Class KPasswordVault

java.lang.Object
ch.k43.util.KPasswordVault
public final class KPasswordVault extends Object
Securely hash, store, and verify passwords using PBKDF2 with the PBKDF2WithHmacSHA512 algorithm. A secure, randomly generated 32-byte salt is used, along with an optional pepper value. The key length is set to 512 bits. If not specified, the number of hash iterations is set to a generated value between 500'000 and 1'000'000.
Since:
2025.05.17
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    KPasswordVault(byte[] argSalt, int argIterations, byte[] argPasswordHash)
    Create a password vault with the given data.
    KPasswordVault(char[] argPassword)
    Hash the given password with a random generated iteration count between 500'000 and 1'000'000.
    KPasswordVault(char[] argPassword, char[] argPepper)
    Hash the given password with a random generated iteration count between 500'000 and 1'000'000 and an optional pepper value.
    KPasswordVault(char[] argPassword, int argIterations)
    Hash the given password for the specified number of iterations.
    KPasswordVault(char[] argPassword, int argIterations, char[] argPepper)
    Hash the given password for the specified number of iterations.

  • Method Summary

    Modifier and Type
    Method
    Description
    final void
    clear()
    Clear all object variables.
    final long
    getHashTimeMs()
    Return the elapsed time for the password hash generation.
    final int
    getIterations()
    Return the used iteration count.
    final byte[]
    getPasswordHash()
    Return the password hash.
    final byte[]
    getSalt()
    Return the used salt.
    final boolean
    isPasswordValid(char[] argPassword)
    Hash the password and compare it against the stored password hash.
    final boolean
    isPasswordValid(char[] argPassword, char[] argPepper)
    Hash the password with the pepper and compare it against the stored password hash.
    String
    toString()
    String representation of object.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • KPasswordVault

      public KPasswordVault(char[] argPassword)
      Hash the given password with a random generated iteration count between 500'000 and 1'000'000.
      Parameters:
      argPassword - Clear text password to be hashed

    • KPasswordVault

      public KPasswordVault(byte[] argSalt, int argIterations, byte[] argPasswordHash)
      Create a password vault with the given data. This constructor is used to initialize a password vault with previous retrieved data which can then be used to validate a given clear text password.
      Parameters:
      argSalt - Salt
      argIterations - Number of iterations
      argPasswordHash - Password hash

    • KPasswordVault

      public KPasswordVault(char[] argPassword, char[] argPepper)
      Hash the given password with a random generated iteration count between 500'000 and 1'000'000 and an optional pepper value.
      Parameters:
      argPassword - Clear text password to be hashed
      argPepper - Optional pepper to be added to the password

    • KPasswordVault

      public KPasswordVault(char[] argPassword, int argIterations)
      Hash the given password for the specified number of iterations.
      Parameters:
      argPassword - Clear text password to be hashed
      argIterations - Number of iterations (1_000 - 10_000_000)

    • KPasswordVault

      public KPasswordVault(char[] argPassword, int argIterations, char[] argPepper)
      Hash the given password for the specified number of iterations.
      Parameters:
      argPassword - Clear text password to be hashed
      argIterations - Number of iterations (1_000 - 10_000_000)
      argPepper - Optional pepper to be added to the password and salt

  • Method Details

    • clear

      public final void clear()
      Clear all object variables.

    • getHashTimeMs

      public final long getHashTimeMs()
      Return the elapsed time for the password hash generation.
      Returns:
      Time in milliseconds

    • getIterations

      public final int getIterations()
      Return the used iteration count.
      Returns:
      Iterations

    • getPasswordHash

      public final byte[] getPasswordHash()
      Return the password hash.
      Returns:
      Password hash

    • getSalt

      public final byte[] getSalt()
      Return the used salt.
      Returns:
      Salt

    • isPasswordValid

      public final boolean isPasswordValid(char[] argPassword)
      Hash the password and compare it against the stored password hash.
      Parameters:
      argPassword - Clear text password to be checked
      Returns:
      true if password matches

    • isPasswordValid

      public final boolean isPasswordValid(char[] argPassword, char[] argPepper)
      Hash the password with the pepper and compare it against the stored password hash.
      Parameters:
      argPassword - Clear text password to be checked
      argPepper - Optional pepper which was added to the password and salt
      Returns:
      true if password matches

    • toString

      public String toString()
      String representation of object.
      Overrides:
      toString in class Object