java.security: abstract public class: KeyPairGenerator

java.security
abstract public class: KeyPairGenerator [javadoc | source]

java.lang.Object
   java.security.KeyPairGeneratorSpi
      java.security.KeyPairGenerator

Direct Known Subclasses:
Delegate, DummyKeyPairGenerator

The KeyPairGenerator class is used to generate pairs of public and private keys. Key pair generators are constructed using the getInstance factory methods (static methods that return instances of a given class).

A Key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.

There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object:

Algorithm-Independent Initialization
All key pair generators share the concepts of a keysize and a source of randomness. The keysize is interpreted differently for different algorithms (e.g., in the case of the DSA algorithm, the keysize corresponds to the length of the modulus). There is an initialize method in this KeyPairGenerator class that takes these two universally shared types of arguments. There is also one that takes just a keysize argument, and uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)
Since no other parameters are specified when you call the above algorithm-independent initialize methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.
If the algorithm is the DSA algorithm, and the keysize (modulus size) is 512, 768, or 1024, then the Sun provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of the above values, the Sun provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned above. Still others might not have a list of precomputed parameters at all and instead always create new parameter sets.
Algorithm-Specific Initialization
For situations where a set of algorithm-specific parameters already exists (e.g., so-called community parameters in DSA), there are two initialize methods that have an AlgorithmParameterSpec argument. One also has a SecureRandom argument, while the the other uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)

In case the client does not explicitly initialize the KeyPairGenerator (via a call to an initialize method), each provider must supply (and document) a default initialization. For example, the Sun provider uses a default modulus size (keysize) of 1024 bits.

Note that this class is abstract and extends from KeyPairGeneratorSpi for historical reasons. Application developers should only take notice of the methods defined in this KeyPairGenerator class; all the methods in the superclass are intended for cryptographic service providers who wish to supply their own implementations of key pair generators.

Every implementation of the Java platform is required to support the following standard KeyPairGenerator algorithms and keysizes in parentheses:

DiffieHellman (1024)
DSA (1024)
RSA (1024, 2048)

These algorithms are described in the KeyPairGenerator section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Consult the release documentation for your implementation to see if any other algorithms are supported.

Also see:

java.security.spec.AlgorithmParameterSpec

author: Benjamin - Renaud

Field Summary
Provider	provider

Constructor:

Constructor:
protected KeyPairGenerator(String algorithm) { this.algorithm = algorithm; } Creates a KeyPairGenerator object for the specified algorithm. Parameters: `algorithm` - the standard string name of the algorithm. See the KeyPairGenerator section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

 protected KeyPairGenerator(String algorithm) {
        this.algorithm = algorithm;
}

Creates a KeyPairGenerator object for the specified algorithm.

Parameters:

algorithm - the standard string name of the algorithm. See the KeyPairGenerator section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

Method from java.security.KeyPairGenerator Summary:
disableFailover, genKeyPair, generateKeyPair, getAlgorithm, getInstance, getInstance, getInstance, getProvider, initialize, initialize, initialize, initialize

Methods from java.security.KeyPairGeneratorSpi:
generateKeyPair, initialize, initialize

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from java.security.KeyPairGenerator Detail:
void disableFailover() { // empty, overridden in Delegate }
public final KeyPair genKeyPair() { return generateKeyPair(); } Generates a key pair. If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys. This will generate a new key pair every time it is called. This method is functionally equivalent to generateKeyPair .
public KeyPair generateKeyPair() { // This does nothing (except returning null), because either: // // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own implementation // of generateKeyPair (overriding this one), so the application // would be calling that method directly, or // // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case generateKeyPair is // overridden to invoke the corresponding SPI method. // // (This is a special case, because in JDK 1.1.x the generateKeyPair // method was used both as an API and a SPI method.) return null; } Generates a key pair. If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys. This will generate a new key pair every time it is called. This method is functionally equivalent to genKeyPair .
public String getAlgorithm() { return this.algorithm; } Returns the standard name of the algorithm for this key pair generator. See the KeyPairGenerator section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.
public static KeyPairGenerator getInstance(String algorithm) throws NoSuchAlgorithmException { List< Service > list = GetInstance.getServices("KeyPairGenerator", algorithm); Iterator< Service > t = list.iterator(); if (t.hasNext() == false) { throw new NoSuchAlgorithmException (algorithm + " KeyPairGenerator not available"); } // find a working Spi or KeyPairGenerator subclass NoSuchAlgorithmException failure = null; do { Service s = t.next(); try { Instance instance = GetInstance.getInstance(s, KeyPairGeneratorSpi.class); if (instance.impl instanceof KeyPairGenerator) { return getInstance(instance, algorithm); } else { return new Delegate(instance, t, algorithm); } } catch (NoSuchAlgorithmException e) { if (failure == null) { failure = e; } } } while (t.hasNext()); throw failure; } Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm. This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static KeyPairGenerator getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { Instance instance = GetInstance.getInstance("KeyPairGenerator", KeyPairGeneratorSpi.class, algorithm, provider); return getInstance(instance, algorithm); } Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list. Note that the list of registered providers may be retrieved via the Security.getProviders() method.
public static KeyPairGenerator getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException { Instance instance = GetInstance.getInstance("KeyPairGenerator", KeyPairGeneratorSpi.class, algorithm, provider); return getInstance(instance, algorithm); } Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
public final Provider getProvider() { disableFailover(); return this.provider; } Returns the provider of this key pair generator object.
public void initialize(int keysize) { initialize(keysize, JCAUtil.getSecureRandom()); } Initializes the key pair generator for a certain keysize using a default parameter set and the `SecureRandom` implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of `SecureRandom`, a system-provided source of randomness is used.)
public void initialize(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { initialize(params, JCAUtil.getSecureRandom()); } Initializes the key pair generator using the specified parameter set and the `SecureRandom` implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of `SecureRandom`, a system-provided source of randomness is used.). This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi initialize method, passing it `params` and a source of randomness (obtained from the highest-priority installed provider or system-provided if none of the installed providers supply one). That `initialize` method always throws an UnsupportedOperationException if it is not overridden by the provider.
public void initialize(int keysize, SecureRandom random) { // This does nothing, because either // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own // initialize(keysize, random) method, so the application would // be calling that method directly, or // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case initialize(keysize, random) is // overridden to call the corresponding SPI method. // (This is a special case, because the API and SPI method have the // same name.) } Initializes the key pair generator for a certain keysize with the given source of randomness (and a default parameter set).
public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { // This does nothing, because either // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own // initialize(params, random) method, so the application would // be calling that method directly, or // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case initialize(params, random) is // overridden to call the corresponding SPI method. // (This is a special case, because the API and SPI method have the // same name.) } Initializes the key pair generator with the given parameter set and source of randomness. This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi initialize method, passing it `params` and `random`. That `initialize` method always throws an UnsupportedOperationException if it is not overridden by the provider.

