7

I want to generate a derived hash of a password using PBKDF2 with SHA256. with this SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1") this work but it use SHA1. With SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256") (or SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256","SC") when with spongycastle) i have an error.

How can i succeed to generate a hash using PBKDF2WithHmacSHA256?

Kowlown
  • 920
  • 10
  • 26

2 Answers2

20

If you use version 1.47 or higher of SpongyCastle, you can invoke PBKDF2WithHmacSHA256 directly:

PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(new SHA256Digest());
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), salt, iterations);
KeyParameter key = (KeyParameter)generator.generateDerivedMacParameters(keySizeInBits);

In versions of BC < 1.47, you could not specify SHA256 digest and it defaulted to SHA1.

k3v
  • 1,189
  • 12
  • 12
  • Yup, works. Android itself won't handle AES256 cryptography, so you need the above. The byte[] you get using "key.getKey()" and importing Spongy Castle is easy as adding the following into your dependencies in your build.gradle: compile 'com.madgag.spongycastle:core:1.54.0.0' compile 'com.madgag.spongycastle:prov:1.54.0.0' compile 'com.madgag.spongycastle:pkix:1.54.0.0' compile 'com.madgag.spongycastle:pg:1.54.0.0' – MacD May 27 '16 at 09:05
  • 1
    `compile 'com.madgag.spongycastle:core:1.54.0.0'` is enough, you don't need the extra dependencies listed by @MacD – tomrozb Dec 02 '16 at 00:11
2

Bouncy Castle doesn't support PBKDF2WithHmacSHA256 so this won't work. You can try implementing it yourself. Look at the source of PKCS5S2ParametersGenerator.java and replace SHA1Digest with SHA256Digest.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • Do you know if there is any existing library compatible with Android which have this implementation ? – Kowlown Jul 25 '12 at 08:21
  • Haven't heard of any. Pretty much anything should be compatible though, since this doesn't really do anything platform-specific. – Nikolay Elenkov Jul 25 '12 at 08:41