Java 25 introduces a standardized Key Derivation Function (KDF) API that simplifies the process of deriving cryptographic keys from passwords, shared secrets, and other keying material. Prior to Java 25, developers often relied on provider-specific implementations or low-level cryptographic APIs to perform key derivation. The new API provides a consistent and extensible framework for modern cryptographic applications.
1. Introduction
Cryptographic applications rarely use raw passwords or shared secrets directly as encryption keys. Instead, they derive strong cryptographic keys from such inputs using specialized algorithms known as Key Derivation Functions (KDFs). Common use cases include deriving AES keys from user passwords, generating session keys during TLS handshakes, creating independent keys for encryption and authentication, and producing cryptographically strong keys from low-entropy secrets. The new Java 25 KDF API standardizes access to commonly used key derivation algorithms while maintaining provider independence, resulting in a more consistent and secure cryptographic programming model.
1.1 Understanding KDFs
A Key Derivation Function (KDF) is a cryptographic algorithm that transforms a secret input into one or more cryptographically strong keys. Typical inputs to a KDF include a password, shared secret, salt, and context information, while the outputs commonly consist of AES keys, HMAC keys, session keys, or multiple independent cryptographic keys that can be safely used for encryption, authentication, and other security-related operations.
1.1.1 Why Do We Need KDFs?
Raw passwords are generally weak and unsuitable for direct use as encryption keys. A Key Derivation Function (KDF) strengthens the secret by introducing randomness through salts, increasing the computational effort required to derive the key, helping resist brute-force and dictionary attacks, and generating cryptographic keys of the required length for secure use in encryption, authentication, and other security mechanisms.
1.1.2 Common KDF Algorithms
Several key derivation algorithms are commonly used in modern cryptographic systems. PBKDF2 (Password-Based Key Derivation Function 2) derives cryptographic keys from passwords using repeated hashing and configurable iteration counts to increase resistance against brute-force attacks. HKDF (HMAC-based Key Derivation Function), defined in RFC 5869, uses HMAC as its underlying primitive to securely derive one or more keys from shared secret material. TLS KDFs are specialized key derivation mechanisms used internally by TLS protocols to generate session keys, encryption keys, and authentication keys during secure communication establishment.
1.1.3 Architecture of the New KDF API
The Java 25 KDF API follows the layered architecture of the Java Cryptography Architecture (JCA), providing a clear separation between application code and cryptographic implementations. At the top layer, application code interacts with the KDF API through a standard, provider-independent interface without needing to know the underlying implementation details. The KDF API acts as an abstraction layer that accepts key derivation requests and associated parameters, such as passwords, salts, iteration counts, and desired key lengths. These requests are then delegated to a registered security provider, such as SunJCE or Bouncy Castle, which supplies the actual implementation of the selected key derivation algorithm. The provider executes the requested algorithm, such as PBKDF2, HKDF, or a TLS-specific KDF, and returns the derived cryptographic key to the application. Within this architecture, the KDF class represents the key derivation engine responsible for performing derivation operations, AlgorithmParameterSpec (or KDF-specific parameter objects) encapsulates the configuration and input parameters required by the algorithm, the Provider supplies the concrete implementation of the cryptographic functionality, and the resulting SecretKey object securely stores the derived key material that can subsequently be used for encryption, authentication, or other cryptographic operations. This layered design promotes portability, extensibility, maintainability, and provider independence while ensuring a consistent programming model across different key derivation algorithms.
1.1.4 Benefits of the Java 25 KDF API
- Unified cryptographic abstraction.
- Provider-independent implementation.
- Support for modern derivation algorithms.
- Cleaner and more maintainable code.
- Reduced risk of cryptographic misuse.
1.2 Motivation Behind the New KDF API
Before Java 25, key derivation functionality was fragmented across multiple APIs and approaches, including SecretKeyFactory, provider-specific implementations, and custom cryptographic libraries. This often led to inconsistent programming models, complex provider integrations, limited portability across different algorithms and providers, and a higher risk of implementation errors. The new Java 25 KDF API addresses these challenges by introducing a unified programming model with provider-based extensibility, built-in support for modern key derivation algorithms, and improved code readability, maintainability, and consistency across cryptographic applications.
