public final Provider getProvider Return the provider that was used to obtain this key generator. In the next section, well show the very simple code needed to use this class to generate a secret key.

9.2.3.2 Implementing a KeyGenerator class

Implementing a key generator means creating a class that extends the KeyGeneratorSpi class javax.crypto.KeyGeneratorSpi : public abstract class KeyGeneratorSpi Form the service provider interface class for the KeyGenerator class. There are three protected methods of this class that we must implement if we want to provide an SPI for a key generator: protected abstract SecretKey engineGenerateKey Generate the secret key. This method should use the installed random number generator and if applicable the installed algorithm parameter specification to generate the secret key. If the engine has not been initialized, it is expected that this method will initialize the engine with a default instance of the SecureRandom class. protected abstract void engineInitSecureRandom sr protected abstract void engineInitAlgorithmParameterSpec aps, SecureRandom sr public final void engineInitint strength, SecureRandom sr Initialize the key generation engine with the given random number generator and, if applicable, algorithm parameter specification. If the class does not support initialization via an algorithm parameter specification, or if the specification is invalid, an InvalidAlgorithmParameterException is thrown. Hence, a complete implementation might look like this. First, we must define a secret key type. Ours will hold the single integer used in XOR encryption: package javasec.samples.ch09; import javax.crypto.; public class XORKey implements SecretKey { int rotValue; XORKeyint value { rotValue = value; } public String getAlgorithm { return XOR; } public String getFormat { return XOR Special Format; } public byte[] getEncoded { byte b[] = new byte[4]; b[3] = byte rotValue 24 0xff; b[2] = byte rotValue 16 0xff; b[1] = byte rotValue 8 0xff; b[0] = byte rotValue 0 0xff; return b; } } Now we can define the key generator that creates these keys: package javasec.samples.ch09; import java.security.; import java.security.spec.; import javax.crypto.; import javasec.samples.ch08.XYZProvider; public class XORKeyGenerator extends KeyGeneratorSpi { SecureRandom sr; public XORKeyGenerator { XYZProvider.verifyForJCE ; } public void engineInitSecureRandom sr { this.sr = sr; } public void engineInitint len, SecureRandom sr { if len = 32 throw new IllegalArgumentException Only support 32 bit keys; this.sr = sr; } public void engineInitAlgorithmParameterSpec aps, SecureRandom sr throws InvalidAlgorithmParameterException { throw new InvalidAlgorithmParameterExceptionNot supported; } public SecretKey engineGenerateKey { if sr == null sr = new SecureRandom ; byte b[] = new byte[1]; sr.nextBytesb; return new XORKeyb[0]; } } Keys, of course, are usually longer than a single integer. However, unlike a public keyprivate key pair, there is not necessarily a mathematical requirement for generating a symmetric key. Such a requirement depends on the encryption algorithm the key will be used for, and some symmetric encryption algorithms require a key that is just an arbitrary sequence of bytes. Remember that the key generator engine is a JCE engine. Because of this, we must verify it with our security provider, which is why the constructor invokes the verifyForJCE method of our provider.