开发者

What's happening in the line of code?

What's happening in this line of code ?

SecretKeyFactory facto开发者_开发百科ry = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

I specially don't understand getInstance("PBKDF2WithHmacSHA1") part


This funky looking string defines the secret-key algorithm to be used. It is:

PBKDF2WithHmacSHA1
PBKDF2 With Hmac SHA1
  • the PBKDF2 function (from PKCS#5 version 2.0)
  • which will be using SHA-1 HMAC for its pseudo-random number generator

References:
We find similar algorithm names in Java Crypto Extension Guide Appending A, somehow PKCS5 version 2 may not have been available/documented then (or indeed as suggested by brianegge, may be a matter of export restriction, a common issue with cryptographic items).
The algorithm name does show up in RFC3962 (AES for Kerberos) which may not be the very application you have in mind, but defined, all the same)


Different distributions of Java contain different crypto. This is due to export restrictions and patents. The line of code is requesting a factory which can create that type of key.

Specifically, PBKDF2WithHmacSHA1 constructs secret keys using the Password-Based Key Derivation Function function found in PKCS5 v2.0.


"PBKDF2" is a function defined in PKCS #5 used to derive key material from a password.

PBKDF2 requires a pseudo-random function, and in this case, a message authentication code based on the SHA-1 hash is used—"HmacSHA1".

So, this line is creating a factory. The factory might produce SecretKey objects that can be used to key a Cipher instance for a symmetric encryption algorithm or a Mac algorithm. Or, it can be used to make a "transparent" specification of an existing SecretKey.

One important thing to note about PBKDF2 is that it doesn't produce secret keys for any particular algorithm. It's a deterministic way to generate key "material" from a seed (a password), in such a way that the seed cannot be recovered from the generated key. Once the required number of bytes are generated, they are usually wrapped in a SecretKeySpec with the correct algorithm name.

You can see other standard names for secret key factories in the Java Crypto Architecture Standard Names documentation.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