使用JCE / JCA从主密钥导出密钥 [英] Deriving a secret from a master key using JCE/JCA
本文介绍了使用JCE / JCA从主密钥导出密钥的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有些人可能指向正确的方向吗?
我想使用JCE / JCA从主密钥导出新密钥,我如何
解决方案
JCA提供标准密码的密钥派生函数,如 PKCS#5 v2.0中定义的PBKDF2 < a>和 RFC 2898 。该算法从主秘密(密码)创建一些随机材料,以便生成适合于给定密码的密钥。
public byte [] derivedKey(String password,byte [] salt,int keyLen){
SecretKeyFactory kf = SecretKeyFactory .getInstance(PBKDF2WithHmacSHA1);
KeySpec specs = new PBEKeySpec(password.toCharArray(),salt,1024,keyLen);
SecretKey key = kf.generateSecret(specs);
return key.getEncoded();
}
public byte [] encrypt(String password,byte [] plaintext){
byte [] salt = new byte [64]
Random rnd = new Random();
rnd.nextByte(salt);
byte [] data = derivKey(password,salt,192);
SecretKey desKey = SecretKeyFactory.getInstance(DESede)。generateSecret(new DESedeKeySpec(data));
Cipher cipher = Cipher.getInstance(DESede / CBC / PKCS5Padding);
cipher.init(Cipher.ENCRYPT_MODE,desKey);
return cipher.doFinal(plaintext);
}
Can some point me in the right direction?
I'd like to use JCE/JCA to derive a new key from a master secret key, How can I achieve this?
Regards.
解决方案
The JCA provides standard password-based key derivation functions like PBKDF2 defined in PKCS#5 v2.0 and RFC 2898. This algorithm creates some random material from a master secret (a password) in order to generate a key suitable for a given cipher.
public byte[] deriveKey(String password, byte[] salt, int keyLen) {
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec specs = new PBEKeySpec(password.toCharArray(), salt, 1024, keyLen);
SecretKey key = kf.generateSecret(specs);
return key.getEncoded();
}
public byte[] encrypt(String password, byte[] plaintext) {
byte[] salt = new byte[64];
Random rnd = new Random();
rnd.nextByte(salt);
byte[] data = deriveKey(password, salt, 192);
SecretKey desKey = SecretKeyFactory.getInstance("DESede").generateSecret(new DESedeKeySpec(data));
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, desKey);
return cipher.doFinal(plaintext);
}
这篇关于使用JCE / JCA从主密钥导出密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
