Class Pbkdf2
java.lang.Object
cloud.opencode.base.crypto.kdf.Pbkdf2
- All Implemented Interfaces:
KdfEngine
PBKDF2 (Password-Based Key Derivation Function 2) implementation - PKCS #5 v2.0 standard KDF
PBKDF2 密钥派生函数实现 - PKCS #5 v2.0 标准 KDF
Features | 主要功能:
- PBKDF2 key derivation - PBKDF2 密钥派生
- OWASP recommended configuration - OWASP 推荐配置
Usage Examples | 使用示例:
Pbkdf2 pbkdf2 = Pbkdf2.owaspRecommended();
byte[] key = pbkdf2.deriveKey(password, salt, 32);
Security | 安全性:
- Thread-safe: Yes - 线程安全: 是
- Null-safe: Yes - 空值安全: 是
- Since:
- JDK 25, opencode-base-crypto V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionbyte[]derive(byte[] inputKeyMaterial, byte[] salt, byte[] info, int length) Derives a key from input key material with salt and info parameters 使用盐值和信息参数从输入密钥材料派生密钥byte[]derive(byte[] inputKeyMaterial, int length) Derives a key from input key material with default parameters 使用默认参数从输入密钥材料派生密钥byte[]deriveKey(char[] password, byte[] salt, int keyLength) Derives a key from a password and salt 从密码和盐值派生密钥byte[]deriveKey(char[] password, byte[] salt, int keyLength, int iterations) Derives a key from a password and salt with custom iteration count 使用自定义迭代次数从密码和盐值派生密钥byte[]Generates a cryptographically secure random salt 生成密码学安全的随机盐值byte[]generateSalt(int length) Generates a cryptographically secure random salt with specified length 生成指定长度的密码学安全的随机盐值Returns the algorithm name of this KDF 返回此 KDF 的算法名称intGets the iteration count 获取迭代次数static intGets the OWASP recommended iteration count for PBKDF2-HMAC-SHA256 获取 OWASP 推荐的 PBKDF2-HMAC-SHA256 迭代次数static intGets the OWASP recommended iteration count for PBKDF2-HMAC-SHA512 获取 OWASP 推荐的 PBKDF2-HMAC-SHA512 迭代次数static Pbkdf2hmacSha256(int iterations) Creates PBKDF2 instance using HMAC-SHA256 with specified iterations 创建使用 HMAC-SHA256 和指定迭代次数的 PBKDF2 实例static Pbkdf2hmacSha512(int iterations) Creates PBKDF2 instance using HMAC-SHA512 with specified iterations 创建使用 HMAC-SHA512 和指定迭代次数的 PBKDF2 实例static Pbkdf2Creates PBKDF2 instance with OWASP recommended parameters (2023) Uses PBKDF2-HMAC-SHA256 with 600,000 iterations 创建使用 OWASP 推荐参数的 PBKDF2 实例(2023) 使用 PBKDF2-HMAC-SHA256 和 600,000 次迭代
-
Method Details
-
hmacSha256
Creates PBKDF2 instance using HMAC-SHA256 with specified iterations 创建使用 HMAC-SHA256 和指定迭代次数的 PBKDF2 实例- Parameters:
iterations- the number of iterations (must be positive)- Returns:
- new Pbkdf2 instance
- Throws:
IllegalArgumentException- if iterations is not positive
-
hmacSha512
Creates PBKDF2 instance using HMAC-SHA512 with specified iterations 创建使用 HMAC-SHA512 和指定迭代次数的 PBKDF2 实例- Parameters:
iterations- the number of iterations (must be positive)- Returns:
- new Pbkdf2 instance
- Throws:
IllegalArgumentException- if iterations is not positive
-
owaspRecommended
Creates PBKDF2 instance with OWASP recommended parameters (2023) Uses PBKDF2-HMAC-SHA256 with 600,000 iterations 创建使用 OWASP 推荐参数的 PBKDF2 实例(2023) 使用 PBKDF2-HMAC-SHA256 和 600,000 次迭代- Returns:
- new Pbkdf2 instance with OWASP recommended settings
-
generateSalt
public byte[] generateSalt()Generates a cryptographically secure random salt 生成密码学安全的随机盐值- Returns:
- random salt byte array (16 bytes)
-
generateSalt
public byte[] generateSalt(int length) Generates a cryptographically secure random salt with specified length 生成指定长度的密码学安全的随机盐值- Parameters:
length- the salt length in bytes- Returns:
- random salt byte array
- Throws:
IllegalArgumentException- if length is not positive
-
deriveKey
public byte[] deriveKey(char[] password, byte[] salt, int keyLength) Derives a key from a password and salt 从密码和盐值派生密钥- Parameters:
password- the password as char array (will not be modified)salt- the salt valuekeyLength- the desired key length in bytes- Returns:
- the derived key
- Throws:
NullPointerException- if password or salt is nullIllegalArgumentException- if keyLength is not positiveOpenCryptoException- if derivation fails
-
deriveKey
public byte[] deriveKey(char[] password, byte[] salt, int keyLength, int iterations) Derives a key from a password and salt with custom iteration count 使用自定义迭代次数从密码和盐值派生密钥- Parameters:
password- the password as char array (will not be modified)salt- the salt valuekeyLength- the desired key length in bytesiterations- the number of iterations- Returns:
- the derived key
- Throws:
NullPointerException- if password or salt is nullIllegalArgumentException- if keyLength or iterations is not positiveOpenCryptoException- if derivation fails
-
derive
public byte[] derive(byte[] inputKeyMaterial, byte[] salt, byte[] info, int length) Description copied from interface:KdfEngineDerives a key from input key material with salt and info parameters 使用盐值和信息参数从输入密钥材料派生密钥- Specified by:
derivein interfaceKdfEngine- Parameters:
inputKeyMaterial- the input key material (IKM)salt- the salt value (can be null or empty for some algorithms)info- the context and application specific information (can be null)length- the desired output key length in bytes- Returns:
- the derived key
-
derive
public byte[] derive(byte[] inputKeyMaterial, int length) Description copied from interface:KdfEngineDerives a key from input key material with default parameters 使用默认参数从输入密钥材料派生密钥 -
getAlgorithm
Description copied from interface:KdfEngineReturns the algorithm name of this KDF 返回此 KDF 的算法名称- Specified by:
getAlgorithmin interfaceKdfEngine- Returns:
- the algorithm name
-
getIterations
public int getIterations()Gets the iteration count 获取迭代次数- Returns:
- the number of iterations
-
getOwaspIterations
public static int getOwaspIterations()Gets the OWASP recommended iteration count for PBKDF2-HMAC-SHA256 获取 OWASP 推荐的 PBKDF2-HMAC-SHA256 迭代次数- Returns:
- the OWASP recommended iterations (600,000 as of 2023)
-
getOwaspSha512Iterations
public static int getOwaspSha512Iterations()Gets the OWASP recommended iteration count for PBKDF2-HMAC-SHA512 获取 OWASP 推荐的 PBKDF2-HMAC-SHA512 迭代次数- Returns:
- the OWASP recommended iterations (210,000 as of 2023)
-