Java源码示例:org.bouncycastle.crypto.PBEParametersGenerator
示例1
public void init( String pwStr, int keySize, byte[] salt, byte[] pwVerification ) throws ZipException {
byte[] pwBytes = pwStr.getBytes();
super.saltBytes = salt;
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init( pwBytes, salt, ITERATION_COUNT );
cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT*2 + 16);
byte[] keyBytes = ((KeyParameter)cipherParameters).getKey();
this.cryptoKeyBytes = new byte[ KEY_SIZE_BYTE ];
System.arraycopy( keyBytes, 0, cryptoKeyBytes, 0, KEY_SIZE_BYTE );
this.authenticationCodeBytes = new byte[ KEY_SIZE_BYTE ];
System.arraycopy( keyBytes, KEY_SIZE_BYTE, authenticationCodeBytes, 0, KEY_SIZE_BYTE );
// based on SALT + PASSWORD (password is probably correct)
this.pwVerificationBytes = new byte[ 2 ];
System.arraycopy( keyBytes, KEY_SIZE_BYTE*2, this.pwVerificationBytes, 0, 2 );
if( !ByteArrayHelper.isEqual( this.pwVerificationBytes, pwVerification ) ) {
throw new ZipException("wrong password - " + ByteArrayHelper.toString(this.pwVerificationBytes) + "/ " + ByteArrayHelper.toString(pwVerification));
}
// create the first 16 bytes of the key sequence again (using pw+salt)
generator.init( pwBytes, salt, ITERATION_COUNT );
cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT);
// checksum added to the end of the encrypted data, update on each encryption call
this.mac = new HMac( new SHA1Digest() );
mac.init( new KeyParameter(authenticationCodeBytes) );
this.aesCipher = new SICBlockCipher(new AESEngine());
this.blockSize = aesCipher.getBlockSize();
// incremented on each 16 byte block and used as encryption NONCE (ivBytes)
nonce = 1;
}
示例2
public String encode(String password, byte[] salt, int rounds)
throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToBytes(
password.toCharArray()),
salt,
rounds);
return format("%s:%s:%d", encode(salt),
encode(((KeyParameter)generator.generateDerivedParameters(s_keylen)).getKey()), rounds);
}
示例3
public static byte[] stretchPassword(char[] password, int keyLength, byte[] salt) {
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), salt, 1000);
KeyParameter params = (KeyParameter)generator.generateDerivedParameters(keyLength);
return params.getKey();
}
示例4
/**
* Setup AES encryption based on pwBytes using WinZipAES approach
* with SALT and pwVerification bytes based on password+salt.
*/
public void init( String pwStr, int keySize ) throws ZipException {
byte[] pwBytes = pwStr.getBytes();
PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
this.saltBytes = createSalt();
generator.init( pwBytes, saltBytes, ITERATION_COUNT );
// create 2 byte[16] for two keys and one byte[2] for pwVerification
// 1. encryption / 2. athentication (via HMAC/hash) /
cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT*2 + 16);
byte[] keyBytes = ((KeyParameter)cipherParameters).getKey();
this.cryptoKeyBytes = new byte[ KEY_SIZE_BYTE ];
System.arraycopy( keyBytes, 0, cryptoKeyBytes, 0, KEY_SIZE_BYTE );
this.authenticationCodeBytes = new byte[ KEY_SIZE_BYTE ];
System.arraycopy( keyBytes, KEY_SIZE_BYTE, authenticationCodeBytes, 0, KEY_SIZE_BYTE );
// based on SALT + PASSWORD (password is probably correct)
this.pwVerificationBytes = new byte[ 2 ];
System.arraycopy( keyBytes, KEY_SIZE_BYTE*2, pwVerificationBytes, 0, 2 );
// create the first 16 bytes of the key sequence again (using pw+salt)
generator.init( pwBytes, saltBytes, ITERATION_COUNT );
cipherParameters = generator.generateDerivedParameters(KEY_SIZE_BIT);
// checksum added to the end of the encrypted data, update on each encryption call
this.mac = new HMac( new SHA1Digest() );
mac.init( new KeyParameter(authenticationCodeBytes) );
this.aesCipher = new SICBlockCipher(new AESEngine());
this.blockSize = aesCipher.getBlockSize();
// incremented on each 16 byte block and used as encryption NONCE (ivBytes)
nonce = 1;
if( LOG.isLoggable(Level.FINEST) ) {
LOG.finest( "pwBytes = " + ByteArrayHelper.toString(pwBytes) + " - " + pwBytes.length );
LOG.finest( "salt = " + ByteArrayHelper.toString(saltBytes) + " - " + saltBytes.length );
LOG.finest( "pwVerif = " + ByteArrayHelper.toString(pwVerificationBytes) + " - " + pwVerificationBytes.length );
}
}
