The KeyGenerator Class

A key generator is used to generate secret keys for symmetric algorithms.

Creating a Key Generator

Like other engine classes in the API, KeyGenerator objects are created using the getInstance factory methods of the KeyGenerator class. A factory method is a static method that returns an instance of a class, in this case, an instance of KeyGenerator which provides an implementation of the requested key generator.

getInstance takes as its argument the name of a symmetric algorithm for which a secret key is to be generated. Optionally, a package provider name may be specified:

 public static KeyGenerator getInstance(String algorithm);

 public static KeyGenerator getInstance(String algorithm,
 String provider);

If only an algorithm name is specified, the system will determine if there is an implementation of the requested key generator available in the environment, and if there is more than one, whether there is a preferred one.

If both an algorithm name and a package provider are specified, the system will determine if there is an implementation of the requested key generator in the package requested, and will throw an exception if there is not.

Initializing a KeyGenerator Object

A key generator for a particular symmetric-key algorithm creates a symmetric key that can be used with that algorithm. It also associates algorithm-specific parameters (if any) with the generated key.

There are two ways to generate a key: in an algorithm-independent manner and in an algorithm-specific manner. The only difference between the two is the initialization of the object:
Algorithm-Independent Initialization

All key generators share the concepts of a keysize and a source of randomness. There is an init method that takes these two universally shared types of arguments. There is also one that takes just a keysize argument, and uses a system-provided source of randomness, and one that takes just a source of randomness:

 public void init(SecureRandom random);

 public void init(int keysize);

 public void init(int keysize, SecureRandom random);

Because no other parameters are specified when you call the algorithm-independent init methods listed previously, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with the generated key.

Algorithm-Specific Initialization

For situations where a set of algorithm-specific parameters already exists, there are two init methods that have an AlgorithmParameterSpec argument. One also has a SecureRandom argument, while the source of randomness is system-provided for the other:

 public void init(AlgorithmParameterSpec params);

 public void init(AlgorithmParameterSpec params,
 SecureRandom random);

In case the client does not explicitly initialize the KeyGenerator (through a call to an init method), each provider must supply (and document) a default initialization.

Creating a Key

The following method generates a secret key: 
 public SecretKey generateKey();