iaik.pkcs.pkcs5

Class PBKDF2KeyAndParameterSpec

java.lang.Object

iaik.security.spec.PBEKeyAndParameterSpec

iaik.pkcs.pkcs5.PBKDF2KeyAndParameterSpec

All Implemented Interfaces:

java.security.spec.AlgorithmParameterSpec

public class PBKDF2KeyAndParameterSpec
extends PBEKeyAndParameterSpec

This class is simply a combination of PBKDF2 param spec and password since both are needed when deriving a key from a password.
PBKDF2 parameters specify salt value, iteration count, length of the to-be-derived key (optional), and (MAC based) pseudo random function (default: HMCA/SHA1) to be used by the PBKDF2 function for deriving a secret key from a password according to PKCS#5 v2.1.:

 PBKDF2-params ::= SEQUENCE {
   salt CHOICE {
     specified OCTET STRING,
     otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
   },
   iterationCount INTEGER (1..MAX),
   keyLength INTEGER (1..MAX) OPTIONAL,
   prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
     algid-hmacWithSHA1 }
 

The PBKDF2-params ASN.1 definition allows to specify the salt value as OCTET STRING or otherSource algorithm id. However, this implementation does not support the otherSource alternative because until now it is not yet fully specified by PKCS#5 (version v2.1).

Version:

File Revision 11

Constructor Summary

Constructors

Constructor and Description
PBKDF2KeyAndParameterSpec(byte[] password, byte[] salt, int iterationCount, int derivedKeyLength) Creates a PBKDF2KeyAndParameterSpec from given password and parameters.
PBKDF2KeyAndParameterSpec(byte[] password, PBKDF2ParameterSpec pbkdf2Params) Creates a PBKDF2KeyAndParameterSpec from given password and parameters.
PBKDF2KeyAndParameterSpec(char[] password, PBKDF2ParameterSpec pbkdf2Params) Creates a PBKDF2KeyAndParameterSpec from given password and parameters.

Method Summary

Methods

Modifier and Type	Method and Description
AlgorithmID	getPrf() Gets the pseudo random function to be used.
void	setPrf(AlgorithmID prf) Sets the pseudo random function to be used.

Methods inherited from class iaik.security.spec.PBEKeyAndParameterSpec

finalize, getDerivedKeyLength, getIterationCount, getPassword, getSalt

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(byte[] password,
                         byte[] salt,
                         int iterationCount,
                         int derivedKeyLength)

Creates a PBKDF2KeyAndParameterSpec from given password and parameters. Note that the given password and salt will be cloned by this constructor.

Parameters:

password - the (encoded) password

salt - the salt

iterationCount - the iteration count

derivedKeyLength - the length (number of bytes) the derived key should have

Throws:

java.lang.IllegalArgumentException - if password or salt are null, or iteration count or derived key length are < 1

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(byte[] password,
                         PBKDF2ParameterSpec pbkdf2Params)

Creates a PBKDF2KeyAndParameterSpec from given password and parameters.

Parameters:

password - the (encoded) password

pbkdf2Params - the PBKDF2 parameters (salt, iteration count, length of the derived key)

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(char[] password,
                         PBKDF2ParameterSpec pbkdf2Params)
                          throws UTF8CodingException

Creates a PBKDF2KeyAndParameterSpec from given password and parameters. When using this constructor the password will be UTF-8 encoded.

Parameters:

password - the as char array

pbkdf2Params - the PBKDF2 parameters (salt, iteration count, length of the derived key)

Throws:

UTF8CodingException - if the password cannot be UTF-8 encoded

Method Detail

setPrf

public void setPrf(AlgorithmID prf)

Sets the pseudo random function to be used.

Parameters:

prf - the pseudo random MAC function to be used

getPrf

public AlgorithmID getPrf()

Gets the pseudo random function to be used.

Returns:

the pseudo random MAC function to be used, or null if no prf has been set (in this case the default prf HMAC/SHA1 shall be used)