1.3 Derivation Methods
The Java 25 KDF API provides a standardized mechanism for deriving cryptographic material from passwords, shared secrets, and other forms of keying material. The primary operation performed by the API is key derivation, where a KDF implementation processes the supplied input parameters and generates cryptographically strong output suitable for encryption, authentication, or secure communication. Depending on the selected algorithm and provider, the API can be used to derive symmetric encryption keys such as AES keys, message authentication keys such as HMAC keys, session keys used during protocol negotiations, and multiple independent keys from a single secret source. The derivation process typically involves supplying parameters such as a password or secret, salt, iteration count, desired output length, and optional context information. The KDF engine then applies the selected algorithm, such as PBKDF2, HKDF, or a TLS-specific KDF, to produce deterministic and secure key material that can be safely used by cryptographic applications.
2. Code Example in Java 25
The following example demonstrates deriving a 256-bit AES key using PBKDF2 through the new KDF API.
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.HexFormat;
// Java 25 KDF API
import javax.crypto.KDF;
import javax.crypto.KDFParameters;
public class KDFExample {
public static void main(String[] args) throws Exception {
String password = "MySecurePassword123!";
byte[] salt = new byte[16];
SecureRandom random = new SecureRandom();
random.nextBytes(salt);
// Obtain PBKDF2 implementation
KDF kdf = KDF.getInstance("PBKDF2WithHmacSHA256");
// Configure parameters
KDFParameters params =
KDFParameters.builder()
.password(password.toCharArray())
.salt(salt)
.iterations(100000)
.build();
// Derive 256-bit key
SecretKey derivedKey =
kdf.deriveKey("AES", 256, params);
System.out.println("Salt:");
System.out.println(
HexFormat.of().formatHex(salt));
System.out.println();
System.out.println("Derived Key:");
System.out.println(
HexFormat.of()
.formatHex(
derivedKey.getEncoded()));
}
}
2.1 Code Explanation
This example demonstrates how to use the Java 25 Key Derivation Function (KDF) API to generate a secure 256-bit AES key from a password using the PBKDF2WithHmacSHA256 algorithm. The program begins by defining a password and generating a cryptographically secure 16-byte random salt using SecureRandom. It then obtains a KDF instance through KDF.getInstance("PBKDF2WithHmacSHA256") and configures the derivation parameters, including the password, salt, and an iteration count of 100,000, using the KDFParameters builder. These parameters are supplied to the KDF engine, which derives a 256-bit AES key through deriveKey(). Finally, the program prints both the randomly generated salt and the derived key in hexadecimal format using HexFormat. Because a new random salt is generated during each execution, the resulting derived key will be different every time the program runs, even when the same password is used.
2.2 Code Output
Salt: c7b8e0f497d7d7c54a3df2c76e901d82 Derived Key: 1f40fc92da241694750979ee6cf582f2 d5d7d28e18335de05abc54d0560e0f53
The output displays the randomly generated salt and the cryptographic key derived from the supplied password using the PBKDF2WithHmacSHA256 algorithm. The Salt value (c7b8e0f497d7d7c54a3df2c76e901d82) is a 16-byte random sequence generated by SecureRandom and is used to ensure that the same password produces different derived keys across executions, thereby protecting against rainbow-table attacks. The Derived Key value (1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f53) represents the 256-bit AES key generated by the KDF after processing the password, salt, and 100,000 iterations. Since the salt is randomly generated each time the program runs, both the salt and the resulting derived key will typically be different for every execution, even when the same password is used.
3. Conclusion
The Key Derivation Function API introduced in Java 25 represents a significant improvement in the Java Cryptography Architecture. It provides a standardized, provider-independent mechanism for deriving cryptographic keys from passwords, shared secrets, and other keying material. By introducing a dedicated KDF abstraction, Java 25 simplifies the use of algorithms such as PBKDF2, HKDF, and TLS-specific key derivation mechanisms. Developers can now build secure cryptographic applications with less boilerplate code while maintaining compatibility with existing JCA providers. As modern applications increasingly rely on strong cryptographic foundations, the new KDF API becomes an essential addition to the Java security ecosystem, offering both improved usability and stronger security practices.
