Class KPasswordVault

java.lang.Object
ch.k43.util.KPasswordVault
public final class KPasswordVault extends Object
Securely hash, store and verify passwords. The hashing is done with PBKDF2 using the PBKDF2WithHmacSHA512 algorithm, a key size of 512, a generated secure salt of 32 bytes and an optional pepper value. The number of iterations may be set during password hashing (defaults to a generated number between 500_000 and 1_000_000).
Since:
2025.05.17

  • Constructor Summary

    Constructors
    Constructor
    Description
    KPasswordVault(byte[] argSalt, int argIterations, byte[] argPasswordHash)
    Create a password vault with the given data.
    KPasswordVault(char[] argPassword)
    Hash the given password with a random generated iteration count between 500_000 and 1_000_000.
    KPasswordVault(char[] argPassword, char[] argPepper)
    Hash the given password with a random generated iteration count between 500_000 and 1_000_000 and an optional pepper value.
    KPasswordVault(char[] argPassword, int argIterations)
    Hash the given password for the specified number of iterations.
    KPasswordVault(char[] argPassword, int argIterations, char[] argPepper)
    Hash the given password for the specified number of iterations.

  • Method Summary

    Modifier and Type
    Method
    Description
    final void
    clear()
    Clear all object variables.
    final long
    getHashTimeMs()
    Return the elapsed time for the password hash generation.
    final int
    getIterations()
    Return the used iteration count.
    final byte[]
    getPasswordHash()
    Return the password hash.
    final byte[]
    getSalt()
    Return the used salt.
    final boolean
    isPasswordValid(char[] argPassword)
    Hash the password and compare it against the stored password hash.
    final boolean
    isPasswordValid(char[] argPassword, char[] argPepper)
    Hash the password with the pepper and compare it against the stored password hash.
    String
    toString()
    String representation of object.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • KPasswordVault

      public KPasswordVault(byte[] argSalt, int argIterations, byte[] argPasswordHash)
      Create a password vault with the given data. This constructor is used to initialize a password vault with previous retrieved data which can then be used to validate a given clear text password.
      Parameters:
      argSalt - Salt
      argIterations - Number of iterations
      argPasswordHash - Password hash

    • KPasswordVault

      public KPasswordVault(char[] argPassword)
      Hash the given password with a random generated iteration count between 500_000 and 1_000_000.
      Parameters:
      argPassword - Clear text password to be hashed

    • KPasswordVault

      public KPasswordVault(char[] argPassword, char[] argPepper)
      Hash the given password with a random generated iteration count between 500_000 and 1_000_000 and an optional pepper value.
      Parameters:
      argPassword - Clear text password to be hashed
      argPepper - Optional pepper to be added to the password

    • KPasswordVault

      public KPasswordVault(char[] argPassword, int argIterations)
      Hash the given password for the specified number of iterations.
      Parameters:
      argPassword - Clear text password to be hashed
      argIterations - Number of iterations (1_000 - 10_000_000)

    • KPasswordVault

      public KPasswordVault(char[] argPassword, int argIterations, char[] argPepper)
      Hash the given password for the specified number of iterations.
      Parameters:
      argPassword - Clear text password to be hashed
      argIterations - Number of iterations (1_000 - 10_000_000)
      argPepper - Optional pepper to be added to the password and salt

  • Method Details

    • clear

      public final void clear()
      Clear all object variables.

    • getHashTimeMs

      public final long getHashTimeMs()
      Return the elapsed time for the password hash generation.
      Returns:
      Time in milliseconds

    • getIterations

      public final int getIterations()
      Return the used iteration count.
      Returns:
      Iterations

    • getPasswordHash

      public final byte[] getPasswordHash()
      Return the password hash.
      Returns:
      Password hash

    • getSalt

      public final byte[] getSalt()
      Return the used salt.
      Returns:
      Salt

    • isPasswordValid

      public final boolean isPasswordValid(char[] argPassword)
      Hash the password and compare it against the stored password hash.
      Parameters:
      argPassword - Clear text password to be checked
      Returns:
      true if password matches

    • isPasswordValid

      public final boolean isPasswordValid(char[] argPassword, char[] argPepper)
      Hash the password with the pepper and compare it against the stored password hash.
      Parameters:
      argPassword - Clear text password to be checked
      argPepper - Optional pepper which was added to the password and salt
      Returns:
      true if password matches

    • toString

      public String toString()
      String representation of object.
      Overrides:
      toString in class Object