Java Code Examples for javax.crypto.spec.PBEKeySpec#clearPassword()
The following examples show how to use
javax.crypto.spec.PBEKeySpec#clearPassword() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RangerKeyStore.java From ranger with Apache License 2.0 | 6 votes |
|
private Key unsealKey(SealedObject sealedKey, char[] password) throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStore.unsealKey()");
}
// Create SecretKey
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
pbeKeySpec.clearPassword();
// Get the AlgorithmParameters from RangerSealedObject
AlgorithmParameters algorithmParameters = null;
if (sealedKey instanceof RangerSealedObject) {
algorithmParameters = ((RangerSealedObject) sealedKey).getParameters();
} else {
algorithmParameters = new RangerSealedObject(sealedKey).getParameters();
}
// Unseal the Key
Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, secretKey, algorithmParameters);
if (logger.isDebugEnabled()) {
logger.debug("<== RangerKeyStore.unsealKey()");
}
return (Key) sealedKey.getObject(cipher);
}
Example 2
| Source File: UserRegistryImpl.java From openhab-core with Eclipse Public License 2.0 | 6 votes |
|
private Optional<String> hashPassword(String password, String salt) {
char[] chars = password.toCharArray();
byte[] bytes = salt.getBytes();
PBEKeySpec spec = new PBEKeySpec(chars, bytes, ITERATIONS, KEY_LENGTH);
Arrays.fill(chars, Character.MIN_VALUE);
try {
SecretKeyFactory fac = SecretKeyFactory.getInstance(ALGORITHM);
byte[] securePassword = fac.generateSecret(spec).getEncoded();
return Optional.of(Base64.getEncoder().encodeToString(securePassword));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
logger.error("Exception encountered in hashPassword", e);
return Optional.empty();
} finally {
spec.clearPassword();
}
}
Example 3
| Source File: PKCS12KeyStore.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 4
| Source File: PBEKeySpecTest.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* clearPassword() method testing. Tests that internal copy of password
* is cleared after the method call.
*/
public void testClearPassword() {
char[] password = new char[] {'1', '2', '3', '4', '5'};
PBEKeySpec pbeks = new PBEKeySpec(password);
pbeks.clearPassword();
try {
pbeks.getPassword();
fail("An IllegalStateException should be was thrown "
+ "after the clearing the password.");
} catch (IllegalStateException e) {
}
}
Example 5
| Source File: PinHelper.java From android-pin with MIT License | 5 votes |
|
private static byte[] hash(char[] pin, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
PBEKeySpec spec = new PBEKeySpec(pin, salt, ROUNDS, KEY_LEN);
Arrays.fill(pin, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance(KEY_ALGORITHM);
return skf.generateSecret(spec).getEncoded();
} finally {
spec.clearPassword();
}
}
Example 6
| Source File: PKCS12KeyStore.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 7
| Source File: PKCS12KeyStore.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 8
| Source File: PasswordAuthentication.java From auction-website with MIT License | 5 votes |
|
public static byte[] hash(char[] password, byte[] salt) {
PBEKeySpec spec = new PBEKeySpec(password, salt, 5000, 128);
Arrays.fill(password, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return skf.generateSecret(spec).getEncoded();
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new AssertionError("Error while hashing a password: " + e.getMessage(), e);
} finally {
spec.clearPassword();
}
}
Example 9
| Source File: PKCS12KeyStore.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 10
| Source File: PKCS12KeyStore.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 11
| Source File: PasswordBasedEncryption.java From xipki with Apache License 2.0 | 5 votes |
|
/**
* Encrypts the message using password based encryption.
* @param algo
* the encryption algorithm
* @param plaintext
* the message to be encrypted
* @param password
* the password
* @param iterationCount
* the iteration count
* @param salt
* the salt
* @return iv and the cipher text in form of
* len(iv) of 1 byte | iv of len(iv) bytes | cipher text.
* @throws GeneralSecurityException
* if error occurs.
*/
public static byte[] encrypt(PBEAlgo algo, byte[] plaintext, char[] password,
int iterationCount, byte[] salt) throws GeneralSecurityException {
Args.notNull(plaintext, "plaintext");
Args.notNull(password, "password");
Args.positive(iterationCount, "iterationCount");
Args.notNull(salt, "salt");
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algo.algoName());
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKey pbeKey = secretKeyFactory.generateSecret(pbeKeySpec);
Cipher cipher = Cipher.getInstance(algo.algoName());
PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(salt, iterationCount);
cipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParameterSpec);
pbeKeySpec.clearPassword();
byte[] iv = cipher.getIV();
int ivLen = (iv == null) ? 0 : iv.length;
if (ivLen > 255) {
throw new GeneralSecurityException("IV too long: " + ivLen);
}
byte[] cipherText = cipher.doFinal(plaintext);
byte[] ret = new byte[1 + ivLen + cipherText.length];
// length of IV
ret[0] = (byte) (ivLen & 0xFF);
if (ivLen > 0) {
System.arraycopy(iv, 0, ret, 1, ivLen);
}
System.arraycopy(cipherText, 0, ret, 1 + ivLen, cipherText.length);
return ret;
}
Example 12
| Source File: PKCS12KeyStore.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 13
| Source File: PKCS12KeyStore.java From Bytecoder with Apache License 2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 14
| Source File: PKCS12KeyStore.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 15
| Source File: PKCS12KeyStore.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 16
| Source File: PKCS12KeyStore.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 17
| Source File: PKCS12KeyStore.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
Example 18
| Source File: Wiper.java From Zom-Android-XMPP with GNU General Public License v3.0 | 4 votes |
|
public static void wipe(PBEKeySpec spec) {
if (spec == null)
return;
spec.clearPassword();
}
Example 19
| Source File: SecureHash.java From crate with Apache License 2.0 | 3 votes |
|
/**
* Generates the salted PBKDF2 hash of a clear-text password
*
* @param password The clear-text password of type {@link SecureString} to allow clearing after hash generation.
* @param salt Random generated bytes to prevent against attacks using rainbow tables
* @param iterations The number of times that the password is hashed during the derivation of the symmetric key.
* The higher number, the more difficult it is to brute force
* @param length Bit-length of the derived symmetric key.
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
private static byte[] pbkdf2(SecureString password, byte[] salt, int iterations, int length) throws NoSuchAlgorithmException, InvalidKeySpecException {
PBEKeySpec spec = new PBEKeySpec(password.getChars(), salt, iterations, length * 8);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(ALGORITHM);
byte[] hash = secretKeyFactory.generateSecret(spec).getEncoded();
spec.clearPassword();
return hash;
}
Example 20
| Source File: OathApplication.java From yubikit-android with Apache License 2.0 | 3 votes |
|
/**
* Passes a user-supplied UTF-8 encoded password through 1000 rounds of PBKDF2
* with the device ID from select used as salt. 16 bytes of that are used.
*
* @param password a user-supplied password
* @param salt the salt value (the deviceId returned by select command)
* @return a secret/key for authentication
* @throws InvalidKeySpecException in case of crypto operation error
* @throws NoSuchAlgorithmException in case of crypto operation error
*/
public static byte[] calculateSecret(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec keyspec = new PBEKeySpec(password.toCharArray(), salt, 1000, 128);
try {
return factory.generateSecret(keyspec).getEncoded();
} finally {
keyspec.clearPassword();
}
}
