Reliable implementation of PBKDF2-HMAC-SHA256 for JAVA

Question

UPDATED 2019: Bouncycastle now support PBKDF2-HMAC-SHA256 since bouncycastle 1.60

---

Is there any reliable implementation of PBKDF2-HMAC-SHA256 for JAVA?

I used to encrypt using bouncycastle but it does not provide PBKDF2WithHmacSHA256'.

I do not want to write crypto module by myself.

Could you recommend any alternative library or algorithm (if i can stick with bouncycastle)

(here are the algorithms that bouncycastle supports) http://www.bouncycastle.org/specifications.html

Answer 1

Using BouncyCastle classes directly:

PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
gen.init("password".getBytes("UTF-8"), "salt".getBytes(), 4096);
byte[] dk = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();

Answer 2

It is available in Java 8:

public static byte[] getEncryptedPassword(
                                         String password,
                                         byte[] salt,
                                         int iterations,
                                         int derivedKeyLength
                                         ) throws NoSuchAlgorithmException, InvalidKeySpecException {
    KeySpec spec = new PBEKeySpec(
                                 password.toCharArray(),
                                 salt,
                                 iterations,
                                 derivedKeyLength * 8
                                 );

    SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

    return f.generateSecret(spec).getEncoded();
}

Answer 3

Using spongycastle (java on android)

Replace spongycastle with bouncycastle if you are using bouncycastle on java directly

import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.params.KeyParameter;

public class Crypto {
    public String pbkdf2(String secret, String salt, int iterations, int keyLength) {
        PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
        byte[] secretData = secret.getBytes();
        byte[] saltData = salt.getBytes();
        gen.init(secretData, saltData, iterations);
        byte[] derivedKey = ((KeyParameter)gen.generateDerivedParameters(keyLength * 8)).getKey();    
        return toHex(derivedKey);
    }

    private static String toHex(byte[] bytes) {
        BigInteger bi = new BigInteger(1, bytes);
        return String.format("%0" + (bytes.length << 1) + "x", bi);
    }
}

Answer 4

If you are having spring boot setup, it is available in crypto library

org.springframework.security.crypto.password.Pbkdf2PasswordEncoder

Pbkdf2PasswordEncoder pbkdf2PasswordEncoder = new Pbkdf2PasswordEncoder();
pbkdf2PasswordEncoder.encode(password)

Internally it uses PBEKeySpec with the advantage of that the parameters are autoconfigured. You can also set the parameters.

Also it uses random salt so that it is quire hard to break it. To check the match, use pbkdf2PasswordEncoder.matches(rawPassword, password);