Home/ Questions/Q 8309735
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T19:12:49+00:00

With the same IV,key,iteration and salt as input, is everytime the generated PBEKeySpec the

  • 0

With the same IV,key,iteration and salt as input, is everytime the generated PBEKeySpec the same? That is:

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC");
KeySpec spec = new PBEKeySpec(secureKey.toCharArray(), SALT.getBytes(), KEY_ITERATION, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

Would I get the same SecretKey every time?
I just fear when user start the program next time, the SecretKey object is changed and cannot used to decrypt the value.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes. It will continue to produce the same key given the same inputs as long as the inputs and the algorithm are fixed as you specified in the question. You should be able to test this by just running your code in a loop and printing each time through

    System.out.println(Arrays.toString(secret.getEncoded));

    Moreover, the API specifies an immutable object except for the password. For the password (a char[]) the API specifies that the user may overwrite the value after the PBE operation.

    Note that in principle classes derived from SecretKeySpec could implement a mutable interface. It would be extremely unlikely that SecretKeySpec is extended, mutable and that the keyfactory class or any other would alter the contents however.

    • 0