The KeyPairGenerator Class
The KeyPairGenerator
class is an engine class used to generate
pairs of public and private keys.
There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object.
Please see the Examples section for examples of calls to the methods documented here.
- Creating a
KeyPairGenerator
- All key pair generation starts with a
KeyPairGenerator
. This generation is done using one of the factory methods onKeyPairGenerator
:static KeyPairGenerator getInstance(String algorithm) static KeyPairGenerator getInstance(String algorithm, String provider) static KeyPairGenerator getInstance(String algorithm, Provider provider)
Note: The algorithm name is not case-sensitive. - Initializing a
KeyPairGenerator
-
A key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.
A key pair generator needs to be initialized before it can generate keys. In most cases, algorithm-independent initialization is sufficient. But in other cases, algorithm-specific initialization is used.
- Algorithm-Independent Initialization
-
All key pair generators share the concepts of a key size and a source of randomness. The key size is interpreted differently for different algorithms. For example, in the case of the DSA algorithm, the key size corresponds to the length of the modulus. (See Appendix B: Algorithms for information about the key sizes for specific algorithms.)
Aninitialize
method takes two universally shared types of arguments:void initialize(int keysize, SecureRandom random)
Anotherinitialize
method takes only akeysize
argument; it uses a system-provided source of randomness:void initialize(int keysize)
Because no other parameters are specified when you call these algorithm-independent
initialize
methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.If the algorithm is a DSA algorithm, and the modulus size (key size) is 512, 768, or 1024, then the IBMJCE provider uses a set of precomputed values for the
p
,q
, andg
parameters. If the modulus size is not one of these values, the IBMJCE provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned. Yet others might not have a list of precomputed parameters at all and instead always create new parameter sets. - Algorithm-Specific Initialization
- For situations where a set of algorithm-specific parameters already exists (such as community parameters in DSA), there are two
initialize
methods that have anAlgorithmParameterSpec
argument. One also has aSecureRandom
argument, while the source of randomness is system-provided for the other:void initialize(AlgorithmParameterSpec params, SecureRandom random) void initialize(AlgorithmParameterSpec params)
See the Examples section for more details.
- Generating a Key Pair
- The procedure for generating a key pair is always the same, regardless of initialization (and of the algorithm). You always call the following method from
KeyPairGenerator
:KeyPair generateKeyPair()
Multiple calls to
generateKeyPair
will yield different key pairs.