This was posted on weblogicserver -> Security before. Thought this is a better forum.
Hi, I would like to use key from PBE for AES encryption. I use this to get the key (jdk142):
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
byte salt = new byte;
PBEKeySpec pkeSpec = new PBEKeySpec("theBestSecretKey".toCharArray(), salt, 1000, 128);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
SecretKey key = factory.generateSecret(pkeSpec);
SecretKey secKey = new SecretKeySpec(key.getEncoded(), "AES");
When I check the bytes of seckey and bytes of "theBestSecretKey", they are the same. Should I get different bytes after the PBE alg? Does it sound right? Do I have to use exact 16 letters string as password? Thanks!