iaik.pkcs.pkcs5

Class PBES2Parameters

java.lang.Object

java.security.AlgorithmParametersSpi

iaik.pkcs.pkcs5.PBES2Parameters

public class PBES2Parameters
extends java.security.AlgorithmParametersSpi

This class represents PBES2 parameters in opaque form for the PBES2 password based encryption scheme according to the PKCS#5 v2.1 Password-Based Cryptography Standard.

PBES2 parameters specify parameters for deriving a secret key from a password, and the encryption scheme for encrypting the data with the derived secret key:

 PBES2-params ::= SEQUENCE {
   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
   
 PBES2-KDFs ALGORITHM-IDENTIFIER ::=
   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
   
 PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
 

The default key derivation function used by PBES2 is PBKDF2 which uses the following parameters: salt value, iteration count, length of the to-be-derived key (optional), and (MAC based) pseudo random function (default: HMCA/SHA1):

 PBKDF2-params ::= SEQUENCE {
   salt CHOICE {
     specified OCTET STRING,
     otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
   },
   iterationCount INTEGER (1..MAX),
   keyLength INTEGER (1..MAX) OPTIONAL,
   prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
     algid-hmacWithSHA1 }
 

The PBKDF2-params ASN.1 definition allows to specify the salt value as OCTET STRING or otherSource algorithm id. However, this implementation does not support the otherSource alternative because until now it is not yet fully specified by PKCS#5 (version v2.1).

PBES2Parameters can be generated by calling one of the AlgorithmParameters.getInstance methods. Subsequently the new AlgorithmParameters object must be initialized with a proper PBES2 parameter specification or a DER encoded byte array, e.g.:

 PBES2ParameterSpec paramSpec = ...;
 AlgorithmParameters params = AlgorithmParameters.getInstance("PBES2", "IAIK");
 params.init(paramSpec);
 

respectively:

 byte[] encodedParams = ...;
 AlgorithmParameters params = AlgorithmParameters.getInstance("PBES2", "IAIK");
 params.init(encodedParams);
 

For obtaining PBES2 parameters in transparent representation from an opaque PBES2Parameters object, the getParameterSpec method can be used; for obtaining the parameters as DER encoded ASN.1 object, use method getEncoded:

 PBES2ParameterSpec paramSpec = (PBES2ParameterSpec) params
     .getParameterSpec(PBES2ParameterSpec.class);
 

respectively

 byte[] encodedParams = params.getEncoded();
 

Version:

File Revision 15

See Also:

PBES2ParameterSpec, AlgorithmParameters

Constructor Summary

Constructors

Constructor and Description
PBES2Parameters() The default constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected byte[]	engineGetEncoded() Returns the (DER) encoded PBES2 parameters.
protected byte[]	engineGetEncoded(java.lang.String format) Returns the (DER) encoded PBES2 parameters.
protected java.security.spec.AlgorithmParameterSpec	engineGetParameterSpec(java.lang.Class paramSpec) Returns the PBES2 parameters as transparent PBES2 parameter specification of the given class type.
protected void	engineInit(java.security.spec.AlgorithmParameterSpec paramSpec) Initializes this PBES2Parameters with the given PBES2ParameterSpec.
protected void	engineInit(byte[] params) Initializes this PBES2Parameters object from the given DER encoded byte array.
protected void	engineInit(byte[] params, java.lang.String format) Inits the parameters from an DER encoded byte array.
protected java.lang.String	engineToString() Returns a String representation of the parameters.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PBES2Parameters

public PBES2Parameters()

The default constructor. Only internally used for creating a PBES2Parameters object. Applications shall use one of the AlgorithmParameters.getInstance("PBES2", "IAIK") factory methods for obtaining PBES2Parameters.

Method Detail

engineGetEncoded

protected byte[] engineGetEncoded()
                           throws java.io.IOException

Returns the (DER) encoded PBES2 parameters.

Specified by:

engineGetEncoded in class java.security.AlgorithmParametersSpi

Returns:

the PBES2 parameters as DER byte array

Throws:

java.io.IOException - if an encoding error occurs

engineGetEncoded

protected byte[] engineGetEncoded(java.lang.String format)
                           throws java.io.IOException

Returns the (DER) encoded PBES2 parameters.

Format is ignored. Only DER encoding is supported at this time. This method only calls engineGetEncoded() for returning the PBES2 parameters as DER encoded byte array, regardless of what is specified in the format string.

Specified by:

engineGetEncoded in class java.security.AlgorithmParametersSpi

Parameters:

format - the encoding format; ignored

Returns:

the PBES2 parameters as DER byte array

Throws:

java.io.IOException - if an encoding error occurs

engineGetParameterSpec

protected java.security.spec.AlgorithmParameterSpec engineGetParameterSpec(java.lang.Class paramSpec)
                                                                    throws java.security.spec.InvalidParameterSpecException

Returns the PBES2 parameters as transparent PBES2 parameter specification of the given class type.

Specified by:

engineGetParameterSpec in class java.security.AlgorithmParametersSpi

Parameters:

paramSpec - the desired parameter specification class, must be PBES2ParameterSpec.class

Returns:

the PBES2 parameters as PBES2ParameterSpec

Throws:

java.security.spec.InvalidParameterSpecException - if the parameters cannot be converted to the desired parameter specification

engineInit

protected void engineInit(java.security.spec.AlgorithmParameterSpec paramSpec)
                   throws java.security.spec.InvalidParameterSpecException

Initializes this PBES2Parameters with the given PBES2ParameterSpec.

Specified by:

engineInit in class java.security.AlgorithmParametersSpi

Parameters:

paramSpec - the parameter specification, which has to be a PBES2ParameterSpec

Throws:

java.security.spec.InvalidParameterSpecException - if the given parameter specification is not a PBES2ParameterSpec

engineInit

protected void engineInit(byte[] params)
                   throws java.io.IOException

Initializes this PBES2Parameters object from the given DER encoded byte array.

Specified by:

engineInit in class java.security.AlgorithmParametersSpi

Parameters:

params - the DER encoded PBES2 parameters

Throws:

java.io.IOException - if an error occurs when decoding the given byte array

engineInit

protected void engineInit(byte[] params,
              java.lang.String format)
                   throws java.io.IOException

Inits the parameters from an DER encoded byte array. Format is ignored. Only calls engineInit(params) for initializing this PBES2Parameters object from the given DER encoded byte array, regardless of what is specified in the format string.

Specified by:

engineInit in class java.security.AlgorithmParametersSpi

Parameters:

params - the DER encoded PBES2 parameters

format - the encoding format; ignored

Throws:

java.io.IOException - if an error occurs when decoding the given byte array

engineToString

protected java.lang.String engineToString()

Returns a String representation of the parameters.

Specified by:

engineToString in class java.security.AlgorithmParametersSpi

Returns:

a String representation of this PBKDF2 parameters