Class Sha2Crypt
Based on the C implementation released into the Public Domain by Ulrich Drepper <drepper@redhat.com> http://www.akkadia.org/drepper/SHA-crypt.txt
Conversion to Kotlin and from there to Java in 2012 by Christian Hammers <ch@lathspell.de> and likewise put into the Public Domain.
This class is immutable and thread-safe.
- Since:
- 1.7
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final int
Default number of rounds if not explicitly specified.private static final int
Maximum number of rounds.private static final int
Minimum number of rounds.private static final String
Prefix for optional rounds specification.private static final Pattern
The pattern to match valid salt values.private static final int
The number of bytes the final hash value will have (SHA-256 variant).(package private) static final String
The prefixes that can be used to identify this crypt() variant (SHA-256).private static final int
The number of bytes the final hash value will have (SHA-512 variant).(package private) static final String
The prefixes that can be used to identify this crypt() variant (SHA-512). -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic String
sha256Crypt
(byte[] keyBytes) Generates a libc crypt() compatible "$5$" hash value with random salt.static String
sha256Crypt
(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$5$" hash value.static String
sha256Crypt
(byte[] keyBytes, String salt, Random random) Generates a libc6 crypt() compatible "$5$" hash value.private static String
Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.static String
sha512Crypt
(byte[] keyBytes) Generates a libc crypt() compatible "$6$" hash value with random salt.static String
sha512Crypt
(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$6$" hash value.static String
sha512Crypt
(byte[] keyBytes, String salt, Random random) Generates a libc6 crypt() compatible "$6$" hash value.
-
Field Details
-
ROUNDS_DEFAULT
private static final int ROUNDS_DEFAULTDefault number of rounds if not explicitly specified.- See Also:
-
ROUNDS_MAX
private static final int ROUNDS_MAXMaximum number of rounds.- See Also:
-
ROUNDS_MIN
private static final int ROUNDS_MINMinimum number of rounds.- See Also:
-
ROUNDS_PREFIX
Prefix for optional rounds specification.- See Also:
-
SHA256_BLOCKSIZE
private static final int SHA256_BLOCKSIZEThe number of bytes the final hash value will have (SHA-256 variant).- See Also:
-
SHA256_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-256).- See Also:
-
SHA512_BLOCKSIZE
private static final int SHA512_BLOCKSIZEThe number of bytes the final hash value will have (SHA-512 variant).- See Also:
-
SHA512_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-512).- See Also:
-
SALT_PATTERN
The pattern to match valid salt values.
-
-
Constructor Details
-
Sha2Crypt
public Sha2Crypt()
-
-
Method Details
-
sha256Crypt
Generates a libc crypt() compatible "$5$" hash value with random salt.See
Crypt.crypt(String, String)
for details.A salt is generated for you using
ThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts and callingsha256Crypt(byte[], String)
.- Parameters:
keyBytes
- plaintext to hash- Returns:
- complete hash value
- Throws:
IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha256Crypt
Generates a libc6 crypt() compatible "$5$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingSecureRandom
. If one does not want to useSecureRandom
, you can pass your ownRandom
insha256Crypt(byte[], String, Random)
.- Returns:
- complete hash value including salt
- Throws:
IllegalArgumentException
- if the salt does not match the allowed patternIllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha256Crypt
Generates a libc6 crypt() compatible "$5$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=".random
- the instance ofRandom
to use for generating the salt. Consider usingSecureRandom
orThreadLocalRandom
.- Returns:
- complete hash value including salt
- Throws:
IllegalArgumentException
- if the salt does not match the allowed patternIllegalArgumentException
- when aNoSuchAlgorithmException
is caught.- Since:
- 1.12
-
sha2Crypt
private static String sha2Crypt(byte[] keyBytes, String salt, String saltPrefix, int blocksize, String algorithm) Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.This is a nearly line by line conversion of the original C function. The numbered comments are from the algorithm description, the short C-style ones from the original C code and the ones with "Remark" from me.
See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds="; may not be nullsaltPrefix
- either $5$ or $6$blocksize
- a value that differs between $5$ and $6$algorithm
-MessageDigest
algorithm identifier string- Returns:
- complete hash value including prefix and salt
- Throws:
IllegalArgumentException
- if the given salt isnull
or does not match the allowed patternIllegalArgumentException
- when aNoSuchAlgorithmException
is caught- See Also:
-
sha512Crypt
Generates a libc crypt() compatible "$6$" hash value with random salt.See
Crypt.crypt(String, String)
for details.A salt is generated for you using
ThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts and callingsha512Crypt(byte[], String)
.- Parameters:
keyBytes
- plaintext to hash- Returns:
- complete hash value
- Throws:
IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha512Crypt
Generates a libc6 crypt() compatible "$6$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingSecureRandom
; if you want to use aRandom
object other thanSecureRandom
then we suggest you provide it usingsha512Crypt(byte[], String, Random)
.- Returns:
- complete hash value including salt
- Throws:
IllegalArgumentException
- if the salt does not match the allowed patternIllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha512Crypt
Generates a libc6 crypt() compatible "$6$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts.random
- the instance ofRandom
to use for generating the salt. Consider usingSecureRandom
orThreadLocalRandom
.- Returns:
- complete hash value including salt
- Throws:
IllegalArgumentException
- if the salt does not match the allowed patternIllegalArgumentException
- when aNoSuchAlgorithmException
is caught.- Since:
- 1.12
-