b[3] = byte rotValue 24 0xff; b[2] = byte rotValue 16 0xff; b[1] = byte rotValue 8 0xff; b[0] = byte rotValue 0 0xff; return b; } } The only data value our key class cares about is the value to be used as the index; for simplicity, weve made it a simple instance variable accessible only by classes in our package. Because this example is simple, we can use the same class as the interface for the public and the private key; normally, of course, public and private keys are not symmetric like this. With this in place, were ready to define our key pair generation class: package javasec.samples.ch09; import java.security.; import javasec.samples.ch08.; public class XYZKeyPairGenerator extends KeyPairGenerator { SecureRandom random; public XYZKeyPairGenerator { superXYZ; } public void initializeint strength, SecureRandom sr { random = sr; } public KeyPair generateKeyPair { int rotValue = random.nextInt 25; XYZKey pub = new XYZKey ; XYZKey priv = new XYZKey ; pub.rotValue = rotValue; priv.rotValue = −rotValue; KeyPair kp = new KeyPairpub, priv; return kp; } public static void mainString[] args throws Exception { Security.addProvidernew XYZProvider ; KeyPairGenerator kpg = KeyPairGenerator.getInstanceXYZ; kpg.initialize0, new SecureRandom ; KeyPair kp = kpg.generateKeyPair ; System.out.printlnGot key pair + kp; } } As a last step, we must install this class using the security provider that we examined in Chapter 8. Now obtaining a new key pair for the XYZ algorithm is as simple as substituting the string XYZ for the algorithm name when we request the key pair, as is shown in the main method.

9.2.3 The KeyGenerator Class

The KeyGenerator class javax.crypto.KeyGenerator is used to generate secret keys. This class is very similar to the KeyPairGenerator class except that it generates instances of secret keys instead of pairs of public and private keys: Chapter 9. Keys and Certificates public class KeyGenerator Generate instances of secret keys for use by a symmetric encryption algorithm. The KeyGenerator class is an engine within JCE. As such, it has all the hallmarks of a cryptographic engine. It has a complementary SPI and a set of public methods that are used to operate upon it, and its implementation must be registered with the security provider.

9.2.3.1 Using the KeyGenerator class

Like other engine classes, the KeyGenerator class doesnt have any public constructors. An instance of a KeyGenerator is obtained by calling one of these methods: public static final KeyGenerator getInstanceString algorithm public static final KeyGenerator getInstanceString algorithm, String provider Return an object capable of generating secret keys that correspond to the given algorithm. These methods use the standard rules of searching the list of security providers in order to find an object that implements the desired algorithm. If the generator for the appropriate algorithm cannot be found, a NoSuchAlgorithmException is thrown; if the named provider cannot be found, a NoSuchProviderException is thrown. JCE provides key generators that implement the following algorithms: Blowfish, DES, DESede, HmacMD5, and HmacSHA1. The first three algorithms are used in data encryption; the last two are used to calculate a message authentication code MAC. Once an object has been obtained with these methods, the generator must be initialized by calling one of these methods: public final void initSecureRandom sr public final void initAlgorithmParameterSpec aps public final void initAlgorithmParameterSpec aps, SecureRandom sr public final void initint strength public final void initint strength, SecureRandom sr Initialize the key generator. Like a key pair generator, the key generator needs a source of random numbers to generate its keys in the second method, a default instance of the SecureRandom class will be used. In addition, some key generators can accept an algorithm parameter specification to initialize their keys just as the key pair generator; however, for the DES−style keys generated by the SunJCE security provider, no algorithm parameter specification may be used. A key generator does not have to be initialized explicitly, in which case it is initialized internally with a default instance of the SecureRandom class. However, it is up to the implementor of the engine class to make sure that this happens correctly; it is better to be sure your code will work by always initializing your key generator. A secret key can be generated by calling this method: public final SecretKey generateKey Generate a secret key. A generator can produce multiple keys by repeatedly calling this method. There are two additional methods in this class, both of which are informational: public final String getAlgorithm Return the string representing the name of the algorithm this generator supports.