使用 Android 创建凭据哈希

Question

someone told me he creates a hash like this:

const enc = await NativeModules.Aes.pbkdf2(plaintext_pasword, serial, 100000, 256);
hashed_password= Buffer.from(enc, 'hex').toString('base64').substr(0, 32);

In Android, I don't know how to translate this to Java. I tried

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec          spec    = new PBEKeySpec(password.toCharArray(), serialNumber.getBytes(), 100000, 256);
SecretKey        tmp     = factory.generateSecret(spec);
SecretKeySpec    key     = new SecretKeySpec(tmp.getEncoded(), "AES");

hashed_password = new String(Base64.encode(key.getEncoded(), Base64.NO_WRAP)).substring(0, 32);

but it might be this is not correct ;)

And also this is far slower than the original solution (the original is said to take less than 1 sec on a Huawei P20, mine takes nearly a minute on my P30).

Could anyone please help me to translate this code?

Answer 1

If the first code is for react native and the library "react-native-aes" then it uses SHA512 as hash and not SHA-1.

See it's implementation:

private static String pbkdf2(String pwd, String salt, Integer cost, Integer length)
throws NoSuchAlgorithmException, InvalidKeySpecException, UnsupportedEncodingException
{
    PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA512Digest());
    gen.init(pwd.getBytes("UTF_8"), salt.getBytes("UTF_8"), cost);
    byte[] key = ((KeyParameter) gen.generateDerivedParameters(length)).getKey();
    return bytesToHex(key);
}

https://github.com/tectiv3/react-native-aes/blob/master/android/src/main/java/com/tectiv3/aes/RCTAes.java#L178-L185

Note that PBKDF2withHmacSHA512 requires at least Android API level 26 (Android 8) . So my recommendation would be to use Spongycastle Java library in the same way the react native library creates the PBKDF2 hash.