我正在开发一个Java项目，我必须确保保存在纯文本文件中的用户密码的机密性和完整性。

为此，我只会在文件中写入密码的散列。 更具体地说，我的意图是编写密码和随机盐的散列，加上随机盐本身，以避免使用彩虹和查找表。 我也想用PBKDF2来进行密钥伸展，以便计算哈希的计算量很大。 最后，我想使用密钥哈希算法HMAC来进行最后一层保护。

我试图在Java代码中实现我的想法，并且我找到了上面介绍的一些操作示例：

我真的无法理解的是如何输入我的密钥作为HMAC算法使用的密钥，因为它似乎不是该函数的输入。 我查看了Java文档，但是找不到我的问题的解决方案。

在这一点上，我不确定我是否正确理解了加密机制的不同部分是如何工作的，所以我会接受有关该主题的任何帮助。

I am working on a Java project where I must ensure the confidentiality and integrity of users password saved in a plaintext file.

To do so, I will write only a hash of the password in the file. More specifically, my intention is to write the hash of the password and a random salt, plus the random salt itself, to avoid the use of rainbow and lookup tables. I also want to use key-stretching with PBKDF2, to make the computation of the hash computationally expensive. Finally, I would like to use a keyed hash algorithm, HMAC, for a final layer of protection.

I am trying to implement my thoughts in a Java code, and I have found some examples of the operations that I have presented above:

The thing that I really cannot understand is how to input my secret key as the key used by the HMAC algorithm, as it doesn't seem an input to the function. I have looked through the Java documentation, but I cannot find a solution to my question.

At this point, I am not really sure if I understood correctly how the different part of the encryption mechanism work, so I would accept any help on the topic.