Package com.nimbusds.jose.crypto.impl

Class PBKDF2

  • public class PBKDF2
extends java.lang.Object
    Password-Based Key Derivation Function 2 (PBKDF2) utilities. Provides static methods to generate Key Encryption Keys (KEK) from passwords. Adopted from jose4j by Brian Campbell.
    Version:
    2021-07-03
    Author:
    Brian Campbell, Yavor Vassilev, Vladimir Dzhuvinov

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int MIN_SALT_LENGTH
      The minimum salt length (8 bytes).

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.crypto.SecretKey deriveKey​(byte[] password, byte[] formattedSalt, int iterationCount, PRFParams prfParams)
      Derives a PBKDF2 key from the specified password and parameters.
      static byte[] formatSalt​(JWEAlgorithm alg, byte[] salt)
      Formats the specified cryptographic salt for use in PBKDF2.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • MIN_SALT_LENGTH

        public static final int MIN_SALT_LENGTH
        The minimum salt length (8 bytes).
        See Also:
        Constant Field Values

    • Method Detail

      • formatSalt

        public static byte[] formatSalt​(JWEAlgorithm alg,
                                byte[] salt)
                         throws JOSEException
        Formats the specified cryptographic salt for use in PBKDF2. 
         UTF8(JWE-alg) || 0x00 || Salt Input
        Parameters:
        alg - The JWE algorithm. Must not be null.
        salt - The cryptographic salt. Must be at least 8 bytes long.
        Returns:
        The formatted salt for use in PBKDF2.
        Throws:
        JOSEException - If formatting failed.

      • deriveKey

        public static javax.crypto.SecretKey deriveKey​(byte[] password,
                                               byte[] formattedSalt,
                                               int iterationCount,
                                               PRFParams prfParams)
                                        throws JOSEException
        Derives a PBKDF2 key from the specified password and parameters.
        Parameters:
        password - The password. Must not be null.
        formattedSalt - The formatted cryptographic salt. Must not be null.
        iterationCount - The iteration count. Must be a positive integer.
        prfParams - The Pseudo-Random Function (PRF) parameters. Must not be null.
        Returns:
        The derived secret key (with "AES" algorithm).
        Throws:
        JOSEException - If the key derivation failed.