The KeyPairGenerator Class

The KeyPairGenerator class is an engine class used to generate pairs of public and private keys.

There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object.

Please see the Examples section for examples of calls to the methods documented here.

Creating a KeyPairGenerator
All key pair generation starts with a KeyPairGenerator. This generation is done using one of the factory methods on KeyPairGenerator:
static KeyPairGenerator getInstance(String algorithm)
static KeyPairGenerator getInstance(String algorithm, String provider)
static KeyPairGenerator getInstance(String algorithm, Provider provider)
Note: The algorithm name is not case-sensitive.
Initializing a KeyPairGenerator

A key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.

A key pair generator needs to be initialized before it can generate keys. In most cases, algorithm-independent initialization is sufficient. But in other cases, algorithm-specific initialization is used.

Algorithm-Independent Initialization

All key pair generators share the concepts of a key size and a source of randomness. The key size is interpreted differently for different algorithms. For example, in the case of the DSA algorithm, the key size corresponds to the length of the modulus. (See Appendix B: Algorithms for information about the key sizes for specific algorithms.)

An initialize method takes two universally shared types of arguments:
void initialize(int keysize, SecureRandom random)
Another initialize method takes only a keysize argument; it uses a system-provided source of randomness:
void initialize(int keysize)

Because no other parameters are specified when you call these algorithm-independent initialize methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.

If the algorithm is a DSA algorithm, and the modulus size (key size) is 512, 768, or 1024, then the IBMJCE provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of these values, the IBMJCE provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned. Yet others might not have a list of precomputed parameters at all and instead always create new parameter sets.

Algorithm-Specific Initialization
For situations where a set of algorithm-specific parameters already exists (such as community parameters in DSA), there are two initialize methods that have an AlgorithmParameterSpec argument. One also has a SecureRandom argument, while the source of randomness is system-provided for the other:
void initialize(AlgorithmParameterSpec params, SecureRandom random)
void initialize(AlgorithmParameterSpec params)

See the Examples section for more details.

Generating a Key Pair
The procedure for generating a key pair is always the same, regardless of initialization (and of the algorithm). You always call the following method from KeyPairGenerator:
KeyPair generateKeyPair()

Multiple calls to generateKeyPair will yield different key pairs.