iaik.security.cipher
Class PbeWithMD5AndDES_CBC

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--iaik.security.cipher.BufferedCipher
              |
              +--iaik.security.cipher.DES
                    |
                    +--iaik.security.cipher.PbeWithMD5AndDES_CBC

public class PbeWithMD5AndDES_CBC

extends DES

This class implements from the Password-Based Encryption Standard (PKCS#5) the algorithm pbeWithMD5AndDES-CBC (object identifier: 1.2.840.113549.1.5.3).

The pbeWithMD5AndDES-CBC (password based MD5 with DES-CBC) key-encryption algorithm is used to encrypt a given message (octet string) with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm. The output of the algorithm also is an octet-string. PKCS#5 alternatively suggests the MD2 message digest algorithm to be combined with the DES-CBC algorithm for encrytpting an octet string with a secret key obtained from a password. The general method described in PKCS#5 is intended to be used for encrypting private keys as described in PKCS#8

Suppose you have created a RSAPrivateKey rsa_priv_key and are going to protect it with a password according to PKCS#5 and PKCS#8. You therefore will encode a value of type PrivateKeyInfo according to PKCS#8 to represent the private key in an algorithm-independent manner, which subsequently will be encrypted using the PbeWithMD5AndDES_CBC algorithm and encoded as PKCS#8 EncryptedPrivateKeyInfo:

 import iaik.pkcs.pkcs8.*;
     ...
 EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(rsa_priv_key);
 epki.encrypt("password", AlgorithmID.pbeWithMD5AndDES_CBC, null);
 

Decrypting goes the reverse way obtaining a PrivateKeyInfo from the EncryptedPrivateKeyInfo and "extracting" the RSAPrivateKey:

 RSAPrivateKey rsa_priv_key = (RSAPrivateKey)epki.decrypt("password");
 

You may also use the PbeWithMD5AndDES_CBC algorithm for password based encrypting some message in the common way by directly using the Cipher.getInstance method when not intending to deal with PKCS#8 EncryptedPrivateKeyInfo. When doing so, you will need a PBEKey (created from some password, which is recommended by PKCS#5 to consist of printable ASCII characters) and PBEParameterSpec (created from salt and iteration count) for properly initializing the cipher, for instance (do not forget to include exception handling!):

 Random random = new Random();
 // salt, 8 bytes long
 byte[] salt = new byte[8];
 random.nextBytes(salt);
 //iteration count
 int count = 1;
 // PBE paramters
 PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
 // PBEKey from password
 PBEKey pbeKey = new PBEKey("password");
 Cipher pbeCipher = Cipher.getInstance("PbeWithMD5AndDES_CBC");
 // initialize for encryption
 pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);
 // encrypt data
 byte[] cipher_data = pbeCipher.doFinal(plain_data);
 // now decrypt
 pbeCipher = Cipher.getInstance("PbeWithMD5AndDES_CBC");
 // initialize for decryption
 pbeCipher.init(Cipher.DECRYPT_MODE, pbeKey, pbeParamSpec);
 // decrypt cipher data
 byte[] plain_data = pbeCipher.doFinal(cipherdata);
 

Version:

File Revision 21

See Also:

PrivateKeyInfo, EncryptedPrivateKeyInfo, DES, PBEKey, PBEParameterSpec, PBEGenParameterSpec, PBEParameterGenerator, PBEParameters, IaikPBEParameterSpec

Field Summary

protected AlgorithmParameters

params

Constructor Summary

PbeWithMD5AndDES_CBC()
Creates a new PbeWithMD5AndDES_CBC Cipher object.

Method Summary

AlgorithmParameters	engineGetParameters() Returns the algorithm's parameters.
void	engineInit(int opmode, Key key, AlgorithmParameterSpec paramSpec, SecureRandom random) Initializes this cipher for encryption or decryption.
void	engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) Initializes this cipher for encryption or decryption.
void	engineInit(int opmode, Key key, SecureRandom random) Initializes this cipher for encryption or decryption.
void	engineSetMode(String mode) This method only overwrites the corresponding method in its superclass (DES) and does nothing.
void	engineSetPadding(String padding) This method only overwrites the corresponding method in its superclass and does nothing.
protected void	initCipher(int opmode, Key key) Is used by all engineInit methods and initializes the cipher.

