Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA












18















Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?



I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.



I do not want to write crypto module by myself.



Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)



(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html










share|improve this question




















  • 1





    stackoverflow.com/questions/9147463/…

    – Konstantin V. Salikhov
    Mar 22 '14 at 17:17











  • @KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

    – dgregory
    Mar 22 '14 at 17:33
















18















Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?



I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.



I do not want to write crypto module by myself.



Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)



(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html










share|improve this question




















  • 1





    stackoverflow.com/questions/9147463/…

    – Konstantin V. Salikhov
    Mar 22 '14 at 17:17











  • @KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

    – dgregory
    Mar 22 '14 at 17:33














18












18








18


16






Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?



I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.



I do not want to write crypto module by myself.



Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)



(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html










share|improve this question
















Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?



I used to encrypting by bouncycastle but it does not provides PBKDF2WithHmacSHA256'.



I do not want to write crypto module by myself.



Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)



(here are algorithms that bouncycastle supports algorithm)
http://www.bouncycastle.org/specifications.html







java cryptography bouncycastle pbkdf2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '16 at 4:32







dgregory

















asked Mar 22 '14 at 17:13









dgregorydgregory

1,0031819




1,0031819








  • 1





    stackoverflow.com/questions/9147463/…

    – Konstantin V. Salikhov
    Mar 22 '14 at 17:17











  • @KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

    – dgregory
    Mar 22 '14 at 17:33














  • 1





    stackoverflow.com/questions/9147463/…

    – Konstantin V. Salikhov
    Mar 22 '14 at 17:17











  • @KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

    – dgregory
    Mar 22 '14 at 17:33








1




1





stackoverflow.com/questions/9147463/…

– Konstantin V. Salikhov
Mar 22 '14 at 17:17





stackoverflow.com/questions/9147463/…

– Konstantin V. Salikhov
Mar 22 '14 at 17:17













@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

– dgregory
Mar 22 '14 at 17:33





@KonstantinV.Salikhov I already read but it's hard to believe that it is fully proven. And if i use that, I have to implement code for Jasypt API

– dgregory
Mar 22 '14 at 17:33












3 Answers
3






active

oldest

votes


















32














Using BouncyCastle classes directly:



PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();





share|improve this answer































    22














    It is available in Java 8:



    public static byte getEncryptedPassword(
    String password,
    byte salt,
    int iterations,
    int derivedKeyLength
    ) throws NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec spec = new PBEKeySpec(
    password.toCharArray(),
    salt,
    iterations,
    derivedKeyLength * 8
    );

    SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

    return f.generateSecret(spec).getEncoded();
    }





    share|improve this answer





















    • 1





      Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

      – Kirby
      Jan 21 '15 at 17:54






    • 3





      @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

      – Maarten Bodewes
      Sep 15 '15 at 0:28













    • Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

      – Yevhenii Kanivets
      Dec 28 '18 at 11:34



















    1














    Using spongycastle (java on android)



    Replace spongycastle with bouncycastle if you are using bouncycastle on java directly



    import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
    import org.spongycastle.crypto.digests.SHA256Digest;
    import org.spongycastle.crypto.params.KeyParameter;

    public class Crypto {
    public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
    PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
    byte secretData = secret.getBytes();
    byte saltData = salt.getBytes();
    gen.init(secretData, saltData, iterations);
    byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
    return toHex(derivedKey);
    }

    private static String toHex(byte bytes) {
    BigInteger bi = new BigInteger(1, bytes);
    return String.format("%0" + (bytes.length << 1) + "x", bi);
    }
    }





    share|improve this answer























      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f22580853%2freliable-implementation-of-pbkdf2-hmac-sha256-for-java%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      32














      Using BouncyCastle classes directly:



      PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
      gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
      byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();





      share|improve this answer




























        32














        Using BouncyCastle classes directly:



        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
        gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
        byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();





        share|improve this answer


























          32












          32








          32







          Using BouncyCastle classes directly:



          PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
          gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
          byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();





          share|improve this answer













          Using BouncyCastle classes directly:



          PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
          gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
          byte dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 24 '14 at 21:42









          PasiPasi

          1,345810




          1,345810

























              22














              It is available in Java 8:



              public static byte getEncryptedPassword(
              String password,
              byte salt,
              int iterations,
              int derivedKeyLength
              ) throws NoSuchAlgorithmException, InvalidKeySpecException {
              KeySpec spec = new PBEKeySpec(
              password.toCharArray(),
              salt,
              iterations,
              derivedKeyLength * 8
              );

              SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

              return f.generateSecret(spec).getEncoded();
              }





              share|improve this answer





















              • 1





                Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

                – Kirby
                Jan 21 '15 at 17:54






              • 3





                @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

                – Maarten Bodewes
                Sep 15 '15 at 0:28













              • Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

                – Yevhenii Kanivets
                Dec 28 '18 at 11:34
















              22














              It is available in Java 8:



              public static byte getEncryptedPassword(
              String password,
              byte salt,
              int iterations,
              int derivedKeyLength
              ) throws NoSuchAlgorithmException, InvalidKeySpecException {
              KeySpec spec = new PBEKeySpec(
              password.toCharArray(),
              salt,
              iterations,
              derivedKeyLength * 8
              );

              SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

              return f.generateSecret(spec).getEncoded();
              }





              share|improve this answer





















              • 1





                Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

                – Kirby
                Jan 21 '15 at 17:54






              • 3





                @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

                – Maarten Bodewes
                Sep 15 '15 at 0:28













              • Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

                – Yevhenii Kanivets
                Dec 28 '18 at 11:34














              22












              22








              22







              It is available in Java 8:



              public static byte getEncryptedPassword(
              String password,
              byte salt,
              int iterations,
              int derivedKeyLength
              ) throws NoSuchAlgorithmException, InvalidKeySpecException {
              KeySpec spec = new PBEKeySpec(
              password.toCharArray(),
              salt,
              iterations,
              derivedKeyLength * 8
              );

              SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

              return f.generateSecret(spec).getEncoded();
              }





              share|improve this answer















              It is available in Java 8:



              public static byte getEncryptedPassword(
              String password,
              byte salt,
              int iterations,
              int derivedKeyLength
              ) throws NoSuchAlgorithmException, InvalidKeySpecException {
              KeySpec spec = new PBEKeySpec(
              password.toCharArray(),
              salt,
              iterations,
              derivedKeyLength * 8
              );

              SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

              return f.generateSecret(spec).getEncoded();
              }






              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Apr 2 '18 at 10:15









              Andrii Abramov

              4,24643149




              4,24643149










              answered Jan 13 '15 at 17:56









              mjrduranmjrduran

              35026




              35026








              • 1





                Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

                – Kirby
                Jan 21 '15 at 17:54






              • 3





                @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

                – Maarten Bodewes
                Sep 15 '15 at 0:28













              • Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

                – Yevhenii Kanivets
                Dec 28 '18 at 11:34














              • 1





                Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

                – Kirby
                Jan 21 '15 at 17:54






              • 3





                @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

                – Maarten Bodewes
                Sep 15 '15 at 0:28













              • Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

                – Yevhenii Kanivets
                Dec 28 '18 at 11:34








              1




              1





              Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

              – Kirby
              Jan 21 '15 at 17:54





              Strange, I could not get the Java 8 version to work correctly. It generated output, but a different output than Bouncy Castle and the Node.js equivalent

              – Kirby
              Jan 21 '15 at 17:54




              3




              3





              @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

              – Maarten Bodewes
              Sep 15 '15 at 0:28







              @Kirby Make sure you only use ASCII, Java 8 is a bit weird in the sense that it uses only the lower 8 bits of char (i.e. Windows-1252 compatible character encoding).

              – Maarten Bodewes
              Sep 15 '15 at 0:28















              Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

              – Yevhenii Kanivets
              Dec 28 '18 at 11:34





              Works like a charm. BTW, if you want to use 512-byte digest, just change "PBKDF2WithHmacSHA256" to "PBKDF2WithHmacSHA512".

              – Yevhenii Kanivets
              Dec 28 '18 at 11:34











              1














              Using spongycastle (java on android)



              Replace spongycastle with bouncycastle if you are using bouncycastle on java directly



              import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
              import org.spongycastle.crypto.digests.SHA256Digest;
              import org.spongycastle.crypto.params.KeyParameter;

              public class Crypto {
              public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
              PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
              byte secretData = secret.getBytes();
              byte saltData = salt.getBytes();
              gen.init(secretData, saltData, iterations);
              byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
              return toHex(derivedKey);
              }

              private static String toHex(byte bytes) {
              BigInteger bi = new BigInteger(1, bytes);
              return String.format("%0" + (bytes.length << 1) + "x", bi);
              }
              }





              share|improve this answer




























                1














                Using spongycastle (java on android)



                Replace spongycastle with bouncycastle if you are using bouncycastle on java directly



                import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
                import org.spongycastle.crypto.digests.SHA256Digest;
                import org.spongycastle.crypto.params.KeyParameter;

                public class Crypto {
                public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
                PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
                byte secretData = secret.getBytes();
                byte saltData = salt.getBytes();
                gen.init(secretData, saltData, iterations);
                byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
                return toHex(derivedKey);
                }

                private static String toHex(byte bytes) {
                BigInteger bi = new BigInteger(1, bytes);
                return String.format("%0" + (bytes.length << 1) + "x", bi);
                }
                }





                share|improve this answer


























                  1












                  1








                  1







                  Using spongycastle (java on android)



                  Replace spongycastle with bouncycastle if you are using bouncycastle on java directly



                  import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
                  import org.spongycastle.crypto.digests.SHA256Digest;
                  import org.spongycastle.crypto.params.KeyParameter;

                  public class Crypto {
                  public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
                  PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
                  byte secretData = secret.getBytes();
                  byte saltData = salt.getBytes();
                  gen.init(secretData, saltData, iterations);
                  byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
                  return toHex(derivedKey);
                  }

                  private static String toHex(byte bytes) {
                  BigInteger bi = new BigInteger(1, bytes);
                  return String.format("%0" + (bytes.length << 1) + "x", bi);
                  }
                  }





                  share|improve this answer













                  Using spongycastle (java on android)



                  Replace spongycastle with bouncycastle if you are using bouncycastle on java directly



                  import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
                  import org.spongycastle.crypto.digests.SHA256Digest;
                  import org.spongycastle.crypto.params.KeyParameter;

                  public class Crypto {
                  public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
                  PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
                  byte secretData = secret.getBytes();
                  byte saltData = salt.getBytes();
                  gen.init(secretData, saltData, iterations);
                  byte derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
                  return toHex(derivedKey);
                  }

                  private static String toHex(byte bytes) {
                  BigInteger bi = new BigInteger(1, bytes);
                  return String.format("%0" + (bytes.length << 1) + "x", bi);
                  }
                  }






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 5 '18 at 12:18









                  Guillaume VincentGuillaume Vincent

                  5,05274871




                  5,05274871






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f22580853%2freliable-implementation-of-pbkdf2-hmac-sha256-for-java%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      404 Error Contact Form 7 ajax form submitting

                      How to know if a Active Directory user can login interactively

                      Refactoring coordinates for Minecraft Pi buildings written in Python