The PBKDF2 class provides functions for creating a password based key derivation
function 2 using multiple iteration of HMAC.
The PBKDF2 class extends KDF class. It means that it inherits methods
for derivation and setting / getting length and salt. All these methods are
documented in KDF.
Description: Creates a new PBKDF2 class if supplied algorithm is supported.
The constructor first checks if the hashAlgorithm is found. If not, then
PBKDF2Exception is thrown. Otherwise a new instance of PBKDF2 with the supplied
length, salt and number of iterations is created.
hashAlgorithm : string - the algorithm name (e.g. sha1, sha256)
length : int - the key length
salt : string - the salt
iter : int - the number of iterations
PBKDF2: New instances of the PBKDF2 class.
It can throw KDFException with code
KDFException::KEY_LENGTH_LOW- the supplied key length is too lowKDFException::KEY_LENGTH_HIGH- the supplied key length is too highKDFException::SALT_LENGTH_HIGH- if the data length exceeds C INT_MAXPBKDF2Exception::HASH_ALGORITHM_NOT_FOUND- the supplied hash algorithm is invalidPBKDF2Exception::ITERATIONS_HIGH- the supplied iterations count is too high
$pbkdf2 = new \Crypto\PBKDF2('sha256', 32, \Crypto\Rand::generate(16));If the hash algorithm is passed by user in variable, then it might be a good idea to wrap it in a try/catch block:
try {
$pbkdf2 = new \Crypto\PBKDF2($key, $hash_algorithm, \Crypto\Rand::generate(16));
}
catch (\Crypto\KDFException $e) {
echo $e->getMessage();
}Description: Returns hash algorithm name.
This method returns a hash algorithm name. The algorithm will be used
for HMAC when deriving a key using PBKDF2::derive.
The name is usually in upper case even if it was supplied as lower case.
This method has no parameters.
This method does not throw any exception.
string: The hash algorithm.
$pbkdf2 = new \Crypto\PBKDF2('sha256', 32, \Crypto\Rand::generate(16));
// this will output SHA256
echo $pbkdf2->getHashAlgorithm();Description: Returns the number of iterations.
This method returns the number of iterations for deriving key.
This method has no parameters.
This method does not throw any exception.
int: The number of iterations.
$pbkdf2 = new \Crypto\PBKDF2('sha256', 32, \Crypto\Rand::generate(16), 1200);
// returns 1200
echo $pbkdf2->getIterations();Description: Sets hash algorithm name.
This method sets a hash algorithm by its name. It will be then used
by HMAC when deriving key using PBKDF2::derive.
hashAlgorithm : string - the hash algorithm name
It can throw PBKDF2Exception with code
PBKDF2Exception::HASH_ALGORITHM_NOT_FOUND- the supplied hash algorithm is invalid
bool: true if the hash algorithm was set succesfully
$pbkdf2 = new \Crypto\PBKDF2('sha256', 32, \Crypto\Rand::generate(16));
// if we want to change hash algorithm to SHA512
$pbkdf2->setHashAlgorithm('sha512');Description: Sets the number of iterations.
This method sets the number of iterations for key derivation which will be
used in PBKDF2::derive. Any number less than 1 is treated as a single
iteration.
iterations : int - the number of iterations
It can throw PBKDF2Exception with code
PBKDF2Exception::ITERATIONS_HIGH- the supplied iterations count is too high
bool: true if the number of iterations was set succesfully
$pbkdf2 = new \Crypto\PBKDF2('sha256', 32, \Crypto\Rand::generate(16), 1200);
// if we want to change number of iterations to 1000
$pbkdf2->setIterations(1000);