With this example we are going to demonstrate how to make PBE using a PBEParameterSpec. In short, to make a Password-Based Encryption using a PBEParameterSpec you should:
- Create three byte arrays, the first one from the String message to be encrypted, the second one to be used as a key and the third one to be used as an initialization vector.
- Create a new Cipher for the specific transformation, using an
org.bouncycastle.jce.provider.BouncyCastleProvider(), with thegetInstance(String transformation, String provider)API method. - Initialize the cipher in encryption mode, using a SecretKeySpec and a IvParameterSpec created by the specific key and initialization vector, using the
init(int opmode, Key key, AlgorithmParameterSpec params)API method of the Cipher. - Encrypt the input String.
- Create a character array of a String that will be the password, a byte array to be used as a salt and an iteration count.
- Create a new PBEKeySpec from the password.
- Create a SecretKeyFactory, using the
getInstance(String algorithm, String provider)API method, for the PBEWithSHAAnd3KeyTripleDES algorithm and the BC Provider. - Create a new Key Object, with the PBEKeySpec, using the
generate(KeySpec keySpec)API method of the SecretKeyFactory. - Create a new cipher for the PBEWithSHAAnd3KeyTripleDES algorithm, using a BC Provider.
- Initialize the cipher in decryption mode, using the new secret key and a new PBEParameterSpec instance with the salt and the iteration counter.
- Decrypt the above encrypted byte array.
Let’s take a look at the code snippet that follows:
package com.javacodegeeks.snippets.core;
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class Main {
public static void main(String[] args) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
byte[] inpStr = "www.javacodegeeks.com".getBytes();
byte[] pkey = new byte[]{0x73, 0x2f, 0x2d, 0x33, (byte) 0xc8, 0x01, 0x73, 0x2b, 0x72,
0x06, 0x75, 0x6c, (byte) 0xbd, 0x44, (byte) 0xf9, (byte) 0xc1, (byte) 0xc1, 0x03,
(byte) 0xdd, (byte) 0xd9, 0x7c, 0x7c, (byte) 0xbe, (byte) 0x8e};
byte[] iVector = new byte[]{(byte) 0xb0, 0x7b, (byte) 0xf5, 0x22, (byte) 0xc8, (byte) 0xd6,
0x08, (byte) 0xb8};
// encryption with precalculated keys
Cipher cEnc = Cipher.getInstance("DESede/CBC/PKCS7Padding", "BC");
cEnc.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(pkey, "DESede"), new IvParameterSpec(
iVector));
byte[] out = cEnc.doFinal(inpStr);
// decryption with PBE
char[] passphrase = "password".toCharArray();
byte[] saltBytes = new byte[]{0x7d, 0x60, 0x43, 0x5f, 0x02, (byte) 0xe9, (byte) 0xe0, (byte) 0xae};
int cnt = 2048;
PBEKeySpec pbe = new PBEKeySpec(passphrase);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithSHAAnd3KeyTripleDES", "BC");
Cipher cipherDec = Cipher.getInstance("PBEWithSHAAnd3KeyTripleDES", "BC");
Key skey = keyFactory.generateSecret(pbe);
cipherDec.init(Cipher.DECRYPT_MODE, skey, new PBEParameterSpec(saltBytes, cnt));
System.out.println("encrypted : " + new String(out).getBytes("UTF-8").toString());
System.out.println("generated key: " + new String(skey.getEncoded()));
System.out.println("initialization vector : " + new String(cipherDec.getIV()).getBytes("UTF-8").toString());
System.out.println("decrypted : " + new String(cipherDec.doFinal(out)));
}
}
Output:
encrypted : [B@c2380d1
generated key:
This was an example of how to make a password-based Encryption using a PBEParameterSpec in Java.