Method from java.security.KeyPairGenerator Detail:

  void disableFailover() {
        // empty, overridden in Delegate
}

 public final KeyPair genKeyPair() {
        return generateKeyPair();
}

If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys.

This will generate a new key pair every time it is called.

This method is functionally equivalent to generateKeyPair .

 public KeyPair generateKeyPair() {
        // This does nothing (except returning null), because either:
        //
        // 1. the implementation object returned by getInstance() is an
        //    instance of KeyPairGenerator which has its own implementation
        //    of generateKeyPair (overriding this one), so the application
        //    would be calling that method directly, or
        //
        // 2. the implementation returned by getInstance() is an instance
        //    of Delegate, in which case generateKeyPair is
        //    overridden to invoke the corresponding SPI method.
        //
        // (This is a special case, because in JDK 1.1.x the generateKeyPair
        // method was used both as an API and a SPI method.)
        return null;
}

If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys.

This will generate a new key pair every time it is called.

This method is functionally equivalent to genKeyPair .

 public String getAlgorithm() {
        return this.algorithm;
}

Java Cryptography Architecture Standard Algorithm Name Documentation

 public static KeyPairGenerator getInstance(String algorithm) throws NoSuchAlgorithmException {
        List< Service > list =
                GetInstance.getServices("KeyPairGenerator", algorithm);
        Iterator< Service > t = list.iterator();
        if (t.hasNext() == false) {
            throw new NoSuchAlgorithmException
                (algorithm + " KeyPairGenerator not available");
        }
        // find a working Spi or KeyPairGenerator subclass
        NoSuchAlgorithmException failure = null;
        do {
            Service s = t.next();
            try {
                Instance instance =
                    GetInstance.getInstance(s, KeyPairGeneratorSpi.class);
                if (instance.impl instanceof KeyPairGenerator) {
                    return getInstance(instance, algorithm);
                } else {
                    return new Delegate(instance, t, algorithm);
                }
            } catch (NoSuchAlgorithmException e) {
                if (failure == null) {
                    failure = e;
                }
            }
        } while (t.hasNext());
        throw failure;
}

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static KeyPairGenerator getInstance(String algorithm,
    String provider) throws NoSuchAlgorithmException, NoSuchProviderException {
        Instance instance = GetInstance.getInstance("KeyPairGenerator",
                KeyPairGeneratorSpi.class, algorithm, provider);
        return getInstance(instance, algorithm);
}

A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static KeyPairGenerator getInstance(String algorithm,
    Provider provider) throws NoSuchAlgorithmException {
        Instance instance = GetInstance.getInstance("KeyPairGenerator",
                KeyPairGeneratorSpi.class, algorithm, provider);
        return getInstance(instance, algorithm);
}

A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

 public final Provider getProvider() {
        disableFailover();
        return this.provider;
}

Returns the provider of this key pair generator object.

 public  void initialize(int keysize) {
        initialize(keysize, JCAUtil.getSecureRandom());
}

SecureRandom

 public  void initialize(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException {
        initialize(params, JCAUtil.getSecureRandom());
}

SecureRandom

This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi initialize method, passing it params and a source of randomness (obtained from the highest-priority installed provider or system-provided if none of the installed providers supply one). That initialize method always throws an UnsupportedOperationException if it is not overridden by the provider.

 public  void initialize(int keysize,
    SecureRandom random) {
        // This does nothing, because either
        // 1. the implementation object returned by getInstance() is an
        //    instance of KeyPairGenerator which has its own
        //    initialize(keysize, random) method, so the application would
        //    be calling that method directly, or
        // 2. the implementation returned by getInstance() is an instance
        //    of Delegate, in which case initialize(keysize, random) is
        //    overridden to call the corresponding SPI method.
        // (This is a special case, because the API and SPI method have the
        // same name.)
}

Initializes the key pair generator for a certain keysize with the given source of randomness (and a default parameter set).

 public  void initialize(AlgorithmParameterSpec params,
    SecureRandom random) throws InvalidAlgorithmParameterException {
        // This does nothing, because either
        // 1. the implementation object returned by getInstance() is an
        //    instance of KeyPairGenerator which has its own
        //    initialize(params, random) method, so the application would
        //    be calling that method directly, or
        // 2. the implementation returned by getInstance() is an instance
        //    of Delegate, in which case initialize(params, random) is
        //    overridden to call the corresponding SPI method.
        // (This is a special case, because the API and SPI method have the
        // same name.)
}

This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi initialize method, passing it params and random. That initialize method always throws an UnsupportedOperationException if it is not overridden by the provider.