我想知道有没有办法 PBEKeySpec 使用字节数组参数。请找到以下文档的链接:http://docs.oracle.com/javase/1.7/docs/api/javax/crypto/spec/pbekeyspec.html)
PBEKeySpec
mqkwyuun1#
我必须实现一个两阶段的pbkdf2派生(因此第二个pbkdf2有来自第一个pbkdf2的字节作为输入)。我最终使用了bouncycastle,因为我无法让byte数组到char数组工作。另一个问题归功于pasi:pbkdf2-hmac-sha256 for java的可靠实现
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;import org.bouncycastle.crypto.digests.SHA256Digest;import org.bouncycastle.crypto.digests.GeneralDigest;import org.bouncycastle.crypto.params.KeyParameter;GeneraDigest algorithm = new SHA256Digest();PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(algorithm);gen.init(passwordBytes, salt, iterations);byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.GeneralDigest;
import org.bouncycastle.crypto.params.KeyParameter;
GeneraDigest algorithm = new SHA256Digest();
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(algorithm);
gen.init(passwordBytes, salt, iterations);
byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
siotufzp2#
下面是我的解决方案:我在谷歌上找到了它。请考虑我必须在内部复制密码和salt,因为它们来自外部时有另一种格式,但结果是相同的。它似乎工作,并解决了问题,有一个字节[]密码,而不是字符[](这是让我发疯)我希望它有帮助!干杯,苏斯塔
public class Pbkdf2 { public Pbkdf2() { } public void GenerateKey(final byte[] masterPassword, int masterPasswordLen, final byte[] salt, int saltLen, int iterationCount, int requestedKeyLen, byte[] generatedKey) { byte[] masterPasswordInternal = new byte[masterPasswordLen]; System.arraycopy(masterPassword, 0, masterPasswordInternal, 0, masterPasswordLen); byte[] saltInternal = new byte[saltLen]; System.arraycopy(salt, 0, saltInternal, 0, saltLen); SecretKeySpec keyspec = new SecretKeySpec(masterPasswordInternal, "HmacSHA1"); Mac prf = null; try { prf = Mac.getInstance("HmacSHA1"); prf.init(keyspec); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeyException e) { e.printStackTrace(); } int hLen = prf.getMacLength(); // 20 for SHA1 int l = Math.max(requestedKeyLen, hLen); // 1 for 128bit (16-byte) keys int r = requestedKeyLen - (l - 1) * hLen; // 16 for 128bit (16-byte) keys byte T[] = new byte[l * hLen]; int ti_offset = 0; for (int i = 1; i <= l; i++) { F(T, ti_offset, prf, saltInternal, iterationCount, i); ti_offset += hLen; } System.arraycopy(T, 0, generatedKey, 0, requestedKeyLen); } private static void F(byte[] dest, int offset, Mac prf, byte[] S, int c, int blockIndex) { final int hLen = prf.getMacLength(); byte U_r[] = new byte[hLen]; // U0 = S || INT (i); byte U_i[] = new byte[S.length + 4]; System.arraycopy(S, 0, U_i, 0, S.length); INT(U_i, S.length, blockIndex); for (int i = 0; i < c; i++) { U_i = prf.doFinal(U_i); xor(U_r, U_i); } System.arraycopy(U_r, 0, dest, offset, hLen); } private static void xor(byte[] dest, byte[] src) { for (int i = 0; i < dest.length; i++) { dest[i] ^= src[i]; } } private static void INT(byte[] dest, int offset, int i) { dest[offset + 0] = (byte) (i / (256 * 256 * 256)); dest[offset + 1] = (byte) (i / (256 * 256)); dest[offset + 2] = (byte) (i / (256)); dest[offset + 3] = (byte) (i); }}
