org.apache.commons.codec.digest
Class Sha2Crypt

java.lang.Object
  org.apache.commons.codec.digest.Sha2Crypt

public class Sha2Crypt
extends Object

SHA2-based Unix crypt implementation.

Based on the C implementation released into the Public Domain by Ulrich Drepper <drepper@redhat.com> http://www.akkadia.org/drepper/SHA-crypt.txt

Conversion to Kotlin and from there to Java in 2012 by Christian Hammers <ch@lathspell.de> and likewise put into the Public Domain.

This class is immutable and thread-safe.

Since:

1.7

Version:

$Id: Sha2Crypt.java 1435550 2013-01-19 14:09:52Z tn $

Field Summary

private static int	ROUNDS_DEFAULT Default number of rounds if not explicitly specified.
private static int	ROUNDS_MAX Maximum number of rounds.
private static int	ROUNDS_MIN Minimum number of rounds.
private static String	ROUNDS_PREFIX Prefix for optional rounds specification.
private static Pattern	SALT_PATTERN The pattern to match valid salt values.
private static int	SHA256_BLOCKSIZE The number of bytes the final hash value will have (SHA-256 variant).
(package private) static String	SHA256_PREFIX The prefixes that can be used to identify this crypt() variant (SHA-256).
private static int	SHA512_BLOCKSIZE The number of bytes the final hash value will have (SHA-512 variant).
(package private) static String	SHA512_PREFIX The prefixes that can be used to identify this crypt() variant (SHA-512).

Constructor Summary

Sha2Crypt()

Method Summary

static String	sha256Crypt(byte[] keyBytes) Generates a libc crypt() compatible "$5$" hash value with random salt.
static String	sha256Crypt(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$5$" hash value.
private static String	sha2Crypt(byte[] keyBytes, String salt, String saltPrefix, int blocksize, String algorithm) Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.
static String	sha512Crypt(byte[] keyBytes) Generates a libc crypt() compatible "$6$" hash value with random salt.
static String	sha512Crypt(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$6$" hash value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ROUNDS_DEFAULT

private static final int ROUNDS_DEFAULT

Default number of rounds if not explicitly specified.

See Also:

Constant Field Values

ROUNDS_MAX

private static final int ROUNDS_MAX

Maximum number of rounds.

See Also:

Constant Field Values

ROUNDS_MIN

private static final int ROUNDS_MIN

Minimum number of rounds.

See Also:

Constant Field Values

ROUNDS_PREFIX

private static final String ROUNDS_PREFIX

Prefix for optional rounds specification.

See Also:

Constant Field Values

SHA256_BLOCKSIZE

private static final int SHA256_BLOCKSIZE

The number of bytes the final hash value will have (SHA-256 variant).

See Also:

Constant Field Values

SHA256_PREFIX

static final String SHA256_PREFIX

The prefixes that can be used to identify this crypt() variant (SHA-256).

See Also:

Constant Field Values

SHA512_BLOCKSIZE

private static final int SHA512_BLOCKSIZE

The number of bytes the final hash value will have (SHA-512 variant).

See Also:

Constant Field Values

SHA512_PREFIX

static final String SHA512_PREFIX

The prefixes that can be used to identify this crypt() variant (SHA-512).

See Also:

Constant Field Values

SALT_PATTERN

private static final Pattern SALT_PATTERN

The pattern to match valid salt values.

Constructor Detail

Sha2Crypt

public Sha2Crypt()

Method Detail

sha256Crypt

public static String sha256Crypt(byte[] keyBytes)

Generates a libc crypt() compatible "$5$" hash value with random salt.

See Crypt.crypt(String, String) for details.

Throws:

RuntimeException - when a NoSuchAlgorithmException is caught.

sha256Crypt

public static String sha256Crypt(byte[] keyBytes,
                                 String salt)

Generates a libc6 crypt() compatible "$5$" hash value.

See Crypt.crypt(String, String) for details.

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

RuntimeException - when a NoSuchAlgorithmException is caught.

sha2Crypt

private static String sha2Crypt(byte[] keyBytes,
                                String salt,
                                String saltPrefix,
                                int blocksize,
                                String algorithm)

Generates a libc6 crypt() compatible "$5$" or "$6$" SHA2 based hash value.

This is a nearly line by line conversion of the original C function. The numbered comments are from the algorithm description, the short C-style ones from the original C code and the ones with "Remark" from me.

See Crypt.crypt(String, String) for details.

Parameters:

keyBytes - plaintext that should be hashed

salt - real salt value without prefix or "rounds="

saltPrefix - either $5$ or $6$

blocksize - a value that differs between $5$ and $6$

algorithm - MessageDigest algorithm identifier string

Returns:

complete hash value including prefix and salt

Throws:

IllegalArgumentException - if the given salt is null or does not match the allowed pattern

IllegalArgumentException - when a NoSuchAlgorithmException is caught

See Also:

MessageDigestAlgorithms

sha512Crypt

public static String sha512Crypt(byte[] keyBytes)

Generates a libc crypt() compatible "$6$" hash value with random salt.

See Crypt.crypt(String, String) for details.

Throws:

RuntimeException - when a NoSuchAlgorithmException is caught.

sha512Crypt

public static String sha512Crypt(byte[] keyBytes,
                                 String salt)

Generates a libc6 crypt() compatible "$6$" hash value.

See Crypt.crypt(String, String) for details.

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

RuntimeException - when a NoSuchAlgorithmException is caught.