Methods inherited from class iaik.security.cipher.DES

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineUnwrap, engineUpdate, engineUpdate, engineWrap, getModeBlockSize, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

params

protected AlgorithmParameters params

Constructor Detail

PbeWithMD5AndDES_CBC

public PbeWithMD5AndDES_CBC()
                     throws NoSuchAlgorithmException,
                            NoSuchPaddingException

Creates a new PbeWithMD5AndDES_CBC Cipher object. Usually this constructor is not directly called for using the PbeWithMD5AndDES_CBC algorithm for password-based encryption. Rather Cipher.getInstance("PbeWithMD5AndDES_CBC") is used to get a PbeWithMD5AndDES_CBC Cipher object. When dealing with PKCS#8 EncryptedPrivateKeyInfo this algorithm is specified by its appertaining AlgorithmID, e.g. epki.encrypt("password", AlgorithmID.pbeWithMD5AndDES_CBC, null); causing a call to iaik.asn1.structure.AlgorithmID.getInstance() method which in its turn calls Cipher.getInstance(algorithmID.getName()) for actually getting an implementation of the the PbeWithMD5AndDES_CBC algorithm, finally leading to this constructor.

Throws:

NoSuchAlgorithmException - if there is no implementation for DES-CBC

NoSuchPaddingException - if there is no implementaion for PKCS5Padding

See Also:

AlgorithmID.getInstance(), Cipher.getInstance(java.lang.String)

Method Detail

engineGetParameters

public AlgorithmParameters engineGetParameters()

Returns the algorithm's parameters. They have to be initialized first. Otherwise null is returned.

Overrides:

engineGetParameters in class iaik.security.cipher.BufferedCipher

Returns:

the cipher's parameters

initCipher

protected void initCipher(int opmode,
                          Key key)
                   throws InvalidKeyException,
                          InvalidAlgorithmParameterException

Is used by all engineInit methods and initializes the cipher.

engineInit

public void engineInit(int opmode,
                       Key key,
                       SecureRandom random)
                throws InvalidKeyException

Initializes this cipher for encryption or decryption. The key must be a PBEKey in "RAW" format. This method initializes salt with a self-generated random number and iteration count with 1 as specified in PKCS#5.

Overrides:

engineInit in class iaik.security.cipher.BufferedCipher

Parameters:

opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE

key - the password as PBEKey

random - not needed - shall be null

Throws:

InvalidKeyException - if the key algorithm is not "PBE" or the format is not "RAW"

engineInit

public void engineInit(int opmode,
                       Key key,
                       AlgorithmParameters params,
                       SecureRandom random)
                throws InvalidKeyException,
                       InvalidAlgorithmParameterException

Initializes this cipher for encryption or decryption. The key must be a PBEKey in "RAW" format. params is of type PBEParameters, containing a salt value (of 8 byte length) and iteration count as specified in PKCS#5.

Overrides:

engineInit in class iaik.security.cipher.BufferedCipher

Parameters:

opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE

key - the password as PBEKey

params - the algorithm parameters of type PBEParameters

random - not needed - shall be null

Throws:

InvalidKeyException - if the key algorithm is not "PBE" or the format is not "RAW"

InvalidAlgorithmParameterException - if the parameter is no instance of PBEParameters

engineInit

public void engineInit(int opmode,
                       Key key,
                       AlgorithmParameterSpec paramSpec,
                       SecureRandom random)
                throws InvalidKeyException,
                       InvalidAlgorithmParameterException

Initializes this cipher for encryption or decryption. The key must be a PBEKey in "RAW" format. params is of type PBEParameterSpec, containing a salt value (of 8 byte length) and iteration count as specified in PKCS#5.

Overrides:

engineInit in class iaik.security.cipher.BufferedCipher

Parameters:

opmode - Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE

key - the password as PBEKey

paramSpec - the algorithm parameters of type PBEParameterSpec

random - not needed - shall be null

Throws:

InvalidKeyException - if the key algorithm is not "PBE" or the format is not "RAW"

InvalidAlgorithmParameterException - if the parameter is no instance of PBEParameterSpec

engineSetPadding

public void engineSetPadding(String padding)

This method only overwrites the corresponding method in its superclass and does nothing. PbeWithMD5AndDES_CBC uses PKCS5Padding.

Overrides:

engineSetPadding in class iaik.security.cipher.BufferedCipher

Parameters:

padding - the name of the padding scheme

engineSetMode

public void engineSetMode(String mode)

This method only overwrites the corresponding method in its superclass (DES) and does nothing. PbeWithMD5AndDES_CBC encrypts with DES in CBC mode.

Overrides:

engineSetMode in class iaik.security.cipher.BufferedCipher

Parameters:

mode - the cipher mode