public class Pbkdf2 {
public Pbkdf2() {
}
public void GenerateKey(final byte[] masterPassword, int masterPasswordLen,
final byte[] salt, int saltLen,
int iterationCount, int requestedKeyLen,
byte[] generatedKey) {
byte[] masterPasswordInternal = new byte[masterPasswordLen];
System.arraycopy(masterPassword, 0, masterPasswordInternal, 0, masterPasswordLen);
byte[] saltInternal = new byte[saltLen];
System.arraycopy(salt, 0, saltInternal, 0, saltLen);
SecretKeySpec keyspec = new SecretKeySpec(masterPasswordInternal, "HmacSHA1");
Mac prf = null;
try {
prf = Mac.getInstance("HmacSHA1");
prf.init(keyspec);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
int hLen = prf.getMacLength(); // 20 for SHA1
int l = Math.max(requestedKeyLen, hLen); // 1 for 128bit (16-byte) keys
int r = requestedKeyLen - (l - 1) * hLen; // 16 for 128bit (16-byte) keys
byte T[] = new byte[l * hLen];
int ti_offset = 0;
for (int i = 1; i <= l; i++) {
F(T, ti_offset, prf, saltInternal, iterationCount, i);
ti_offset += hLen;
System.arraycopy(T, 0, generatedKey, 0, requestedKeyLen);
private static void F(byte[] dest, int offset, Mac prf, byte[] S, int c, int blockIndex) {
final int hLen = prf.getMacLength();
byte U_r[] = new byte[hLen];
// U0 = S || INT (i);
byte U_i[] = new byte[S.length + 4];
System.arraycopy(S, 0, U_i, 0, S.length);
INT(U_i, S.length, blockIndex);
for (int i = 0; i < c; i++) {
U_i = prf.doFinal(U_i);
xor(U_r, U_i);
System.arraycopy(U_r, 0, dest, offset, hLen);
private static void xor(byte[] dest, byte[] src) {
for (int i = 0; i < dest.length; i++) {
dest[i] ^= src[i];
private static void INT(byte[] dest, int offset, int i) {
dest[offset + 0] = (byte) (i / (256 * 256 * 256));
dest[offset + 1] = (byte) (i / (256 * 256));
dest[offset + 2] = (byte) (i / (256));
dest[offset + 3] = (byte) (i);
pepwfjgg3#
作为java pkcs#5 KeyFactory 已指定为仅使用 PBEKeySpec ,您应该能够将字节数组转换为(16位)字符数组而不会出现问题。只需将每个字节的值复制到字符数组中,就可以进行设置。当然,我会表演的 charArray[i] = byteArray[i] & 0xFF 作为赋值语句,否则会得到非常高值的字符。这是一个丑陋的解决办法,但我看不出有任何理由它不应该工作。请注意,以上假设值0x80及以上为拉丁/windows 1252兼容编码。如果允许0x80到0xff的代码点,那么就不能使用utf-8(当然也可以是utf-16)作为编码。
KeyFactory
charArray[i] = byteArray[i] & 0xFF
3条答案
按热度按时间mqkwyuun1#
我必须实现一个两阶段的pbkdf2派生(因此第二个pbkdf2有来自第一个pbkdf2的字节作为输入)。我最终使用了bouncycastle,因为我无法让byte数组到char数组工作。另一个问题归功于pasi:pbkdf2-hmac-sha256 for java的可靠实现
siotufzp2#
下面是我的解决方案:我在谷歌上找到了它。请考虑我必须在内部复制密码和salt,因为它们来自外部时有另一种格式,但结果是相同的。它似乎工作,并解决了问题,有一个字节[]密码,而不是字符[](这是让我发疯)我希望它有帮助!干杯,苏斯塔
pepwfjgg3#
作为java pkcs#5
KeyFactory已指定为仅使用PBEKeySpec,您应该能够将字节数组转换为(16位)字符数组而不会出现问题。只需将每个字节的值复制到字符数组中,就可以进行设置。当然,我会表演的
charArray[i] = byteArray[i] & 0xFF作为赋值语句,否则会得到非常高值的字符。这是一个丑陋的解决办法,但我看不出有任何理由它不应该工作。
请注意,以上假设值0x80及以上为拉丁/windows 1252兼容编码。如果允许0x80到0xff的代码点,那么就不能使用utf-8(当然也可以是utf-16)作为编码。