Class PKCS5DerivedKeySpec

  • All Implemented Interfaces:
    java.security.spec.KeySpec

    public class PKCS5DerivedKeySpec
    extends java.lang.Object
    implements java.security.spec.KeySpec
    Specification for a derived key as defined by PKCS#5. These derived keys take a password, salt, iteration count, and key length as arguments to a hash function for (PBKDF1-derived keys) or a pseudorandom function (PBKDF2-derived keys).

    Note that this class stores passwords as char arrays instead of String objects (which would seem more logical), because the String class is immutable and there is no way to overwrite its internal value when the password stored in it is no longer needed. Hence, this class requests the password as a char array, so it can be overwritten when done.

    • Constructor Summary

      Constructors 
      Constructor Description
      PKCS5DerivedKeySpec​(char[] pwd, byte[] salt, int iterations, int keyLength, java.lang.String function)
      Constructor that takes a password, salt, interation count, key length and key encryption function.
    • Constructor Detail

      • PKCS5DerivedKeySpec

        public PKCS5DerivedKeySpec​(char[] pwd,
                                   byte[] salt,
                                   int iterations,
                                   int keyLength,
                                   java.lang.String function)
        Constructor that takes a password, salt, interation count, key length and key encryption function.

        Note that the given password is cloned before it is stored in the new PKCS5DerivedKeySpec object.

        Parameters:
        pwd - the password.
        salt - the salt.
        iterations - the iteration count.
        keyLength - the key length.
        function - the encryption function.
    • Method Detail

      • getPassword

        public final char[] getPassword()
        Returns a clone of the password.

        Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

        Returns:
        A clone of the password
      • getSalt

        public final byte[] getSalt()
        Returns a clone of the salt.

        Note that this method returns a clone of sensitive information. It is the caller's responsibility to zero out the information after it is no longer needed.

        Returns:
        A clone of the salt
      • getIterationCount

        public final int getIterationCount()
        Returns the iteration count.
        Returns:
        the iteration count
      • getKeyLength

        public final int getKeyLength()
        Returns the key length.
        Returns:
        the key length
      • getAlgorithm

        public final java.lang.String getAlgorithm()
        Returns the algorithm that the key will be used in. Since PKCS5 derived keys have no target algorithm, null is returned.
        Returns:
        the algorithm (null for PKCS5 derived keys)
      • getEncryptionFunction

        public final java.lang.String getEncryptionFunction()
        Returns the encryption function used to encrypt the key. For PBKDF1 keys, the encryption function is a hash function like MD5, MD2 or SHA-1. For PBKDF2 keys, the encryption function is a pseudorandom function like HMACMD5 or HMACSHA1.
        Returns:
        the encryption function used to encrypt the key
      • finalize

        @Deprecated
        protected void finalize()
        Deprecated.
        Ensures that the password characters of this spec are set to blanks when there are no more references to it.
        Overrides:
        finalize in class java.lang.Object