List of usage examples for javax.crypto.spec PBEKeySpec clearPassword
public final void clearPassword()
From source file:edu.ku.brc.helpers.Encryption.java
/** * Decrypt the string from its array of bytes * @param input the actual string (in bytes) that is to be decrypted * @param password a password, which is really any string, but must be the same string that was used to encrypt it. * @return a byte array of the decrypted chars * @throws Exception in case something goes wrong *//* ww w . ja v a2s .c om*/ public static byte[] decrypt(final byte[] input, final char[] password) throws Exception { /* * The first SALT_LENGTH bytes of the input ciphertext are actually the salt, not the * ciphertext. */ byte[] salt = new byte[SALT_LENGTH]; System.arraycopy(input, 0, salt, 0, SALT_LENGTH); /* * We can now create a key from our salt (extracted just above), password, and iteration * count. Same procedure to create the key as in Encryption(). */ PBEKeySpec keyspec = new PBEKeySpec(password, salt, ITERATION_COUNT); SecretKeyFactory skf = SecretKeyFactory.getInstance(ALGORITHM); SecretKey key = skf.generateSecret(keyspec); /* * Once again, create a PBEParameterSpec object and a Cipher object. */ PBEParameterSpec paramspec = new PBEParameterSpec(salt, ITERATION_COUNT); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, key, paramspec); /* * Decrypt the data. The parameters we pass into doFinal() instruct it to skip the first * SALT_LENGTH bytes of input (which are actually the salt), and then to Encryption the next * (length - SALT_LENGTH) bytes, which are the real ciphertext. */ byte[] output = cipher.doFinal(input, SALT_LENGTH, input.length - SALT_LENGTH); /* Clear the password and return the generated plaintext. */ keyspec.clearPassword(); return output; }
From source file:edu.ku.brc.helpers.Encryption.java
/** * Encrypts the string from its array of bytes * @param input the actual string (in bytes) that is to be encrypted * @param password a password, which is really any string, but must be the same string that was used to decrypt it. * @return a byte array of the encrypted chars * @throws Exception in case something goes wrong *///from ww w .java2 s . com public static byte[] encrypt(byte[] input, char[] password) throws Exception { /* * Get ourselves a random number generator, needed in a number of places for encrypting. */ SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); //$NON-NLS-1$ /* * A "salt" is considered an essential part of password-based encryption. The salt is * selected at random for each encryption. It is not considered "sensitive", so it is tacked * onto the generated ciphertext without any special processing. It doesn't matter if an * attacker actually gets the salt. The salt is used as part of the key, with the very * useful result that if you Encryption the same plaintext with the same password twice, you * get *different* ciphertexts. There are lots of pages on the 'net with information about * salts and password-based encryption, so read them if you want more details. Suffice to * say salt=good, no salt=bad. */ byte[] salt = new byte[SALT_LENGTH]; sr.nextBytes(salt); /* * We've now got enough information to build the actual key. We do this by encapsulating the * variables in a PBEKeySpec and using a SecretKeyFactory to transform the spec into a key. */ PBEKeySpec keyspec = new PBEKeySpec(password, salt, ITERATION_COUNT); SecretKeyFactory skf = SecretKeyFactory.getInstance(ALGORITHM); SecretKey key = skf.generateSecret(keyspec); /* * We'll use a ByteArrayOutputStream to conveniently gather up data as it's encrypted. */ ByteArrayOutputStream baos = new ByteArrayOutputStream(); /* * We've to a key, but to actually Encryption something, we need a "cipher". The cipher is * created, then initialized with the key, salt, and iteration count. We use a * PBEParameterSpec to hold the salt and iteration count needed by the Cipher object. */ PBEParameterSpec paramspec = new PBEParameterSpec(salt, ITERATION_COUNT); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, key, paramspec, sr); /* * First, in our output, we need to save the salt in plain unencrypted form. */ baos.write(salt); /* * Next, Encryption our plaintext using the Cipher object, and write it into our output buffer. */ baos.write(cipher.doFinal(input)); /* * We're done. For security reasons, we probably want the PBEKeySpec object to clear its * internal copy of the password, so it can't be stolen later. */ keyspec.clearPassword(); return baos.toByteArray(); }
From source file:org.nuxeo.ecm.core.blob.binary.AESBinaryManager.java
/** * Generates an AES key from the password using PBKDF2. * * @param salt the salt//from w ww . j a v a 2 s. c om */ protected Key generateSecretKey(byte[] salt) throws GeneralSecurityException { char[] password = getPassword(); SecretKeyFactory factory = SecretKeyFactory.getInstance(PBKDF2_WITH_HMAC_SHA1); PBEKeySpec spec = new PBEKeySpec(password, salt, PBKDF2_ITERATIONS, PBKDF2_KEY_LENGTH); clearPassword(password); Key derived = factory.generateSecret(spec); spec.clearPassword(); return new SecretKeySpec(derived.getEncoded(), AES); }