PBKDF2-HMAC-SHA256 for JAVA 的可靠实现
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22580853/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA
提问by dgregory
UPDATED 2019: Bouncycastle now support PBKDF2-HMAC-SHA256 since bouncycastle 1.60
2019 年更新:Bouncycastle 现在支持 PBKDF2-HMAC-SHA256,因为 bouncycastle 1.60
Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?
PBKDF2-HMAC-SHA256 是否有可靠的 JAVA 实现?
I used to encrypt using bouncycastle but it does not provide PBKDF2WithHmacSHA256'.
我曾经使用 bouncycastle 进行加密,但它不提供 PBKDF2WithHmacSHA256'。
I do not want to write crypto module by myself.
我不想自己编写加密模块。
Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)
你能推荐任何替代库或算法吗(如果我能坚持使用 bouncycastle)
(here are the algorithms that bouncycastle supports) http://www.bouncycastle.org/specifications.html
(这里是 bouncycastle 支持的算法) http://www.bouncycastle.org/specifications.html
采纳答案by Pasi
Using BouncyCastle classes directly:
直接使用 BouncyCastle 类:
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
回答by mjrduran
It is available in Java 8:
它在 Java 8 中可用:
public static byte[] getEncryptedPassword(
String password,
byte[] salt,
int iterations,
int derivedKeyLength
) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(
password.toCharArray(),
salt,
iterations,
derivedKeyLength * 8
);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
return f.generateSecret(spec).getEncoded();
}
回答by Guillaume Vincent
Using spongycastle (java on android)
使用 spongycastle(android 上的 java)
Replace spongycastle with bouncycastle if you are using bouncycastle on java directly
如果您直接在 java 上使用 bouncycastle,请将 spongycastle 替换为 bouncycastle
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;
public class Crypto {
public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte[] secretData = secret.getBytes();
byte[] saltData = salt.getBytes();
gen.init(secretData, saltData, iterations);
byte[] derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();
return toHex(derivedKey);
}
private static String toHex(byte[] bytes) {
BigInteger bi = new BigInteger(1, bytes);
return String.format("%0" + (bytes.length << 1) + "x", bi);
}
}
