jasypt PBKDF2 implementation

StackOverflow https://stackoverflow.com/questions/22372553

Question

In org.jasypt.encryption.pbe.StandardPBEByteEncryptor, the key derivation looks different when I compared few other key derivation functionality.

The initialize() method has below code for generating a secret key:

PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password.toCharArray());
SecretKeyFactory factory =   SecretKeyFactory.getInstance(this.algorithm);             
this.key = factory.generateSecret(pbeKeySpec);

which does not have the salt and iteration count passed into PBEKeySpec.

But the encrypt() method has below code:

PBEParameterSpec parameterSpec = new PBEParameterSpec(salt, this.keyObtentionIterations);
byte[] encyptedMessage = null;
synchronized (this.encryptCipher) {
this.encryptCipher.init(
Cipher.ENCRYPT_MODE, this.key, parameterSpec);
encyptedMessage = this.encryptCipher.doFinal(message);
}

which has the salt and iteration count passed as PBEParameterSpec.

According to PBKDF2, the secret keys are generated using a password, salt and iteration count.

In the above code key is generated first in the initialize() method and salt, iteration count are passed as PBEParameterSpec in the encrypt() method.

The question is

  1. Why the salt and iteration is used only during encrypt method is called, when it can be done inside initialize() method?

  2. What makes the difference?

I am raising this question because, due to the above implementation, encrypt() and decrypt() operations are slow when the iteration count is increased.

Thanks in advance.

Was it helpful?

Solution

The salt is applied for each encryption operation because a different salt is used for each message that is encrypted.

The initialize() method executes only once, with the information that will be common to all executions (i.e. the encryption key). Whereas the encrypt() method has to take care of the encryption parameters --iteration count and salt--, which are different (the salt is) for each encryption operation.

The only way to improve performance of those encrypt() and decrypt() operations is therefore avoiding to produce a different salt for each message being encrypted, and that means having a fixed-salt generator. Jasypt 1.9.2 includes an improvement that detects whether such salt generation strategy is being used, and in such case avoids calling Cipher#init(...) with every encryption operation. Refer to the change log for more info: http://www.jasypt.org/changelogs/jasypt/ChangeLog.txt

Disclaimer, per StackOverflow rules: I'm jasypt's author.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top