Module ibm.crypto.hdwrcca

Package com.ibm.crypto.hdwrCCA.provider

Class PKCS5DerivedKeySpec

java.lang.Object

com.ibm.crypto.hdwrCCA.provider.PKCS5DerivedKeySpec

All Implemented Interfaces:

KeySpec

public class PKCS5DerivedKeySpec
extends Object
implements KeySpec

Specification for a derived key as defined by PKCS#5. These derived keys take a password, salt, iteration count, and key length as arguments to a hash function for (PBKDF1-derived keys) or a pseudorandom function (PBKDF2-derived keys).

Note that this class stores passwords as char arrays instead of String objects (which would seem more logical), because the String class is immutable and there is no way to overwrite its internal value when the password stored in it is no longer needed. Hence, this class requests the password as a char array, so it can be overwritten when done.

Constructor Summary

Constructors

Constructor	Description
PKCS5DerivedKeySpec(char[] pwd, byte[] salt, int iterations, int keyLength, String function)	Constructor that takes a password, salt, interation count, key length and key encryption function.

Method Summary

Modifier and Type	Method	Description
protected void	cleaner()	Call the class IBMJCECCACleaner to clean up the password characters of this spec.
final String	getAlgorithm()	Returns the algorithm that the key will be used in.
final String	getEncryptionFunction()	Returns the encryption function used to encrypt the key.
final int	getIterationCount()	Returns the iteration count.
final int	getKeyLength()	Returns the key length.
final char[]	getPassword()	Returns a clone of the password.
final byte[]	getSalt()	Returns a clone of the salt.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PKCS5DerivedKeySpec

public PKCS5DerivedKeySpec(char[] pwd,
 byte[] salt,
 int iterations,
 int keyLength,
 String function)

Constructor that takes a password, salt, interation count, key length and key encryption function.

Note that the given password is cloned before it is stored in the new PKCS5DerivedKeySpec object.

Parameters:

pwd - the password.

salt - the salt.

iterations - the iteration count.

keyLength - the key length.

function - the encryption function.

Method Details

getPassword

public final char[] getPassword()

Returns a clone of the password.

Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

Returns:

A clone of the password

getSalt

public final byte[] getSalt()

Returns a clone of the salt.

Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

Returns:

A clone of the salt

getIterationCount

public final int getIterationCount()

Returns the iteration count.

Returns:

the iteration count

getKeyLength

public final int getKeyLength()

Returns the key length.

Returns:

the key length

getAlgorithm

public final String getAlgorithm()

Returns the algorithm that the key will be used in. Since PKCS5 derived keys have no target algorithm, null is returned.

Returns:

the algorithm (null for PKCS5 derived keys)

getEncryptionFunction

public final String getEncryptionFunction()

Returns the encryption function used to encrypt the key. For PBKDF1 keys, the encryption function is a hash function like MD5, MD2 or SHA-1. For PBKDF2 keys, the encryption function is a pseudorandom function like HMACMD5 or HMACSHA1.

Returns:

the encryption function used to encrypt the key

cleaner

protected void cleaner()

Call the class IBMJCECCACleaner to clean up the password characters of this spec.