public class Crypt
extends java.lang.Object
See crypt(String, String) for further details.
This class is immutable and thread-safe.
| Constructor and Description |
|---|
Crypt() |
| Modifier and Type | Method and Description |
|---|---|
static java.lang.String |
crypt(byte[] keyBytes)
Encrypts a password in a crypt(3) compatible way.
|
static java.lang.String |
crypt(byte[] keyBytes,
java.lang.String salt)
Encrypts a password in a crypt(3) compatible way.
|
static java.lang.String |
crypt(java.lang.String key)
Calculates the digest using the strongest crypt(3) algorithm.
|
static java.lang.String |
crypt(java.lang.String key,
java.lang.String salt)
Encrypts a password in a crypt(3) compatible way.
|
public static java.lang.String crypt(byte[] keyBytes)
A random salt and the default algorithm (currently SHA-512) are used. See crypt(String, String) for
details.
A salt is generated for you using ThreadLocalRandom; for more secure salts consider using
SecureRandom to generate your own salts and calling crypt(byte[], String).
keyBytes - plaintext passwordjava.lang.IllegalArgumentException - when a NoSuchAlgorithmException is caught.public static java.lang.String crypt(byte[] keyBytes,
java.lang.String salt)
If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
crypt(String, String) for details.
keyBytes - plaintext passwordsalt - real salt value without prefix or "rounds=". The salt may be null,
in which case a salt is generated for you using ThreadLocalRandom;
for more secure salts consider using SecureRandom to
generate your own salts.java.lang.IllegalArgumentException - if the salt does not match the allowed patternjava.lang.IllegalArgumentException - when a NoSuchAlgorithmException is caught.public static java.lang.String crypt(java.lang.String key)
A random salt and the default algorithm (currently SHA-512) are used.
A salt is generated for you using ThreadLocalRandom; for more secure salts consider using
SecureRandom to generate your own salts and calling crypt(String, String).
key - plaintext passwordjava.lang.IllegalArgumentException - when a NoSuchAlgorithmException is caught.crypt(String, String)public static java.lang.String crypt(java.lang.String key,
java.lang.String salt)
The exact algorithm depends on the format of the salt string:
$6$ and are up to 16 chars long.
$5$ and are up to 16 chars long
$1$ and are up to 8 chars long
"$apr1$" and "$2a$" are not recognized by this method as its output should be
identical with that of the libc implementation.
The rest of the salt string is drawn from the set [a-zA-Z0-9./] and is cut at the maximum length of if a
"$" sign is encountered. It is therefore valid to enter a complete hash value as salt to e.g. verify a
password with:
storedPwd.equals(crypt(enteredPwd, storedPwd))
The resulting string starts with the marker string ($n$), where n is the same as the input salt.
The salt is then appended, followed by a "$" sign.
This is followed by the actual hash value.
For DES the string only contains the salt and actual hash.
The total length is dependent on the algorithm used:
Example:
crypt("secret", "$1$xxxx") => "$1$xxxx$aMkevjfEIpa35Bh3G4bAc."
crypt("secret", "xx") => "xxWAum7tHdIUw"
This method comes in a variation that accepts a byte[] array to support input strings that are not encoded in UTF-8 but e.g. in ISO-8859-1 where equal characters result in different byte values.
key - plaintext password as entered by the usedsalt - real salt value without prefix or "rounds=". The salt may be null, in which case a
salt is generated for you using ThreadLocalRandom; for more secure salts
consider using SecureRandom to generate your own salts.java.lang.IllegalArgumentException - if the salt does not match the allowed patternjava.lang.IllegalArgumentException - when a NoSuchAlgorithmException is caught. *Copyright © 2010 - 2020 Adobe. All Rights Reserved