Encryption Services

Argon 2

be.securit.trustbuilder.service.EncryptionService

argon2Hash()

generates an Argon2 hash using the ARGON2id type.

  • parameters:
    • password : String : the password to hash
    • base64EncodedSalt : String : the salt to use, base 64 encoded to a String
    • parallelism : int : the number of threads to use
    • resultLength : int : the desired tagLength, this is the desired number of bytes in the hash. Note that is not equal to the length of this function's result
    • memorySizeInKb : int : amount of memory (in kilobytes) to use
    • iterations : int : number of iterations to perform
  • return value:

An encoded hash. This encoded hash contains all parameters used to calculate the hash, so it alone suffices to verify a password.

argon2Verify()

Verifies a given password against a argon2 encoded hash string

  • parameters:
    • password : String : the password to verify
    • encodedHash : String : the encoded Argon hash string
  • return value:
    • boolean : true if the password was successfully verified, false otherwise

Example

function argon2Hash (workitem){
	var service = tb.getService('Argon2');
	var pwd = 'passw';
	var b64 = tb.base64Encode('some random string', true);
	var parallelism = 4;
	var resultLength = 64;
	var memorySizeInKb = 4096;
	var iterations = 10;
	var hash = service.argon2Hash(pwd, b64,parallelism,resultLength,memorySizeInKb,iterations);
	
	tb.log(hash);
}


function argon2Verify (workitem){
	var service = tb.getService('Argon2');
	var pwd = 'passw';
	var hash = '';
	var result = service.argon2Verify(pwd, hash);
	tb.log(result?'success':'fail');
}

PBKDF2

This algorithm was added in IDHub 9.5.4

2 methods were added for the PBKDF2 password hashing - pbkdf2Hash(password, base64EncodedSalt, iterations, keyLength, algorithm) password :

  • the password string to hash.
  • base64EncodedSalt : a regular base64 encoded String representing the chosen salt (The standard recommends a salt length of at least 64 bits. The US National Institute of Standards and Technology recommends a salt length of 128 bits.)
  • iterations : number of iterations for the PBKDF2 algorithm
  • keyLength : desired length of the resulting key in bits
  • algorithm : one of the available PBKDF2 algorithm variations, mainly specifying the hash algorithm to use.

At the time of writing the available ones are :

  • PBKDF2WithHmacSHA1
  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

The function returns a regular base64 encoded String representing the resulting hash bits. - pbkdf2Verify(password, hash, base64EncodedSalt, iterations, keyLength, algorithm) password : the password string to verify.

  • hash : a regular base64 encoded String representing the hash to verify against
  • base64EncodedSalt : a regular base64 encoded String representing the chosen salt (The standard recommends a salt length of at least 64 bits. The US National Institute of Standards and Technology recommends a salt length of 128 bits.)
  • iterations : number of iterations for the PBKDF2 algorithm
  • keyLength : desired length of the resulting key in bits
  • algorithm : one of the available PBKDF2 algorithm variations, mainly specifying the hash algorithm to use. The function returns true if the password is verified against the hash, and false otherwise
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.