public class KeyGenerator extends Object
Key generators are constructed using one of the getInstance
class methods of this class.
KeyGenerator objects are reusable, i.e., after a key has been generated, the same KeyGenerator object can be re-used to generate further keys.
There are two ways to generate a key: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object:
- Algorithm-Independent Initialization
All key generators share the concepts of a keysize and a source of randomness. There is an
init
method in this KeyGenerator class that takes these two universally shared types of arguments. There is also one that takes just akeysize
argument, and uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness (or a system-provided source of randomness if none of the installed providers supply a SecureRandom implementation), and one that takes just a source of randomness.Since no other parameters are specified when you call the above algorithm-independent
init
methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys. - Algorithm-Specific Initialization
For situations where a set of algorithm-specific parameters already exists, there are two
init
methods that have anAlgorithmParameterSpec
argument. One also has aSecureRandom
argument, while the other uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness (or a system-provided source of randomness if none of the installed providers supply a SecureRandom implementation).
In case the client does not explicitly initialize the KeyGenerator
(via a call to an init
method), each provider must
supply (and document) a default initialization.
See the Keysize Restriction sections of the
JDK Providers
document for information on the KeyGenerator defaults used by
JDK providers.
However, note that defaults may vary across different providers.
Additionally, the default value for a provider may change in a future
version. Therefore, it is recommended to explicitly initialize the
KeyGenerator instead of relying on provider-specific defaults.
Every implementation of the Java platform is required to support the
following standard KeyGenerator
algorithms with the keysizes in
parentheses:
AES
(128)DESede
(168)HmacSHA1
HmacSHA256
- Since:
- 1.4
- See Also:
SecretKey
-
Constructor Summary
Constructors Modifier Constructor Description protected
KeyGenerator(KeyGeneratorSpi keyGenSpi, Provider provider, String algorithm)
Creates a KeyGenerator object. -
Method Summary
Modifier and Type Method Description SecretKey
generateKey()
Generates a secret key.String
getAlgorithm()
Returns the algorithm name of thisKeyGenerator
object.static KeyGenerator
getInstance(String algorithm)
Returns aKeyGenerator
object that generates secret keys for the specified algorithm.static KeyGenerator
getInstance(String algorithm, String provider)
Returns aKeyGenerator
object that generates secret keys for the specified algorithm.static KeyGenerator
getInstance(String algorithm, Provider provider)
Returns aKeyGenerator
object that generates secret keys for the specified algorithm.Provider
getProvider()
Returns the provider of thisKeyGenerator
object.void
init(int keysize)
Initializes this key generator for a certain keysize.void
init(int keysize, SecureRandom random)
Initializes this key generator for a certain keysize, using a user-provided source of randomness.void
init(SecureRandom random)
Initializes this key generator.void
init(AlgorithmParameterSpec params)
Initializes this key generator with the specified parameter set.void
init(AlgorithmParameterSpec params, SecureRandom random)
Initializes this key generator with the specified parameter set and a user-provided source of randomness.
-
Constructor Details
-
KeyGenerator
Creates a KeyGenerator object.- Parameters:
keyGenSpi
- the delegateprovider
- the provideralgorithm
- the algorithm
-
-
Method Details
-
getAlgorithm
Returns the algorithm name of thisKeyGenerator
object.This is the same name that was specified in one of the
getInstance
calls that created thisKeyGenerator
object.- Returns:
- the algorithm name of this
KeyGenerator
object.
-
getInstance
Returns aKeyGenerator
object that generates secret keys for the specified algorithm.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyGenerator object encapsulating the KeyGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.- Implementation Note:
- The JDK Reference Implementation additionally uses the
jdk.security.provider.preferred
Security
property to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders()
. - Parameters:
algorithm
- the standard name of the requested key algorithm. See the KeyGenerator section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.- Returns:
- the new
KeyGenerator
object - Throws:
NoSuchAlgorithmException
- if noProvider
supports aKeyGeneratorSpi
implementation for the specified algorithmNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getInstance
public static final KeyGenerator getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderExceptionReturns aKeyGenerator
object that generates secret keys for the specified algorithm.A new KeyGenerator object encapsulating the KeyGeneratorSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.- Parameters:
algorithm
- the standard name of the requested key algorithm. See the KeyGenerator section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.provider
- the name of the provider.- Returns:
- the new
KeyGenerator
object - Throws:
IllegalArgumentException
- if theprovider
isnull
or emptyNoSuchAlgorithmException
- if aKeyGeneratorSpi
implementation for the specified algorithm is not available from the specified providerNoSuchProviderException
- if the specified provider is not registered in the security provider listNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getInstance
public static final KeyGenerator getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmExceptionReturns aKeyGenerator
object that generates secret keys for the specified algorithm.A new KeyGenerator object encapsulating the KeyGeneratorSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
- Parameters:
algorithm
- the standard name of the requested key algorithm. See the KeyGenerator section in the Java Security Standard Algorithm Names Specification for information about standard algorithm names.provider
- the provider.- Returns:
- the new
KeyGenerator
object - Throws:
IllegalArgumentException
- if theprovider
isnull
NoSuchAlgorithmException
- if aKeyGeneratorSpi
implementation for the specified algorithm is not available from the specifiedProvider
objectNullPointerException
- ifalgorithm
isnull
- See Also:
Provider
-
getProvider
Returns the provider of thisKeyGenerator
object.- Returns:
- the provider of this
KeyGenerator
object
-
init
Initializes this key generator.- Parameters:
random
- the source of randomness for this generator
-
init
Initializes this key generator with the specified parameter set.If this key generator requires any random bytes, it will get them using the
SecureRandom
implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness will be used.)- Parameters:
params
- the key generation parameters- Throws:
InvalidAlgorithmParameterException
- if the given parameters are inappropriate for this key generator
-
init
public final void init(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterExceptionInitializes this key generator with the specified parameter set and a user-provided source of randomness.- Parameters:
params
- the key generation parametersrandom
- the source of randomness for this key generator- Throws:
InvalidAlgorithmParameterException
- ifparams
is inappropriate for this key generator
-
init
public final void init(int keysize)Initializes this key generator for a certain keysize.If this key generator requires any random bytes, it will get them using the
SecureRandom
implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness will be used.)- Parameters:
keysize
- the keysize. This is an algorithm-specific metric, specified in number of bits.- Throws:
InvalidParameterException
- if the keysize is wrong or not supported.
-
init
Initializes this key generator for a certain keysize, using a user-provided source of randomness.- Parameters:
keysize
- the keysize. This is an algorithm-specific metric, specified in number of bits.random
- the source of randomness for this key generator- Throws:
InvalidParameterException
- if the keysize is wrong or not supported.
-
generateKey
Generates a secret key.- Returns:
- the new key
-