Java Security - Getting derived key from PBE

Author

Getting derived key from PBE

Michel Gallant

2005-04-22, 4:01 pm

Is there any way to access the DERIVED key (say a 3DES key)
in J2SE and PBE?
I think that although the internally derived IV is accessible, the
derived key is not. Is that correct?

e.g.

String MYPBEALG = "PBEWithSHA1AndDESede" ;
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
String password = "ssshh! a difficult secret" ;
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
keyFac = SecretKeyFactory.getInstance(MYPBEALG);
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);
Cipher pbeCipher = Cipher.getInstance(MYPBEALG);
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

byte[] IV = pbeCipher.getIV() ; //actual internally generated IV

byte[] key = pbeKey.getEncoded(); //this just returns the password as a byte[]

- Mitch

ekuleshov@gmail.com

2005-04-22, 4:01 pm

Michel Gallant wrote:
> Is there any way to access the DERIVED key (say a 3DES key)
> in J2SE and PBE?
> I think that although the internally derived IV is accessible, the
> derived key is not. Is that correct?
>
> e.g.
>
> String MYPBEALG = "PBEWithSHA1AndDESede" ;
> PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt,
count);
> String password = "ssshh! a difficult secret" ;
> PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
> keyFac = SecretKeyFactory.getInstance(MYPBEALG);
> SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);
> Cipher pbeCipher = Cipher.getInstance(MYPBEALG);
> pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);
>
> byte[] IV = pbeCipher.getIV() ; //actual internally generated IV
>
> byte[] key = pbeKey.getEncoded(); //this just returns the
password as a byte[]

There are some helper classes in BouncyCastle provider that will
return derived key params.

regards,
Eugene

Sponsored Links