PKCS5 or Password Based Encryption (PBE) in JAVA

Question

I want to write a password based encryption and decryption in Java!

It means that I have a K (Password) and P (plain Text) and create such an E (encrypted Text) that I can then decrypt that E with my first K.

As I mentioned from the questions and their answers in StackOverflow like here and here my solution is PKCS5 but they firstly generate K1 from K and then encode that K1 and generate K2 from K1. and then encrypt P and decrypt E with that K2.

But It's not what I want. Each time you generate K2 from K, the new K2 differs from last K2 so you can't decrypt with a new K2 an encrypted text that encrypted with previous K2.

How can I code this scenario in Java ?

Answer 1

You are mistaken. Given the same password and salt (and iteration count, but that is often fixed in advance) you will get the same K1 and K2. You can store the salt with your ciphertext, so that you can generate the same K1 and K2 for decryption.

The K2 key encode/decode trick is only required because of a Java API mistake. The PBKDF2 implementation of Java generates a key for which the algorithm is set to "PBE...". That key is not necessarily accepted for a normal AES Cipher. Therefore a "new" key is generated using the same key bytes, but with a different algorithm name ("AES"). Now if you could simply choose the algorithm name and key size during generation, the encoding/decoding would not be necessary. But in the end, K1 and K2 are effectively the same key.