Clever Geek Handbook

Using Jasypt for AES encryption with password with key PBKDF2WithHmacSHA1

I am using the encryption mechanism I am working in and the security guy requirements are as follows:

  • Generate a 256-bit key using PBKDF2WithHmacSHA512, secret password, 256-bit salt, and a minimum of 20,000 iterations.
  • The salt must be generated using SecureRandom.getInstance ("SHA1PRNG");
  • Encryption using AES256 with a derived key.

I am trying to use the Jasypt StandardPBEStringEncryptor class

encryptor.setPassword(PASSWORD);
encryptor.setAlgorithm("AES/CBC/PKCS5Padding");
encryptor.setKeyObtentionIterations(20000);
encryptor.setSaltGenerator(new RandomSaltGenerator());
encryptor.encrypt("something");

When I do this, I get the following exception:

java.security.NoSuchAlgorithmException: AES / CBC / PKCS5Padding SecretKeyFactory not available

Am I using Jasypt incorrectly? What am I missing here?

thank

+3


source to share


1 answer


I ended up reaching out to Daniel Fernandez who is a Jasypt programmer and his answer:

Im fear Jasypt does not offer a way to specify different algorithms for the SecretKeyFactory and the creation of the Cipher itself. Unfortunately.



I used this bit of java code to do this (no Jasypt):

public String encrypt(final String message) {
  final byte[] salt = generateSalt();
  final Key key = createKey(salt);

  final Cipher encryptingCipher = createCipher(Cipher.ENCRYPT_MODE, key, salt);
  final byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);
  final byte[] encryptedBytes = doFinal(encryptingCipher, messageBytes);
  final byte[] data = ArrayUtils.addAll(salt, encryptedBytes);
  return BaseEncoding.base64().encode(data);
}

private byte[] generateSalt() {
  final SecureRandom secureRandom = new SecureRandom();
  final byte[] salt = new byte[SALT_LENGTH];
  secureRandom.nextBytes(salt);
  return salt;
}

private Key createKey(final byte[] salt) {
  final PBEKeySpec spec = new PBEKeySpec(PASSWORD,
                                       salt,
                                       ITERATIONS,
                                       KEY_LENGTH);
  final SecretKey secretKey;
  try {
    secretKey = keyFactory.generateSecret(spec);
  } catch (final InvalidKeySpecException e) {
    throw new RuntimeException("Error creating SecretKey", e);
  }
  final SecretKeySpec result = new SecretKeySpec(secretKey.getEncoded(), ALGORITHM);
  spec.clearPassword();
  return result;
}
+3


source






More articles:


All Articles