private byte[] generateKey(KeyDerivationFunc pbkdAlgorithm, String purpose, char[] password) throws IOException { byte[] encPassword = PBEParametersGenerator.PKCS12PasswordToBytes(password); byte[] differentiator = PBEParametersGenerator.PKCS12PasswordToBytes(purpose.toCharArray()); int keySizeInBytes; PKCS5S2ParametersGenerator pGen = new PKCS5S2ParametersGenerator(new SHA512Digest()); if (pbkdAlgorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) { PBKDF2Params pbkdf2Params = PBKDF2Params.getInstance(pbkdAlgorithm.getParameters()); if (pbkdf2Params.getPrf().getAlgorithm().equals(PKCSObjectIdentifiers.id_hmacWithSHA512)) { pGen.init(Arrays.concatenate(encPassword, differentiator), pbkdf2Params.getSalt(), pbkdf2Params.getIterationCount().intValue()); keySizeInBytes = pbkdf2Params.getKeyLength().intValue(); } else { throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD PRF."); } } else { throw new IOException("BCFKS KeyStore: unrecognized MAC PBKD."); } return ((KeyParameter)pGen.generateDerivedParameters(keySizeInBytes * 8)).getKey(); }
getDefaultSecureRandom().nextBytes(pbkdSalt); hmacPkbdAlgorithm = new KeyDerivationFunc(hmacPkbdAlgorithm.getAlgorithm(), new PBKDF2Params(pbkdSalt, pbkdf2Params.getIterationCount().intValue(), pbkdf2Params.getKeyLength().intValue(), pbkdf2Params.getPrf()));