public class Crypt extends Object
See crypt(String, String)
for further details.
This class is immutable and thread-safe.
Constructor and Description |
---|
Crypt() |
Modifier and Type | Method and Description |
---|---|
static String |
crypt(byte[] keyBytes)
Encrypts a password in a crypt(3) compatible way.
|
static String |
crypt(byte[] keyBytes,
String salt)
Encrypts a password in a crypt(3) compatible way.
|
static String |
crypt(String key)
Calculates the digest using the strongest crypt(3) algorithm.
|
static String |
crypt(String key,
String salt)
Encrypts a password in a crypt(3) compatible way.
|
public Crypt()
public static String crypt(byte[] keyBytes)
A random salt and the default algorithm (currently SHA-512) are used. See crypt(String, String)
for
details.
keyBytes
- plaintext passwordRuntimeException
- when a NoSuchAlgorithmException
is caught.public static String crypt(byte[] keyBytes, String salt)
If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
crypt(String, String)
for details.
keyBytes
- plaintext passwordsalt
- salt valueIllegalArgumentException
- if the salt does not match the allowed patternRuntimeException
- when a NoSuchAlgorithmException
is caught.public static String crypt(String key)
A random salt and the default algorithm (currently SHA-512) are used.
key
- plaintext passwordRuntimeException
- when a NoSuchAlgorithmException
is caught.crypt(String, String)
public static String crypt(String key, String salt)
The exact algorithm depends on the format of the salt string:
The rest of the salt string is drawn from the set [a-zA-Z0-9./] and is cut at the maximum length of if a "$" sign is encountered. It is therefore valid to enter a complete hash value as salt to e.g. verify a password with:
storedPwd.equals(crypt(enteredPwd, storedPwd))
The resulting string starts with the marker string ($6$), continues with the salt value and ends with a "$" sign followed by the actual hash value. For DES the string only contains the salt and actual hash. It's total length is dependent on the algorithm used:
Example:
crypt("secret", "$1$xxxx") => "$1$xxxx$aMkevjfEIpa35Bh3G4bAc." crypt("secret", "xx") => "xxWAum7tHdIUw"
This method comes in a variation that accepts a byte[] array to support input strings that are not encoded in UTF-8 but e.g. in ISO-8859-1 where equal characters result in different byte values.
key
- plaintext password as entered by the usedsalt
- salt valueIllegalArgumentException
- if the salt does not match the allowed patternRuntimeException
- when a NoSuchAlgorithmException
is caught. *Copyright © 2002–2013 The Apache Software Foundation. All rights reserved.