Package com.nimbusds.jose.crypto.impl
Class PBKDF2
java.lang.Object
com.nimbusds.jose.crypto.impl.PBKDF2
Password-Based Key Derivation Function 2 (PBKDF2) utilities. Provides static
methods to generate Key Encryption Keys (KEK) from passwords. Adopted from
jose4j by Brian Campbell.
- Version:
- 2021-07-03
- Author:
- Brian Campbell, Yavor Vassilev, Vladimir Dzhuvinov
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
The minimum salt length (8 bytes). -
Method Summary
Modifier and TypeMethodDescriptionstatic SecretKey
Derives a PBKDF2 key from the specified password and parameters.static byte[]
formatSalt
(JWEAlgorithm alg, byte[] salt) Formats the specified cryptographic salt for use in PBKDF2.
-
Field Details
-
MIN_SALT_LENGTH
The minimum salt length (8 bytes).- See Also:
-
-
Method Details
-
formatSalt
Formats the specified cryptographic salt for use in PBKDF2.UTF8(JWE-alg) || 0x00 || Salt Input
- Parameters:
alg
- The JWE algorithm. Must not benull
.salt
- The cryptographic salt. Must be at least 8 bytes long.- Returns:
- The formatted salt for use in PBKDF2.
- Throws:
JOSEException
- If formatting failed.
-
deriveKey
public static SecretKey deriveKey(byte[] password, byte[] formattedSalt, int iterationCount, PRFParams prfParams) throws JOSEException Derives a PBKDF2 key from the specified password and parameters.- Parameters:
password
- The password. Must not benull
.formattedSalt
- The formatted cryptographic salt. Must not benull
.iterationCount
- The iteration count. Must be a positive integer.prfParams
- The Pseudo-Random Function (PRF) parameters. Must not benull
.- Returns:
- The derived secret key (with "AES" algorithm).
- Throws:
JOSEException
- If the key derivation failed.
-