public class KeyGenerator Generate instances of secret keys for use by a symmetric encryption algorithm. The KeyGenerator class is an engine within JCE. As such, it has all the hallmarks of a cryptographic engine. It has a complementary SPI and a set of public methods that are used to operate upon it, and its implementation must be registered with the security provider.

9.2.3.1 Using the KeyGenerator class

Like other engine classes, the KeyGenerator class doesnt have any public constructors. An instance of a KeyGenerator is obtained by calling one of these methods: public static final KeyGenerator getInstanceString algorithm public static final KeyGenerator getInstanceString algorithm, String provider Return an object capable of generating secret keys that correspond to the given algorithm. These methods use the standard rules of searching the list of security providers in order to find an object that implements the desired algorithm. If the generator for the appropriate algorithm cannot be found, a NoSuchAlgorithmException is thrown; if the named provider cannot be found, a NoSuchProviderException is thrown. JCE provides key generators that implement the following algorithms: Blowfish, DES, DESede, HmacMD5, and HmacSHA1. The first three algorithms are used in data encryption; the last two are used to calculate a message authentication code MAC. Once an object has been obtained with these methods, the generator must be initialized by calling one of these methods: public final void initSecureRandom sr public final void initAlgorithmParameterSpec aps public final void initAlgorithmParameterSpec aps, SecureRandom sr public final void initint strength public final void initint strength, SecureRandom sr Initialize the key generator. Like a key pair generator, the key generator needs a source of random numbers to generate its keys in the second method, a default instance of the SecureRandom class will be used. In addition, some key generators can accept an algorithm parameter specification to initialize their keys just as the key pair generator; however, for the DES−style keys generated by the SunJCE security provider, no algorithm parameter specification may be used. A key generator does not have to be initialized explicitly, in which case it is initialized internally with a default instance of the SecureRandom class. However, it is up to the implementor of the engine class to make sure that this happens correctly; it is better to be sure your code will work by always initializing your key generator. A secret key can be generated by calling this method: public final SecretKey generateKey Generate a secret key. A generator can produce multiple keys by repeatedly calling this method. There are two additional methods in this class, both of which are informational: public final String getAlgorithm Return the string representing the name of the algorithm this generator supports. public final Provider getProvider Return the provider that was used to obtain this key generator. In the next section, well show the very simple code needed to use this class to generate a secret key.

9.2.3.2 Implementing a KeyGenerator class

Implementing a key generator means creating a class that extends the KeyGeneratorSpi class javax.crypto.KeyGeneratorSpi : public abstract class KeyGeneratorSpi Form the service provider interface class for the KeyGenerator class. There are three protected methods of this class that we must implement if we want to provide an SPI for a key generator: protected abstract SecretKey engineGenerateKey Generate the secret key. This method should use the installed random number generator and if applicable the installed algorithm parameter specification to generate the secret key. If the engine has not been initialized, it is expected that this method will initialize the engine with a default instance of the SecureRandom class. protected abstract void engineInitSecureRandom sr protected abstract void engineInitAlgorithmParameterSpec aps, SecureRandom sr public final void engineInitint strength, SecureRandom sr Initialize the key generation engine with the given random number generator and, if applicable, algorithm parameter specification. If the class does not support initialization via an algorithm parameter specification, or if the specification is invalid, an InvalidAlgorithmParameterException is thrown. Hence, a complete implementation might look like this. First, we must define a secret key type. Ours will hold the single integer used in XOR encryption: package javasec.samples.ch09; import javax.crypto.; public class XORKey implements SecretKey { int rotValue; XORKeyint value { rotValue = value; } public String getAlgorithm { return XOR; } public String getFormat { return XOR Special Format; } public byte[] getEncoded {