0

I'm trying to convert a Node.js authentication using passport-local to a Java based one

Node.js use this code:

crypto.pbkdf2Sync(password, new Buffer(this.salt, 'base64'), 10000, 64).toString('base64');

I'm trying to replicate this in java using this code:

KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 100000, 64 * 8);
SecretKeyFactory key = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hashedPassword = key.generateSecret(spec).getEncoded();
hashPassword = new String(Base64.encodeBase64(hashedPassword));

But my generated key is always different than node.js one. i've also tried with different encodings in getBytes() using UTF-16LE as someone pointed here in other threads but with no luck. I'm pretty sure that pbkdf2Sync in node.js use SHA1 when no digest is used. Can anyone confirm also this?

Thank you

UPDATE

I've resolved using Java8 Base64 decoding. This is the right function to use (if someone needs it):

final char[] cPassword = password.toCharArray();
final byte[] bSalt = Base64.getDecoder().decode(utente.getSalt().getBytes());
KeySpec spec = new PBEKeySpec(cPassword, bSalt, 10000, 64 * 8);
SecretKeyFactory key = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hashedPassword = key.generateSecret(spec).getEncoded();
String hashPassword = new String(Base64.getEncoder().encode(hashedPassword));

hashPassword will have the same Node.js password

Improve this question
6
  • Is it typo or your third argument is really different in code too? 10,000 -> 100, 000 Commented Oct 19, 2016 at 10:11
  • yes. Is a typo. fixed but same result Commented Oct 19, 2016 at 12:38
  • Why are you setting the 4th argument as 64*8. I guess you should set it to just 64. Commented Oct 19, 2016 at 13:01
  • no. the argument is 64 * 8 because PBEKeySpec is different than pbkdf2Sync and the parameters needs to be multiplied by 8 otherwise you will receive a key of 12 bytes (i've also found a page that explain why but i don't find it anymore..) Commented Oct 19, 2016 at 13:19
  • the SHA1 is the default one and so i'm sure that SecretKeyFactory is correct: github.com/ericelliott/credential/blob/master/credential.js This other link: stackoverflow.com/questions/34462316/… makes the inverse process.. and is the same i'm trying to do.. and if you see the keyLength is multiplied by 8 Commented Oct 20, 2016 at 10:55
Related questions
4
Passport for authentication in Node JS
92
passport-local with node-jwt-simple
3
node.js login with passport
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.