iaik.security.spec

Class PBKDF2KeyAndParameterSpec

java.lang.Object

iaik.security.spec.PBEKeyAndParameterSpec

iaik.security.spec.PBKDF2KeyAndParameterSpec

All Implemented Interfaces:

ASN1Type, java.security.spec.AlgorithmParameterSpec

public class PBKDF2KeyAndParameterSpec
extends PBEKeyAndParameterSpec
implements ASN1Type

This class encapsulates the algorithmParameters needed for supporting the Password-Based Encryption Key Derivation Function 2 (PBEKDF2) algorithm. The algorithm parameters are defined in RFC 2898 and 8018 as follows:

 PBKDF2-params ::= SEQUENCE {
  salt CHOICE {
      specified OCTET STRING,
      otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
  },
  iterationCount INTEGER (1..MAX),
  keyLength INTEGER (1..MAX) OPTIONAL,
  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
  algid-hmacWithSHA1 }
 

For the salt CHOICE option, this implementation always uses the specified OCTET STRING, and does not currently work with any other SaltSources.

For the PRF AlgorithmIdentifier, the following values are supported:

 PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
   {NULL IDENTIFIED BY id-hmacWithSHA1},
   {NULL IDENTIFIED BY id-hmacWithSHA224},
   {NULL IDENTIFIED BY id-hmacWithSHA256},
   {NULL IDENTIFIED BY id-hmacWithSHA384},
   {NULL IDENTIFIED BY id-hmacWithSHA512},
 }
 

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_ITERATION_COUNT The default iteration count
static int	DEFAULT_KEY_LENGTH The default key length in bytes
static int	DEFAULT_SALT_LENGTH This is the default SALT length in bytes
static int	MIN_ITERATION_COUNT The minimum allowed iteration count
static int	MIN_KEY_LENGTH The Minimum key length in bytes

Constructor Summary

Constructors

Constructor and Description
PBKDF2KeyAndParameterSpec(ASN1Object algorithmParameter, SecureStringBuffer password, int keyLength) Creates a PBEKDF2 parameter specification from an ASN1Object.
PBKDF2KeyAndParameterSpec(javax.crypto.spec.PBEKeySpec spec, java.lang.String prf)
PBKDF2KeyAndParameterSpec(SecureStringBuffer password) The constructor with recommended parameter settings.
PBKDF2KeyAndParameterSpec(SecureStringBuffer password, byte[] inputSalt, int iterationCount, int keyLength, AlgorithmID kdfAlg) The PBKDF2KeyAndParameterSpec constructor.

Method Summary

Modifier and Type	Method and Description
void	decode(ASN1Object obj) Decodes the specified PBEKCS2KeyAndParameterSpec
AlgorithmID	getKDF()
byte[]	getPassword() Deprecated. use getSecurePassword
SecureStringBuffer	getSecurePassword()
ASN1Object	toASN1Object() Returns this PBEKDF2 parameter specification as an ASN1Object.

Methods inherited from class iaik.security.spec.PBEKeyAndParameterSpec

getDerivedKeyLength, getIterationCount, getSalt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ITERATION_COUNT

public static final int DEFAULT_ITERATION_COUNT

The default iteration count

See Also:

Constant Field Values

MIN_ITERATION_COUNT

public static final int MIN_ITERATION_COUNT

The minimum allowed iteration count

See Also:

Constant Field Values

DEFAULT_KEY_LENGTH

public static final int DEFAULT_KEY_LENGTH

The default key length in bytes

See Also:

Constant Field Values

MIN_KEY_LENGTH

public static final int MIN_KEY_LENGTH

The Minimum key length in bytes

See Also:

Constant Field Values

DEFAULT_SALT_LENGTH

public static final int DEFAULT_SALT_LENGTH

This is the default SALT length in bytes

See Also:

Constant Field Values

Constructor Detail

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(SecureStringBuffer password)

The constructor with recommended parameter settings.

This default constructor will use the following default properties

• A randomly generated salt of length 16 bytes from the default Entrust random number generator
• A default iteration count of 10000
• A derived key length of 256 bits
• A default PRF of HMACSHA266

Parameters:

password - the password as a SecureStringBuffer used to derive the Key

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(SecureStringBuffer password,
                                 byte[] inputSalt,
                                 int iterationCount,
                                 int keyLength,
                                 AlgorithmID kdfAlg)

The PBKDF2KeyAndParameterSpec constructor.

If no salt is specified, a randomly generated value of length 16 bytes will be used. If iteration count is less than 1 then an iteration count of 1 will be used. If the keyLength specified is lower than MIN_KEY_LENGTH of 4 then the MIN_KEY_LENGTH will be used.

Parameters:

inputSalt - The bytes of salt to use for this parameterSpec

iterationCount - The iteration count. If a value less than MIN_ITERATION_COUNT is specified, then the MIN_ITERATION_COUNT will be used

keyLength - of the key that will be generated from the password. This value will correspond to the type of key being generated. For example, if the password is used to derive an AES-256 key, the length of the key would be 256 bits

kdfAlg - The MacAlgorithm to use for the PBKDF2 algorithm

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(ASN1Object algorithmParameter,
                                 SecureStringBuffer password,
                                 int keyLength)
                          throws CodingException

Creates a PBEKDF2 parameter specification from an ASN1Object. PBE parameters are most often transported as algorithm parameters. This constructor can be used to create PBE parameters from an algorithm parameter. Simply call:

IaikPBEParameterSpec params = new IaikPBEParameterSpec(encryptionAlg.getParameter());

Parameters:

algorithmParameter - the algorithm parameters as ASN1Object

password - the SecureStringBuffer containing the password used for the PBE algorithm

keyLength - the length of the key

Throws:

CodingException - if the parameter could not be decoded

PBKDF2KeyAndParameterSpec

public PBKDF2KeyAndParameterSpec(javax.crypto.spec.PBEKeySpec spec,
                                 java.lang.String prf)

Method Detail

getKDF

public AlgorithmID getKDF()

Returns:

the AlgorithmID of the KDF used with the PBKDF2 Algorithm

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes the specified PBEKCS2KeyAndParameterSpec

Specified by:

decode in interface ASN1Type

Parameters:

obj - The ASN1Objet to decode from

Throws:

CodingException - if the ASN1Object could not be parsed

getPassword

public byte[] getPassword()

Deprecated. use getSecurePassword

Description copied from class: PBEKeyAndParameterSpec

Returns the password. Note that this method returns a reference to the password. It is the caller's responsibility to zero out the password information after it is no longer needed.

Overrides:

getPassword in class PBEKeyAndParameterSpec

getSecurePassword

public SecureStringBuffer getSecurePassword()

Returns:

the SecureStringBuffer representing the password

toASN1Object

public ASN1Object toASN1Object()

Returns this PBEKDF2 parameter specification as an ASN1Object.

 PBKDF2-params ::= SEQUENCE {
  salt CHOICE {
      specified OCTET STRING,
      otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
  },
  iterationCount INTEGER (1..MAX),
  keyLength INTEGER (1..MAX) OPTIONAL,
  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
  algid-hmacWithSHA1 }
 

Specified by:

toASN1Object in interface ASN1Type

Returns:

this PBE parameter specification as an ASN1Object