Examples with PBEKeySpec - javax.crypto.spec.PBEKeySpec

Example 46 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project ETSMobile-Android2 by ApplETS.

the class SecurePreferences method generateAesKeyName.

private static String generateAesKeyName(Context context) throws InvalidKeySpecException, NoSuchAlgorithmException {
    final char[] password = context.getPackageName().toCharArray();
    final byte[] salt = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID).getBytes();
    // Number of PBKDF2 hardening rounds to use, larger values increase
    // computation time, you should select a value that causes
    // computation to take >100ms
    final int iterations = 1000;
    // Generate a 256-bit key
    final int keyLength = 256;
    final KeySpec spec = new PBEKeySpec(password, salt, iterations, keyLength);
    return SecurePreferences.encode(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(spec).getEncoded());
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec)

Example 47 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jackrabbit-oak by apache.

the class PasswordUtil method generatePBKDF2.

@Nonnull
private static String generatePBKDF2(@Nonnull String pwd, @Nonnull String salt, @Nonnull String algorithm, int iterations, int keyLength) throws NoSuchAlgorithmException {
    // for example PBKDF2WithHmacSHA1
    SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm);
    byte[] saltBytes = convertHexToBytes(salt);
    KeySpec keyspec = new PBEKeySpec(pwd.toCharArray(), saltBytes, iterations, keyLength);
    try {
        Key key = factory.generateSecret(keyspec);
        byte[] bytes = key.getEncoded();
        return convertBytesToHex(bytes);
    } catch (InvalidKeySpecException e) {
        throw new NoSuchAlgorithmException(algorithm, e);
    }
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecretKeyFactory(javax.crypto.SecretKeyFactory) Key(java.security.Key) Nonnull(javax.annotation.Nonnull)

Example 48 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project wildfly by wildfly.

the class VaultSession method computeMaskedPassword.

/**
     * Method to compute masked password based on class attributes.
     *
     * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}.
     * @throws Exception
     */
private String computeMaskedPassword() throws Exception {
    // Create the PBE secret key
    SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM);
    char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
    PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
    PBEKeySpec keySpec = new PBEKeySpec(password);
    SecretKey cipherKey = factory.generateSecret(keySpec);
    String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec);
    return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass;
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) SecretKeyFactory(javax.crypto.SecretKeyFactory) PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)

Example 49 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class PBEKeyFactory method engineGetKeySpec.

/**
     * Returns a specification (key material) of the given key
     * in the requested format.
     *
     * @param key the key
     *
     * @param keySpec the requested format in which the key material shall be
     * returned
     *
     * @return the underlying key specification (key material) in the
     * requested format
     *
     * @exception InvalidKeySpecException if the requested key specification is
     * inappropriate for the given key, or the given key cannot be processed
     * (e.g., the given key has an unrecognized algorithm or format).
     */
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl) throws InvalidKeySpecException {
    if ((key instanceof SecretKey) && (validTypes.contains(key.getAlgorithm().toUpperCase(Locale.ENGLISH))) && (key.getFormat().equalsIgnoreCase("RAW"))) {
        // Check if requested key spec is amongst the valid ones
        if ((keySpecCl != null) && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
            byte[] passwdBytes = key.getEncoded();
            char[] passwdChars = new char[passwdBytes.length];
            for (int i = 0; i < passwdChars.length; i++) passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
            PBEKeySpec ret = new PBEKeySpec(passwdChars);
            // password char[] was cloned in PBEKeySpec constructor,
            // so we can zero it out here
            java.util.Arrays.fill(passwdChars, ' ');
            java.util.Arrays.fill(passwdBytes, (byte) 0x00);
            return ret;
        } else {
            throw new InvalidKeySpecException("Invalid key spec");
        }
    } else {
        throw new InvalidKeySpecException("Invalid key " + "format/algorithm");
    }
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) InvalidKeySpecException(java.security.spec.InvalidKeySpecException)

Example 50 with PBEKeySpec

use of javax.crypto.spec.PBEKeySpec in project jdk8u_jdk by JetBrains.

the class Pair method doGenSecretKey.

/**
     * Creates a new secret key.
     */
private void doGenSecretKey(String alias, String keyAlgName, int keysize) throws Exception {
    if (alias == null) {
        alias = keyAlias;
    }
    if (keyStore.containsAlias(alias)) {
        MessageFormat form = new MessageFormat(rb.getString("Secret.key.not.generated.alias.alias.already.exists"));
        Object[] source = { alias };
        throw new Exception(form.format(source));
    }
    // Use the keystore's default PBE algorithm for entry protection
    boolean useDefaultPBEAlgorithm = true;
    SecretKey secKey = null;
    if (keyAlgName.toUpperCase(Locale.ENGLISH).startsWith("PBE")) {
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
        // User is prompted for PBE credential
        secKey = factory.generateSecret(new PBEKeySpec(promptForCredential()));
        // Check whether a specific PBE algorithm was specified
        if (!"PBE".equalsIgnoreCase(keyAlgName)) {
            useDefaultPBEAlgorithm = false;
        }
        if (verbose) {
            MessageFormat form = new MessageFormat(rb.getString("Generated.keyAlgName.secret.key"));
            Object[] source = { useDefaultPBEAlgorithm ? "PBE" : secKey.getAlgorithm() };
            System.err.println(form.format(source));
        }
    } else {
        KeyGenerator keygen = KeyGenerator.getInstance(keyAlgName);
        if (keysize == -1) {
            if ("DES".equalsIgnoreCase(keyAlgName)) {
                keysize = 56;
            } else if ("DESede".equalsIgnoreCase(keyAlgName)) {
                keysize = 168;
            } else {
                throw new Exception(rb.getString("Please.provide.keysize.for.secret.key.generation"));
            }
        }
        keygen.init(keysize);
        secKey = keygen.generateKey();
        if (verbose) {
            MessageFormat form = new MessageFormat(rb.getString("Generated.keysize.bit.keyAlgName.secret.key"));
            Object[] source = { new Integer(keysize), secKey.getAlgorithm() };
            System.err.println(form.format(source));
        }
    }
    if (keyPass == null) {
        keyPass = promptForKeyPass(alias, null, storePass);
    }
    if (useDefaultPBEAlgorithm) {
        keyStore.setKeyEntry(alias, secKey, keyPass, null);
    } else {
        keyStore.setEntry(alias, new KeyStore.SecretKeyEntry(secKey), new KeyStore.PasswordProtection(keyPass, keyAlgName, null));
    }
}

Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) MessageFormat(java.text.MessageFormat) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) CertStoreException(java.security.cert.CertStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) BigInteger(java.math.BigInteger) SecretKey(javax.crypto.SecretKey) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyGenerator(javax.crypto.KeyGenerator)

Aggregations

PBEKeySpec (javax.crypto.spec.PBEKeySpec)99 SecretKeyFactory (javax.crypto.SecretKeyFactory)75 SecretKey (javax.crypto.SecretKey)55 Cipher (javax.crypto.Cipher)36 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)31 KeySpec (java.security.spec.KeySpec)24 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)23 KeyStoreException (java.security.KeyStoreException)16 IOException (java.io.IOException)15 SecretKeySpec (javax.crypto.spec.SecretKeySpec)14 CertificateException (java.security.cert.CertificateException)12 UnrecoverableKeyException (java.security.UnrecoverableKeyException)11 KeyStore (java.security.KeyStore)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)8 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)7 EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 InvalidKeyException (java.security.InvalidKeyException)6 Key (java.security.Key)6