org.apache.commons.codec.digest

Class Sha2Crypt

java.lang.Object

org.apache.commons.codec.digest.Sha2Crypt

public class Sha2Crypt
extends Object

SHA2-based Unix crypt implementation.

Based on the C implementation released into the Public Domain by Ulrich Drepper <drepper@redhat.com> http://www.akkadia.org/drepper/SHA-crypt.txt

Conversion to Kotlin and from there to Java in 2012 by Christian Hammers <ch@lathspell.de> and likewise put into the Public Domain.

This class is immutable and thread-safe.

Since:

1.7

Constructor Summary

Constructors

Constructor and Description
Sha2Crypt()

Method Summary

Modifier and Type	Method and Description
static String	sha256Crypt(byte[] keyBytes) Generates a libc crypt() compatible "$5$" hash value with random salt.
static String	sha256Crypt(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$5$" hash value.
static String	sha256Crypt(byte[] keyBytes, String salt, Random random) Generates a libc6 crypt() compatible "$5$" hash value.
static String	sha512Crypt(byte[] keyBytes) Generates a libc crypt() compatible "$6$" hash value with random salt.
static String	sha512Crypt(byte[] keyBytes, String salt) Generates a libc6 crypt() compatible "$6$" hash value.
static String	sha512Crypt(byte[] keyBytes, String salt, Random random) Generates a libc6 crypt() compatible "$6$" hash value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Sha2Crypt

public Sha2Crypt()

Method Detail

sha256Crypt

public static String sha256Crypt(byte[] keyBytes)

Generates a libc crypt() compatible "$5$" hash value with random salt.

See Crypt.crypt(String, String) for details.

A salt is generated for you using ThreadLocalRandom; for more secure salts consider using SecureRandom to generate your own salts and calling sha256Crypt(byte[], String).

Parameters:

keyBytes - plaintext to hash

Returns:

complete hash value

Throws:

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

sha256Crypt

public static String sha256Crypt(byte[] keyBytes,
                                 String salt)

Generates a libc6 crypt() compatible "$5$" hash value.

See Crypt.crypt(String, String) for details.

Parameters:

keyBytes - plaintext to hash

salt - real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you using SecureRandom. If one does not want to use SecureRandom, you can pass your own Random in sha256Crypt(byte[], String, Random).

Returns:

complete hash value including salt

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

sha256Crypt

public static String sha256Crypt(byte[] keyBytes,
                                 String salt,
                                 Random random)

Generates a libc6 crypt() compatible "$5$" hash value.

See Crypt.crypt(String, String) for details.

Parameters:

keyBytes - plaintext to hash

salt - real salt value without prefix or "rounds=".

random - the instance of Random to use for generating the salt. Consider using SecureRandom or ThreadLocalRandom.

Returns:

complete hash value including salt

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

Since:

1.12

sha512Crypt

public static String sha512Crypt(byte[] keyBytes)

Generates a libc crypt() compatible "$6$" hash value with random salt.

See Crypt.crypt(String, String) for details.

A salt is generated for you using ThreadLocalRandom; for more secure salts consider using SecureRandom to generate your own salts and calling sha512Crypt(byte[], String).

Parameters:

keyBytes - plaintext to hash

Returns:

complete hash value

Throws:

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

sha512Crypt

public static String sha512Crypt(byte[] keyBytes,
                                 String salt)

Generates a libc6 crypt() compatible "$6$" hash value.

See Crypt.crypt(String, String) for details.

Parameters:

keyBytes - plaintext to hash

salt - real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you using SecureRandom; if you want to use a Random object other than SecureRandom then we suggest you provide it using sha512Crypt(byte[], String, Random).

Returns:

complete hash value including salt

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

sha512Crypt

public static String sha512Crypt(byte[] keyBytes,
                                 String salt,
                                 Random random)

Generates a libc6 crypt() compatible "$6$" hash value.

See Crypt.crypt(String, String) for details.

Parameters:

keyBytes - plaintext to hash

salt - real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for you using ThreadLocalRandom; for more secure salts consider using SecureRandom to generate your own salts.

random - the instance of Random to use for generating the salt. Consider using SecureRandom or ThreadLocalRandom.

Returns:

complete hash value including salt

Throws:

IllegalArgumentException - if the salt does not match the allowed pattern

IllegalArgumentException - when a NoSuchAlgorithmException is caught.

Since:

1.12