cross_platform_crypto/Pbkdf2/Pbkdf2.java at main · java-crypto/cross_platform_crypto · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package PBKDF2;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.SecureRandom;
import java.security.spec.KeySpec;

public class Pbkdf2 {
    public static void main(String[] args) throws Exception {
        System.out.println("Generate a 32 byte long AES key with PBKDF2");

        // get the password as char array
        char[] passwordChar = "secret password".toCharArray();
        final int PBKDF2_ITERATIONS = 15000; // number of iterations, higher is better but slower
        // ### security warning - never use a fixed salt in production, this is for compare reasons only
        byte[] salt = generateFixedSalt32Byte();
        // please use below generateSalt32Byte()
        //byte[] salt = generateSalt32Byte();
        byte[] aesKeySha512 = generateAes256KeyPbkdf2Sha512(passwordChar, PBKDF2_ITERATIONS, salt);
        System.out.println("aesKeySha512 length: " + aesKeySha512.length + " data: " + bytesToHex(aesKeySha512));
        byte[] aesKeySha256 = generateAes256KeyPbkdf2Sha256(passwordChar, PBKDF2_ITERATIONS, salt);
        System.out.println("aesKeySha256 length: " + aesKeySha256.length + " data: " + bytesToHex(aesKeySha256));
        byte[] aesKeySha1 = generateAes256KeyPbkdf2Sha1(passwordChar, PBKDF2_ITERATIONS, salt);
        System.out.println("aesKeySha1   length: " + aesKeySha1.length + " data: " + bytesToHex(aesKeySha1));
    }

    public static byte[] generateAes256KeyPbkdf2Sha512(char[] password, int iterations, byte[] salt) throws Exception {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
        KeySpec keySpec = new PBEKeySpec(password, salt, iterations, 32 * 8);
        return secretKeyFactory.generateSecret(keySpec).getEncoded();
    }

    public static byte[] generateAes256KeyPbkdf2Sha256(char[] password, int iterations, byte[] salt) throws Exception {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        KeySpec keySpec = new PBEKeySpec(password, salt, iterations, 32 * 8);
        return secretKeyFactory.generateSecret(keySpec).getEncoded();
    }

    public static byte[] generateAes256KeyPbkdf2Sha1(char[] password, int iterations, byte[] salt) throws Exception {
        if (iterations < 15000) iterations = 15000; // minimum number of iterations
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        KeySpec keySpec = new PBEKeySpec(password, salt, iterations, 32 * 8);
        return secretKeyFactory.generateSecret(keySpec).getEncoded();
    }

    private static byte[] generateSalt32Byte() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] salt = new byte[32];
        secureRandom.nextBytes(salt);
        return salt;
    }

    private static byte[] generateFixedSalt32Byte() {
        // ### security warning - never use this in production ###
        byte[] salt = new byte[32]; // 32 x0's
        return salt;
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuffer result = new StringBuffer();
        for (byte b : bytes) result.append(Integer.toString((b & 0xff) + 0x100, 16).substring(1));
        return result.toString();
    }
}