Using Jasypt for password based AES encryption wit

2019-07-06 18:13发布

站内问答 / Java
442 1 5

I'm implementing an encryption mechanism where I work, and the security guy's demands are as follows:

  1. Create a 256 bit key using PBKDF2WithHmacSHA512, secret password, 256bit salt and 20000 iterations minimum.
  2. Salt should be generated using SecureRandom.getInstance("SHA1PRNG");
  3. Encrypt using AES256 with the derived key.

I'm trying to use Jasypt's StandardPBEStringEncryptor class

encryptor.setPassword(PASSWORD);
encryptor.setAlgorithm("AES/CBC/PKCS5Padding");
encryptor.setKeyObtentionIterations(20000);
encryptor.setSaltGenerator(new RandomSaltGenerator());
encryptor.encrypt("something");

When I do this I get the following exception:

java.security.NoSuchAlgorithmException: AES/CBC/PKCS5Padding SecretKeyFactory not available

Am I using Jasypt incorrectly? What am I missing here?

Thanks

1条回答
兄弟一词,经得起流年.
2楼-- · 2019-07-06 18:42

I ended up contacting Daniel Fernández who is Jasypt's lead programmer and his answer:

I’m afraid Jasypt does not offer a way to specify different algorithms for the SecretKeyFactory and the instantiation of the Cipher itself. Sorry.

I used this bit of java code for doing this (Without Jasypt):

public String encrypt(final String message) {
  final byte[] salt = generateSalt();
  final Key key = createKey(salt);

  final Cipher encryptingCipher = createCipher(Cipher.ENCRYPT_MODE, key, salt);
  final byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);
  final byte[] encryptedBytes = doFinal(encryptingCipher, messageBytes);
  final byte[] data = ArrayUtils.addAll(salt, encryptedBytes);
  return BaseEncoding.base64().encode(data);
}

private byte[] generateSalt() {
  final SecureRandom secureRandom = new SecureRandom();
  final byte[] salt = new byte[SALT_LENGTH];
  secureRandom.nextBytes(salt);
  return salt;
}

private Key createKey(final byte[] salt) {
  final PBEKeySpec spec = new PBEKeySpec(PASSWORD,
                                       salt,
                                       ITERATIONS,
                                       KEY_LENGTH);
  final SecretKey secretKey;
  try {
    secretKey = keyFactory.generateSecret(spec);
  } catch (final InvalidKeySpecException e) {
    throw new RuntimeException("Error creating SecretKey", e);
  }
  final SecretKeySpec result = new SecretKeySpec(secretKey.getEncoded(), ALGORITHM);
  spec.clearPassword();
  return result;
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)