The KeyPairGenerator Class
KeyPairGenerator class is an engine class used to generate
pairs of public and private keys.
There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object.
Please see the Examples section for examples of calls to the methods documented here.
- Creating a
- All key pair generation starts with a
KeyPairGenerator. This generation is done using one of the factory methods on
static KeyPairGenerator getInstance(String algorithm) static KeyPairGenerator getInstance(String algorithm, String provider) static KeyPairGenerator getInstance(String algorithm, Provider provider)Note: The algorithm name is not case-sensitive.
- Initializing a
A key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.
A key pair generator needs to be initialized before it can generate keys. In most cases, algorithm-independent initialization is sufficient. But in other cases, algorithm-specific initialization is used.
- Algorithm-Independent Initialization
All key pair generators share the concepts of a key size and a source of randomness. The key size is interpreted differently for different algorithms. For example, in the case of the DSA algorithm, the key size corresponds to the length of the modulus. (See Appendix B: Algorithms for information about the key sizes for specific algorithms.)An
initializemethod takes two universally shared types of arguments:
void initialize(int keysize, SecureRandom random)Another
initializemethod takes only a
keysizeargument; it uses a system-provided source of randomness:
void initialize(int keysize)
Because no other parameters are specified when you call these algorithm-independent
initializemethods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.
If the algorithm is a DSA algorithm, and the modulus size (key size) is 512, 768, or 1024, then the IBMJCE provider uses a set of precomputed values for the
gparameters. If the modulus size is not one of these values, the IBMJCE provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned. Yet others might not have a list of precomputed parameters at all and instead always create new parameter sets.
- Algorithm-Specific Initialization
- For situations where a set of algorithm-specific parameters already exists (such as community parameters in DSA), there are two
initializemethods that have an
AlgorithmParameterSpecargument. One also has a
SecureRandomargument, while the source of randomness is system-provided for the other:
void initialize(AlgorithmParameterSpec params, SecureRandom random) void initialize(AlgorithmParameterSpec params)
See the Examples section for more details.
- Generating a Key Pair
- The procedure for generating a key pair is always the same, regardless of initialization (and of the algorithm). You always call the following method from
Multiple calls to
generateKeyPairwill yield different key pairs.