at.favre.lib.crypto.bkdf

Class KeyDerivationFunction.Default

java.lang.Object

at.favre.lib.crypto.bkdf.KeyDerivationFunction.Default

All Implemented Interfaces:

KeyDerivationFunction

Enclosing interface:

KeyDerivationFunction

public static class KeyDerivationFunction.Default
extends Object
implements KeyDerivationFunction

Default implementation

Nested Class Summary

Nested classes/interfaces inherited from interface at.favre.lib.crypto.bkdf.KeyDerivationFunction

KeyDerivationFunction.Default

Constructor Summary

Constructors

Constructor and Description
Default(Version version)

Method Summary

Modifier and Type	Method and Description
byte[]	derive(byte[] salt, byte[] ikm, int costFactor, byte[] infoParam, int outLengthByte) Derive high entropy key material from given salt, user password.
byte[]	derive(byte[] salt, char[] password, int costFactor, byte[] infoParam, int outLengthByte) Derive high entropy key material from given salt, user password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Default

public Default(Version version)

Method Detail

derive

public byte[] derive(byte[] salt,
                     char[] password,
                     int costFactor,
                     byte[] infoParam,
                     int outLengthByte)

Description copied from interface: KeyDerivationFunction

Derive high entropy key material from given salt, user password.

The output key material can be used as secret key like that:

     byte[] okm = kdf.derive(...);
     SecretKey secretKey = new SecretKeySpec(okm,"AES");
 

This will create a AES key from the okm (output key material).

Specified by:

derive in interface KeyDerivationFunction

Parameters:

salt - at least 16 byte long nonce (number used once); salt is not required to be secret

password - user provided password

costFactor - exponential cost (log2 factor) between 4 and 31 e.g. 12 --> 2^12 = 4,096 iterations (higher == slower == more secure)

infoParam - optional parameter that can be used to pin the key material to a specific context (e.g. creating a MAC and AES key from same password, just pass "mac".getBytes() and "aes".getBytes() as parameter. Can be null.

outLengthByte - how many bytes long the resulting key material should be (usually 16 or 32 bytes)

Returns:

raw output key material

derive

public byte[] derive(byte[] salt,
                     byte[] ikm,
                     int costFactor,
                     byte[] infoParam,
                     int outLengthByte)

Description copied from interface: KeyDerivationFunction

Derive high entropy key material from given salt, user password.

The output key material can be used as secret key like that:

     byte[] okm = kdf.derive(...);
     SecretKey secretKey = new SecretKeySpec(okm,"AES");
 

This will create a AES key from the okm (output key material).

Specified by:

derive in interface KeyDerivationFunction

Parameters:

salt - at least 16 byte long nonce (number used once); salt is not required to be secret

ikm - user provided password as byte array or other password reheated entropy

costFactor - exponential cost (log2 factor) between 4 and 31 e.g. 12 --> 2^12 = 4,096 iterations (higher == slower == more secure)

infoParam - optional parameter that can be used to pin the key material to a specific context (e.g. creating a MAC and AES key from same password, just pass "mac".getBytes() and "aes".getBytes() as parameter. Can be null.

outLengthByte - how many bytes long the resulting key material should be (usually 16 or 32 bytes)

Returns:

raw output key material