How do I properly use the “PBEWithHmacSHA512AndAES_256” algorithm?

Question

I\'m doing some Java encryption, and cannot figure out a way to properly use the the PBEWithHmacSHA512AndAES_256 algorithm.

Encryption seems to work fine, but I am u

Answer 1

I've enhanced the StandardPBEByteEncryptor from teh jasyptto support the "PBEWithHmacSHA512AndAES_256" algorithm. see code here

See the unit test here PBEEncryptorTest

Answer 2

// PROBLEM: If I pass "ivParamSpec", I get "java.security.InvalidAlgorithmParameterException: Wrong parameter type: PBE expected"
// Whereas if I pass pbeParamSpec, I get "java.security.InvalidAlgorithmParameterException: Missing parameter type: IV expected"
// What to do?
cipherDecrypt.init(
    Cipher.DECRYPT_MODE,
    key,
    ivParamSpec
    //pbeParamSpec
    );

Use the AlgorithmParameters from the encrypting Cipher:

cipherDecrypt.init(
    Cipher.DECRYPT_MODE,
    key,
    cipherEncrypt.getParameters()
    );

If you want a cleaner way that doesn't involve cipherEncrypt at the decrypting site, save the algorithm parameters as a byte and transmit them along with the key data:

byte[]  algorithmParametersEncoded = cipherEncrypt.getParameters().getEncoded();

and reconstruct them at the decrypting site thus:

AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(ALGORITHM);
algorithmParameters.init(algorithmParametersEncoded);

and use algorithmParameters as the parameters argument for Cipher.init() above.