com.ibm.crypto.provider
Class PKCS5DerivedKeySpec

java.lang.Object
  extended by com.ibm.crypto.provider.PKCS5DerivedKeySpec
All Implemented Interfaces:
KeySpec

public class PKCS5DerivedKeySpec
extends Object
implements KeySpec

Specification for a derived key as defined by PKCS#5. These derived keys take a password, salt, iteration count, and key length as arguments to a hash function for (PBKDF1-derived keys) or a pseudorandom function (PBKDF2-derived keys).

Note that this class stores passwords as char arrays instead of String objects (which would seem more logical), because the String class is immutable and there is no way to overwrite its internal value when the password stored in it is no longer needed. Hence, this class requests the password as a char array, so it can be overwritten when done.


Constructor Summary
PKCS5DerivedKeySpec(char[] pwd, byte[] salt, int iterations, int keyLength, String function)
          Constructor that takes a password, salt, interation count, key length and key encryption function.
 
Method Summary
protected  void finalize()
          Ensures that the password characters of this spec are set to blanks when there are no more references to it.
 String getAlgorithm()
          Returns the algorithm that the key will be used in.
 String getEncryptionFunction()
          Returns the encryption function used to encrypt the key.
 int getIterationCount()
          Returns the iteration count.
 int getKeyLength()
          Returns the key length.
 char[] getPassword()
          Returns the password.
 byte[] getSalt()
          Returns the salt.
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS5DerivedKeySpec

public PKCS5DerivedKeySpec(char[] pwd,
                           byte[] salt,
                           int iterations,
                           int keyLength,
                           String function)
Constructor that takes a password, salt, interation count, key length and key encryption function.

Note that the given password is cloned before it is stored in the new PKCS5DerivedKeySpec object.

Parameters:
pwd - the password.
salt - the salt.
iterations - the iteration count.
keyLength - the key length.
function - the encryption function.
Method Detail

getPassword

public final char[] getPassword()
Returns the password.

Note that this method returns a reference to the password. It is the caller's responsibility to zero out the password information after it is no longer needed.

Returns:
the password

getSalt

public final byte[] getSalt()
Returns the salt.

Returns:
the salt

getIterationCount

public final int getIterationCount()
Returns the iteration count.

Returns:
the iteration count

getKeyLength

public final int getKeyLength()
Returns the key length.

Returns:
the key length

getAlgorithm

public final String getAlgorithm()
Returns the algorithm that the key will be used in. Since PKCS5 derived keys have no target algorithm, null is returned.

Returns:
the algorithm (null for PKCS5 derived keys)

getEncryptionFunction

public final String getEncryptionFunction()
Returns the encryption function used to encrypt the key. For PBKDF1 keys, the encryption function is a hash function like MD5, MD2 or SHA-1. For PBKDF2 keys, the encryption function is a pseudorandom function like HMACMD5 or HMACSHA1.

Returns:
the encryption function used to encrypt the key

finalize

protected void finalize()
Ensures that the password characters of this spec are set to blanks when there are no more references to it.

Overrides:
finalize in class Object