PBKDF2 (Nimbus JOSE + JWT v9.11)

java.lang.Object
- com.nimbusds.jose.crypto.impl.PBKDF2

```
public class PBKDF2
extends Object
```
Password-Based Key Derivation Function 2 (PBKDF2) utilities. Provides static methods to generate Key Encryption Keys (KEK) from passwords. Adopted from jose4j by Brian Campbell.

Version:

2021-07-03

Author:

Brian Campbell, Yavor Vassilev, Vladimir Dzhuvinov

Field Summary

Fields
Modifier and Type Field and Description

static int MIN_SALT_LENGTH
The minimum salt length (8 bytes).

Fields
Modifier and Type	Field and Description
`static int`	`MIN_SALT_LENGTH` The minimum salt length (8 bytes).

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static SecretKey`	`deriveKey(byte[] password, byte[] formattedSalt, int iterationCount, PRFParams prfParams)` Derives a PBKDF2 key from the specified password and parameters.
`static byte[]`	`formatSalt(JWEAlgorithm alg, byte[] salt)` Formats the specified cryptographic salt for use in PBKDF2.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - MIN_SALT_LENGTH
```
public static final int MIN_SALT_LENGTH
```
    The minimum salt length (8 bytes).
    
    See Also:
    
    Constant Field Values
- Method Detail
  - formatSalt
```
public static byte[] formatSalt(JWEAlgorithm alg,
                                byte[] salt)
                         throws JOSEException
```
    Formats the specified cryptographic salt for use in PBKDF2.
```
 UTF8(JWE-alg) || 0x00 || Salt Input
 
```
    Parameters:
    
    alg - The JWE algorithm. Must not be null.
    
    salt - The cryptographic salt. Must be at least 8 bytes long.
    
    Returns:
    
    The formatted salt for use in PBKDF2.
    
    Throws:
    
    JOSEException - If formatting failed.
  - deriveKey
```
public static SecretKey deriveKey(byte[] password,
                                  byte[] formattedSalt,
                                  int iterationCount,
                                  PRFParams prfParams)
                           throws JOSEException
```
    Derives a PBKDF2 key from the specified password and parameters.
    
    Parameters:
    
    password - The password. Must not be null.
    
    formattedSalt - The formatted cryptographic salt. Must not be null.
    
    iterationCount - The iteration count. Must be a positive integer.
    
    prfParams - The Pseudo-Random Function (PRF) parameters. Must not be null.
    
    Returns:
    
    The derived secret key (with "AES" algorithm).
    
    Throws:
    
    JOSEException - If the key derivation failed.

Class PBKDF2

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

MIN_SALT_LENGTH

Method Detail

formatSalt

deriveKey