The two typical methods use to derive an AES key from a password are:
Using the raw bytes of the password. This option is not very strong (subject to trivial dictionary attacks) and relies on the password being exactly 128/192/256 bits.
Deriving the key using a function, such as PBKDF2.
You need to find out how the key is derived. The two options in code are:
Raw Bytes
SecretKey aesKey = new SecretKeySpec(password.getBytes(someCharset), "AES");
Derivation Function
Example PBKDF2:
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
SecretKey aesKey = factory.generateSecret(new PBEKeySpec(password, salt,
iterations, 256));
The salt
value is a random byte array (i.e. perhaps eight bytes). The iterations
can be increased to improve security at the expense of performance.