Package com.nimbusds.jose.crypto.impl
Class PBKDF2
java.lang.Object
com.nimbusds.jose.crypto.impl.PBKDF2
Password-Based Key Derivation Function 2 (PBKDF2) utilities.
- Version:
- 2024-09-10
- Author:
- Brian Campbell, Pere Bueno Yerbes, Vladimir Dzhuvinov
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intThe minimum salt length (8 bytes). -
Method Summary
Modifier and TypeMethodDescriptionstatic SecretKeyderiveKey(byte[] password, byte[] formattedSalt, int iterationCount, PRFParams prfParams, Provider jcaProvider) Derives a PBKDF2 key from the specified password and parameters.static byte[]formatSalt(JWEAlgorithm alg, byte[] salt) Formats the specified cryptographic salt for use in PBKDF2.
-
Field Details
-
MIN_SALT_LENGTH
The minimum salt length (8 bytes).- See Also:
-
-
Method Details
-
formatSalt
Formats the specified cryptographic salt for use in PBKDF2.UTF8(JWE-alg) || 0x00 || Salt Input
- Parameters:
alg- The JWE algorithm. Must not benull.salt- The cryptographic salt. Must be at least 8 bytes long.- Returns:
- The formatted salt for use in PBKDF2.
- Throws:
JOSEException- If formatting failed.
-
deriveKey
public static SecretKey deriveKey(byte[] password, byte[] formattedSalt, int iterationCount, PRFParams prfParams, Provider jcaProvider) throws JOSEException Derives a PBKDF2 key from the specified password and parameters.- Parameters:
password- The password. Must not benull.formattedSalt- The formatted cryptographic salt. Must not benull.iterationCount- The iteration count. Must be a positive integer.prfParams- The Pseudo-Random Function (PRF) parameters. Must not benull.jcaProvider- The JCA provider,nullif not specified.- Returns:
- The derived secret key (with "AES" algorithm).
- Throws:
JOSEException- If the key derivation failed.
-