c++ – What is the algorithm name for PKCS#5 PBKDF1 in Java?

c++ – What is the algorithm name for PKCS#5 PBKDF1 in Java?

Re: Question 1

Per the Java 6 API docs for SecretKeyFactory,

Application developers should refer to their providers documentation to find out which key specifications are supported by the generateSecret and getKeySpec methods. For example, the DES secret-key factory supplied by the SunJCE provider supports DESKeySpec as a transparent representation of DES keys, and that providers secret-key factory for Triple DES keys supports DESedeKeySpec as a transparent representation of Triple DES keys.

If we look at the SunJCE provider documentation for PKCS, we see…

PBEWithMD5AndDES: The password-based encryption algorithm as defined in: RSA Laboratories, PKCS #5: Password-Based Encryption Standard, version 1.5, Nov 1993. Note that this algorithm implies CBC as the cipher mode and PKCS5Padding as the padding scheme and cannot be used with any other cipher modes or padding schemes.

Re: Question 2

In the same document, in the section Using Password-Based Encryption, you will find the following sample code. Keep in mind that the sample code uses a static salt, but a secure implementation would use generate a random salt each time the user changes their password.

PBEKeySpec pbeKeySpec;
PBEParameterSpec pbeParamSpec;
SecretKeyFactory keyFac;

// Salt
byte[] salt = {
    (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
    (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
};

// Iteration count
int count = 20;

// Create PBE parameter set
pbeParamSpec = new PBEParameterSpec(salt, count);

// Prompt user for encryption password.
// Collect user password as char array (using the
// readPasswd method from above), and convert
// it into a SecretKey object, using a PBE key
// factory.
System.out.print(Enter encryption password:  );
System.out.flush();
pbeKeySpec = new PBEKeySpec(readPasswd(System.in));
keyFac = SecretKeyFactory.getInstance(PBEWithMD5AndDES);
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

// Create PBE Cipher
Cipher pbeCipher = Cipher.getInstance(PBEWithMD5AndDES);

// Initialize PBE Cipher with key and parameters
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

// Our cleartext
byte[] cleartext = This is another example.getBytes();

// Encrypt the cleartext
byte[] ciphertext = pbeCipher.doFinal(cleartext);

Other Algorithms

Again, from the same page. Really, I recommend you read through the whole thing, as it will probably answer other questions you have, as well

PBEWith<digest>And<encryption> or PBEWith<prf>And<encryption>: Secret-key factory for use with PKCS #5 password-based encryption, where <digest> is a message digest, <prf> is a pseudo-random function, and <encryption> is an encryption algorithm. Examples: PBEWithMD5AndDES (PKCS #5, v 1.5) and PBEWithHmacSHA1AndDESede (PKCS #5, v 2.0). Note: These both use only the low order 8 bits of each password character.

c++ – What is the algorithm name for PKCS#5 PBKDF1 in Java?

Leave a Reply

Your email address will not be published.