JDK Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.32, 2006

JCE - Cipher - Encryption and Decryption

Part:   1  2  3  

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

JceSecretKeyTest.java - Sample Program

The following sample program shows you how to generate a secret key, write it a file, and read it back. 

/**
 * JceSecretKeyTest.java
 * Copyright (c) 2002 by Dr. Herong Yang
 */
import java.io.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
class JceSecretKeyTest {
   public static void main(String[] a) {
      if (a.length<3) {
         System.out.println("Usage:");
         System.out.println("java JceSecretKeyTest keySize output"
            +" algorithm");
         return;
      }
      int keySize = Integer.parseInt(a[0]);
      String output = a[1];
      String algorithm = a[2]; // Blowfish, DES, DESede, HmacMD5
      try {
         writeKey(keySize,output,algorithm);
         readKey(output,algorithm);
      } catch (Exception e) {
         System.out.println("Exception: "+e);
         return;
      }
   }
   private static void writeKey(int keySize, String output, 
         String algorithm) throws Exception {
      KeyGenerator kg = KeyGenerator.getInstance(algorithm);
      kg.init(keySize);
      System.out.println();
      System.out.println("KeyGenerator Object Info: ");
      System.out.println("Algorithm = "+kg.getAlgorithm());
      System.out.println("Provider = "+kg.getProvider());
      System.out.println("Key Size = "+keySize);
      System.out.println("toString = "+kg.toString());

      SecretKey ky = kg.generateKey();
      String fl = output+".key";
      FileOutputStream fos = new FileOutputStream(fl);
      byte[] kb = ky.getEncoded();
      fos.write(kb);
      fos.close();
      System.out.println();
      System.out.println("SecretKey Object Info: ");
      System.out.println("Algorithm = "+ky.getAlgorithm());
      System.out.println("Saved File = "+fl);
      System.out.println("Size = "+kb.length);
      System.out.println("Format = "+ky.getFormat());
      System.out.println("toString = "+ky.toString());
   }
   private static void readKey(String input, String algorithm) 
      throws Exception {
      String fl = input+".key";
      FileInputStream fis = new FileInputStream(fl);
      int kl = fis.available();
      byte[] kb = new byte[kl];
      fis.read(kb);
      fis.close();
      KeySpec ks = null;
      SecretKey ky = null;
      SecretKeyFactory kf = null;
      if (algorithm.equalsIgnoreCase("DES")) {
      	 ks = new DESKeySpec(kb);
         kf = SecretKeyFactory.getInstance("DES");
         ky = kf.generateSecret(ks);
      } else if (algorithm.equalsIgnoreCase("DESede")) {
      	 ks = new DESedeKeySpec(kb);
         kf = SecretKeyFactory.getInstance("DESede");
         ky = kf.generateSecret(ks);
      } else {
         ks = new SecretKeySpec(kb,algorithm);
         ky = new SecretKeySpec(kb,algorithm);
      }

      System.out.println();
      System.out.println("KeySpec Object Info: ");
      System.out.println("Saved File = "+fl);
      System.out.println("Length = "+kb.length);
      System.out.println("toString = "+ks.toString());

      System.out.println();
      System.out.println("SecretKey Object Info: ");
      System.out.println("Algorithm = "+ky.getAlgorithm());
      System.out.println("toString = "+ky.toString());
   }
}

Here is the result of my first test. It is done with JDK 1.4.1. 

java -cp . JceSecretKeyTest 56 key1 Blowfish

KeyGenerator Object Info:
Algorithm = Blowfish
Provider = SunJCE version 1.42
Key Size = 56
toString = javax.crypto.KeyGenerator@a8c488

SecretKey Object Info:
Algorithm = Blowfish
Saved File = key1.key
Size = 7
Format = RAW
toString = javax.crypto.spec.SecretKeySpec@2685020e

KeySpec Object Info:
Saved File = key1.key
Length = 7
toString = javax.crypto.spec.SecretKeySpec@2685020e

SecretKey Object Info:
Algorithm = Blowfish
toString = javax.crypto.spec.SecretKeySpec@2685020e

The program seems to be working:

  • Since I am not specifying the provider name, the implementation of the Blowfish algorithm provided in the default security package was selected. Of course, Sun is the provider of the default security package.
  • The Blowfish key is only 7 bytes when "encoded" in RAW format.
  • When importing the blowfish key back from the 7 raw bytes, SecretKeyScep class is used instead of SecretKeyFactory class.

In the second test, I wants to try DES algorithm: 

java -cp . JceSecretKeyTest 56 key2 DES

KeyGenerator Object Info:
Algorithm = DES
Provider = SunJCE version 1.42
Key Size = 56
toString = javax.crypto.KeyGenerator@998b08

SecretKey Object Info:
Algorithm = DES
Saved File = key2.key
Size = 8
Format = RAW
toString = com.sun.crypto.provider.DESKey@fffe7985

KeySpec Object Info:
Saved File = key2.key
Length = 8
toString = javax.crypto.spec.DESKeySpec@106082

SecretKey Object Info:
Algorithm = DES
toString = com.sun.crypto.provider.DESKey@fffe7985

Of course, you can continue testing with DESede and HmacMD5.

Part:   1  2  3  

Dr. Herong Yang, updated in 2006
JDK Tutorials - Herong's Tutorial Notes - JCE - Cipher - Encryption and Decryption