt, and iteration count we are currently initialised with. * * @param keySize the size of the key we want (in bits) * @return a KeyParameter object. */ public CipherParameters generateDerivedMacParameters( int keySize) { return generateDerivedParameters(keySize); } }
/** * Generate a key parameter for use with a MAC derived from the password, * salt, and iteration count we are currently initialised with. * * @param keySize the size of the key we want (in bits) * @return a KeyParameter object. */ public CipherParameters generateDerivedMacParameters( int keySize) { return generateDerivedParameters(keySize); } }
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.GeneralDigest; import org.bouncycastle.crypto.params.KeyParameter; GeneraDigest algorithm = new SHA256Digest(); PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(algorithm); gen.init(passwordBytes, salt, iterations); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
final int iterations = 1000; PKCS5S2ParametersGenerator pbkdf = new PKCS5S2ParametersGenerator(new SHA1Digest()); pbkdf.init(keyBytes, saltBytes, iterations); final int keySize = 32 * 8; final int ivSize = 16 * 8; CipherParameters cp = pbkdf.generateDerivedParameters(keySize, ivSize);
public byte[] generate(byte[] password, byte[] salt, int iterations, int keyLengthBytes) { generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(keyLengthBytes * 8)).getKey(); } }
@Override public byte[] apply(byte[] password, byte[] salt) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digests.get()); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(keyLength * 8)).getKey(); }
private static String hash(String str, byte[] salt, int iter) { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(str.getBytes(StandardCharsets.UTF_8), salt, iter); byte[] dk = ((KeyParameter) gen.generateDerivedParameters(KEY_LENGTH)).getKey(); return Base64.encodeBase64String(dk); }
public static byte[] generate(Digest digest, byte[] password, byte[] salt, int iterations, int lengthBits) { PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest); generator.init(password, salt, iterations); return ((KeyParameter) generator.generateDerivedParameters(lengthBits)).getKey(); } }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
private static byte[] generateAes128CtrDerivedKey( byte[] password, byte[] salt, int c, String prf) throws CipherException { if (!prf.equals("hmac-sha256")) { throw new CipherException("Unsupported prf:" + prf); } // Java 8 supports this, but you have to convert the password to a character array, see // http://stackoverflow.com/a/27928435/3211687 PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(password, salt, c); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }
public byte[] encodeHash(byte[] rawPassword, byte[] salt, int iteration) { PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); gen.init(rawPassword, salt, iteration); return ((KeyParameter) gen.generateDerivedParameters(256)).getKey(); }