Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.
I do not want to write crypto module by myself.
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html
java cryptography bouncycastle pbkdf2
add a comment |
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.
I do not want to write crypto module by myself.
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html
java cryptography bouncycastle pbkdf2
1
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33
add a comment |
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.
I do not want to write crypto module by myself.
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html
java cryptography bouncycastle pbkdf2
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.
I do not want to write crypto module by myself.
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html
java cryptography bouncycastle pbkdf2
java cryptography bouncycastle pbkdf2
edited Nov 22 '16 at 4:32
dgregory
asked Mar 22 '14 at 17:13
dgregorydgregory
1,0031819
1,0031819
1
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33
add a comment |
1
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33
1
1
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33
add a comment |
3 Answers
3
active
oldest
votes
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
add a comment |
It is available in Java 8:
public static byte getEncryptedPassword(
String password,
byte salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits ofchar
(i.e. Windows-1252 compatible character encoding).
– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
add a comment |
Using spongycastle (java on android)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte secretData = secret.getBytes();
byte saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f22580853%2freliable-implementation-of-pbkdf2-hmac-sha256-for-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
add a comment |
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
add a comment |
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
Using BouncyCastle classes directly:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
answered Mar 24 '14 at 21:42
PasiPasi
1,345810
1,345810
add a comment |
add a comment |
It is available in Java 8:
public static byte getEncryptedPassword(
String password,
byte salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits ofchar
(i.e. Windows-1252 compatible character encoding).
– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
add a comment |
It is available in Java 8:
public static byte getEncryptedPassword(
String password,
byte salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits ofchar
(i.e. Windows-1252 compatible character encoding).
– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
add a comment |
It is available in Java 8:
public static byte getEncryptedPassword(
String password,
byte salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
It is available in Java 8:
public static byte getEncryptedPassword(
String password,
byte salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
edited Apr 2 '18 at 10:15
Andrii Abramov
4,24643149
4,24643149
answered Jan 13 '15 at 17:56
mjrduranmjrduran
35026
35026
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits ofchar
(i.e. Windows-1252 compatible character encoding).
– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
add a comment |
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits ofchar
(i.e. Windows-1252 compatible character encoding).
– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
1
1
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent
– Kirby
Jan 21 '15 at 17:54
3
3
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of
char
(i.e. Windows-1252 compatible character encoding).– Maarten Bodewes
Sep 15 '15 at 0:28
@Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of
char
(i.e. Windows-1252 compatible character encoding).– Maarten Bodewes
Sep 15 '15 at 0:28
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".
– Yevhenii Kanivets
Dec 28 '18 at 11:34
add a comment |
Using spongycastle (java on android)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte secretData = secret.getBytes();
byte saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
add a comment |
Using spongycastle (java on android)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte secretData = secret.getBytes();
byte saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
add a comment |
Using spongycastle (java on android)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte secretData = secret.getBytes();
byte saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
Using spongycastle (java on android)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte secretData = secret.getBytes();
byte saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
answered Dec 5 '18 at 12:18
Guillaume VincentGuillaume Vincent
5,05274871
5,05274871
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f22580853%2freliable-implementation-of-pbkdf2-hmac-sha256-for-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
stackoverflow.com/questions/9147463/…
– Konstantin V. Salikhov
Mar 22 '14 at 17:17
@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API
– dgregory
Mar 22 '14 at 17:33