Class Sha2Crypt
- java.lang.Object
-
- org.apache.commons.codec.digest.Sha2Crypt
-
public class Sha2Crypt extends java.lang.Object
SHA2-based Unix crypt implementation.Based on the C implementation released into the Public Domain by Ulrich Drepper <drepper@redhat.com> http://www.akkadia.org/drepper/SHA-crypt.txt
Conversion to Kotlin and from there to Java in 2012 by Christian Hammers <ch@lathspell.de> and likewise put into the Public Domain.
This class is immutable and thread-safe.
- Since:
- 1.7
-
-
Field Summary
Fields Modifier and Type Field Description private static int
ROUNDS_DEFAULT
Default number of rounds if not explicitly specified.private static int
ROUNDS_MAX
Maximum number of rounds.private static int
ROUNDS_MIN
Minimum number of rounds.private static java.lang.String
ROUNDS_PREFIX
Prefix for optional rounds specification.private static java.util.regex.Pattern
SALT_PATTERN
The pattern to match valid salt values.private static int
SHA256_BLOCKSIZE
The number of bytes the final hash value will have (SHA-256 variant).(package private) static java.lang.String
SHA256_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-256).private static int
SHA512_BLOCKSIZE
The number of bytes the final hash value will have (SHA-512 variant).(package private) static java.lang.String
SHA512_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-512).
-
Constructor Summary
Constructors Constructor Description Sha2Crypt()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.lang.String
sha256Crypt(byte[] keyBytes)
Generates a libc crypt() compatible "$5$" hash value with random salt.static java.lang.String
sha256Crypt(byte[] keyBytes, java.lang.String salt)
Generates a libc6 crypt() compatible "$5$" hash value.static java.lang.String
sha256Crypt(byte[] keyBytes, java.lang.String salt, java.util.Random random)
Generates a libc6 crypt() compatible "$5$" hash value.private static java.lang.String
sha2Crypt(byte[] keyBytes, java.lang.String salt, java.lang.String saltPrefix, int blocksize, java.lang.String algorithm)
Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.static java.lang.String
sha512Crypt(byte[] keyBytes)
Generates a libc crypt() compatible "$6$" hash value with random salt.static java.lang.String
sha512Crypt(byte[] keyBytes, java.lang.String salt)
Generates a libc6 crypt() compatible "$6$" hash value.static java.lang.String
sha512Crypt(byte[] keyBytes, java.lang.String salt, java.util.Random random)
Generates a libc6 crypt() compatible "$6$" hash value.
-
-
-
Field Detail
-
ROUNDS_DEFAULT
private static final int ROUNDS_DEFAULT
Default number of rounds if not explicitly specified.- See Also:
- Constant Field Values
-
ROUNDS_MAX
private static final int ROUNDS_MAX
Maximum number of rounds.- See Also:
- Constant Field Values
-
ROUNDS_MIN
private static final int ROUNDS_MIN
Minimum number of rounds.- See Also:
- Constant Field Values
-
ROUNDS_PREFIX
private static final java.lang.String ROUNDS_PREFIX
Prefix for optional rounds specification.- See Also:
- Constant Field Values
-
SHA256_BLOCKSIZE
private static final int SHA256_BLOCKSIZE
The number of bytes the final hash value will have (SHA-256 variant).- See Also:
- Constant Field Values
-
SHA256_PREFIX
static final java.lang.String SHA256_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-256).- See Also:
- Constant Field Values
-
SHA512_BLOCKSIZE
private static final int SHA512_BLOCKSIZE
The number of bytes the final hash value will have (SHA-512 variant).- See Also:
- Constant Field Values
-
SHA512_PREFIX
static final java.lang.String SHA512_PREFIX
The prefixes that can be used to identify this crypt() variant (SHA-512).- See Also:
- Constant Field Values
-
SALT_PATTERN
private static final java.util.regex.Pattern SALT_PATTERN
The pattern to match valid salt values.
-
-
Method Detail
-
sha256Crypt
public static java.lang.String sha256Crypt(byte[] keyBytes)
Generates a libc crypt() compatible "$5$" hash value with random salt.See
Crypt.crypt(String, String)
for details.A salt is generated for you using
ThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts and callingsha256Crypt(byte[], String)
.- Parameters:
keyBytes
- plaintext to hash- Returns:
- complete hash value
- Throws:
java.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha256Crypt
public static java.lang.String sha256Crypt(byte[] keyBytes, java.lang.String salt)
Generates a libc6 crypt() compatible "$5$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingSecureRandom
. If one does not want to useSecureRandom
, you can pass your ownRandom
insha256Crypt(byte[], String, Random)
.- Returns:
- complete hash value including salt
- Throws:
java.lang.IllegalArgumentException
- if the salt does not match the allowed patternjava.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha256Crypt
public static java.lang.String sha256Crypt(byte[] keyBytes, java.lang.String salt, java.util.Random random)
Generates a libc6 crypt() compatible "$5$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=".random
- the instance ofRandom
to use for generating the salt. Consider usingSecureRandom
orThreadLocalRandom
.- Returns:
- complete hash value including salt
- Throws:
java.lang.IllegalArgumentException
- if the salt does not match the allowed patternjava.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.- Since:
- 1.12
-
sha2Crypt
private static java.lang.String sha2Crypt(byte[] keyBytes, java.lang.String salt, java.lang.String saltPrefix, int blocksize, java.lang.String algorithm)
Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.This is a nearly line by line conversion of the original C function. The numbered comments are from the algorithm description, the short C-style ones from the original C code and the ones with "Remark" from me.
See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds="; may not be nullsaltPrefix
- either $5$ or $6$blocksize
- a value that differs between $5$ and $6$algorithm
-MessageDigest
algorithm identifier string- Returns:
- complete hash value including prefix and salt
- Throws:
java.lang.IllegalArgumentException
- if the given salt isnull
or does not match the allowed patternjava.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught- See Also:
MessageDigestAlgorithms
-
sha512Crypt
public static java.lang.String sha512Crypt(byte[] keyBytes)
Generates a libc crypt() compatible "$6$" hash value with random salt.See
Crypt.crypt(String, String)
for details.A salt is generated for you using
ThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts and callingsha512Crypt(byte[], String)
.- Parameters:
keyBytes
- plaintext to hash- Returns:
- complete hash value
- Throws:
java.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha512Crypt
public static java.lang.String sha512Crypt(byte[] keyBytes, java.lang.String salt)
Generates a libc6 crypt() compatible "$6$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingSecureRandom
; if you want to use aRandom
object other thanSecureRandom
then we suggest you provide it usingsha512Crypt(byte[], String, Random)
.- Returns:
- complete hash value including salt
- Throws:
java.lang.IllegalArgumentException
- if the salt does not match the allowed patternjava.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.
-
sha512Crypt
public static java.lang.String sha512Crypt(byte[] keyBytes, java.lang.String salt, java.util.Random random)
Generates a libc6 crypt() compatible "$6$" hash value.See
Crypt.crypt(String, String)
for details.- Parameters:
keyBytes
- plaintext to hashsalt
- real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you usingThreadLocalRandom
; for more secure salts consider usingSecureRandom
to generate your own salts.random
- the instance ofRandom
to use for generating the salt. Consider usingSecureRandom
orThreadLocalRandom
.- Returns:
- complete hash value including salt
- Throws:
java.lang.IllegalArgumentException
- if the salt does not match the allowed patternjava.lang.IllegalArgumentException
- when aNoSuchAlgorithmException
is caught.- Since:
- 1.12
-
-