Encryption.java example

Explorer

ishacrmserver-master
- src
  - main
    - java
  - test
    - java
      - crmdna
        CRMDNA_TestsServlet.java
        LocalDatastoreTest.java
        attendance
        AttendanceTest.java
        CheckInPropTest.java
        calling
        CallAssignmentHelperTest.java
        CampaignTest.java
        client
        ClientTest.java
        CrmDnaUserTest.java
        CustomFieldsTest.java
        isha
        IshaConfigTest.java
        IshaProgramTest.java
        IshaUtilsTest.java
        common
        DateUtilsTest.java
        ICode.java
        MemcacheLockTest.java
        OfyServiceTest.java
        TestUtil.java
        UtilsTest.java
        contact
        ContactDetailTest.java
        counter
        CounterCoreTest.java
        CounterTest.java
        datamigration
        DataMigrationTest.java
        encryption
        EncryptionTest.java
        group
        GroupHelperTest.java
        GroupTest.java
        interaction
        InteractionScoreTest.java
        InteractionTest.java
        inventory
        InventoryItemTest.java
        IshaInventoryItemTest.java
        MealCountTest.java
        list
        BulkSubscriptionTest.java
        ListHelperTest.java
        ListTest.java
        mail2
        MailContentTest.java
        MailMapFactoryTest.java
        MailScheduleTest.java
        MailTest.java
        SentMailPropTest.java
        member
        AccountTest.java
        MemberFactoryTest.java
        MemberLoaderTest.java
        MemberSaverTest.java
        MemberTest.java
        PopulateDependantFieldsTest.java
        RebuildTest.java
        UnverifiedProgramTest.java
        objectstore
        ObjectStoreCoreTest.java
        ObjectStoreTest.java
        participant
        ParticipantPropTest.java
        ParticipantTest.java
        practice
        PracticeHelperTest.java
        PracticeTest.java
        program
        ProgramPropTest.java
        ProgramTest.java
        SessionPropTest.java
        programtype
        ProgramTypeHelperTest.java
        ProgramTypePropTest.java
        ProgramTypeTest.java
        sequence
        SequenceCoreTest.java
        SequenceTest.java
        teacher
        TeacherTest.java
        user
        UserHelperTest.java
        UserTest.java
        useractivity
        UserActivityHelperTest.java
        UserActivityTest.java
        venue
        VenueTest.java

package crmdna.encryption;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;

public class Encryption {
    public static byte[] generateRandomSalt() throws NoSuchAlgorithmException {
        // VERY important to use SecureRandom instead of just Random
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

        // Generate a 8 byte (64 bit) salt as recommended by RSA PKCS5
        byte[] salt = new byte[8];
        random.nextBytes(salt);

        return salt;
    }

    public static byte[] getEncryptedPassword(String password, byte[] salt)
            throws NoSuchAlgorithmException, InvalidKeySpecException {
        // PBKDF2 with SHA-1 as the hashing algorithm. Note that the NIST
        // specifically names SHA-1 as an acceptable hashing algorithm for PBKDF2
        String algorithm = "PBKDF2WithHmacSHA1";
        // SHA-1 generates 160 bit hashes, so that's what makes sense here
        int derivedKeyLength = 160;
        // Pick an iteration count that works for you. The NIST recommends at
        // least 1,000 iterations:
        // http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
        // iOS 4.x reportedly uses 10,000:
        // http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/
        int iterations = 20000;

        KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, derivedKeyLength);

        SecretKeyFactory f = SecretKeyFactory.getInstance(algorithm);

        return f.generateSecret(spec).getEncoded();
    }

    public static boolean authenticate(String attemptedPassword, byte[] encryptedPassword, byte[] salt)
            throws NoSuchAlgorithmException, InvalidKeySpecException {
        // Encrypt the clear-text password using the same salt that was used to
        // encrypt the original password
        byte[] encryptedAttemptedPassword = getEncryptedPassword(attemptedPassword, salt);

        // Authentication succeeds if encrypted password that the user entered
        // is equal to the stored hash
        return Arrays.equals(encryptedPassword, encryptedAttemptedPassword);
    }
}