File Doc Category Size Date Package
KeyPairGenerator.java API Doc Java SE 6 API 23943 Tue Jun 10 00:25:46 BST 2008 java.security

KeyPairGenerator

java.lang.Object
- java.security.KeyPairGeneratorSpi

public abstract class KeyPairGenerator extends KeyPairGeneratorSpi

The KeyPairGenerator class is used to generate pairs of public and private keys. Key pair generators are constructed using the getInstance factory methods (static methods that return instances of a given class).

A Key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys.

There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object:

Algorithm-Independent Initialization
All key pair generators share the concepts of a keysize and a source of randomness. The keysize is interpreted differently for different algorithms (e.g., in the case of the DSA algorithm, the keysize corresponds to the length of the modulus). There is an {@link #initialize(int, java.security.SecureRandom) initialize} method in this KeyPairGenerator class that takes these two universally shared types of arguments. There is also one that takes just a keysize argument, and uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)
Since no other parameters are specified when you call the above algorithm-independent initialize methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys.
If the algorithm is the DSA algorithm, and the keysize (modulus size) is 512, 768, or 1024, then the Sun provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of the above values, the Sun provider creates a new set of parameters. Other providers might have precomputed parameter sets for more than just the three modulus sizes mentioned above. Still others might not have a list of precomputed parameters at all and instead always create new parameter sets.
Algorithm-Specific Initialization
For situations where a set of algorithm-specific parameters already exists (e.g., so-called community parameters in DSA), there are two {@link #initialize(java.security.spec.AlgorithmParameterSpec) initialize} methods that have an AlgorithmParameterSpec argument. One also has a SecureRandom argument, while the the other uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)

In case the client does not explicitly initialize the KeyPairGenerator (via a call to an initialize method), each provider must supply (and document) a default initialization. For example, the Sun provider uses a default modulus size (keysize) of 1024 bits.

Note that this class is abstract and extends from KeyPairGeneratorSpi for historical reasons. Application developers should only take notice of the methods defined in this KeyPairGenerator class; all the methods in the superclass are intended for cryptographic service providers who wish to supply their own implementations of key pair generators.

author: Benjamin Renaud
version: 1.59, 04/21/06
see: java.security.spec.AlgorithmParameterSpec

Fields Summary
private final String
algorithm
Provider
provider
Constructors Summary
protected KeyPairGenerator(String algorithm)
Creates a KeyPairGenerator object for the specified algorithm.
param
algorithm the standard string name of the algorithm. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
this.algorithm = algorithm;
Methods Summary
void disableFailover()
// empty, overridden in Delegate
public final java.security.KeyPair genKeyPair()
Generates a key pair.
If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys.
This will generate a new key pair every time it is called.
This method is functionally equivalent to {@link #generateKeyPair() generateKeyPair}.
return
the generated key pair
since
1.2
return generateKeyPair();
public java.security.KeyPair generateKeyPair()
Generates a key pair.
If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys.
This will generate a new key pair every time it is called.
This method is functionally equivalent to {@link #genKeyPair() genKeyPair}.
return
the generated key pair
// This does nothing (except returning null), because either: // // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own implementation // of generateKeyPair (overriding this one), so the application // would be calling that method directly, or // // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case generateKeyPair is // overridden to invoke the corresponding SPI method. // // (This is a special case, because in JDK 1.1.x the generateKeyPair // method was used both as an API and a SPI method.) return null;
public java.lang.String getAlgorithm()
Returns the standard name of the algorithm for this key pair generator. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
return
the standard string name of the algorithm.
return this.algorithm;
private static java.security.KeyPairGenerator getInstance(sun.security.jca.GetInstance.Instance instance, java.lang.String algorithm)
KeyPairGenerator kpg; if (instance.impl instanceof KeyPairGenerator) { kpg = (KeyPairGenerator)instance.impl; } else { KeyPairGeneratorSpi spi = (KeyPairGeneratorSpi)instance.impl; kpg = new Delegate(spi, algorithm); } kpg.provider = instance.provider; return kpg;
public static java.security.KeyPairGenerator getInstance(java.lang.String algorithm)
Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm.
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.
param
algorithm the standard string name of the algorithm. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
return
the new KeyPairGenerator object.
exception
NoSuchAlgorithmException if no Provider supports a KeyPairGeneratorSpi implementation for the specified algorithm.
see
Provider
List<Service> list = GetInstance.getServices("KeyPairGenerator", algorithm); Iterator<Service> t = list.iterator(); if (t.hasNext() == false) { throw new NoSuchAlgorithmException (algorithm + " KeyPairGenerator not available"); } // find a working Spi or KeyPairGenerator subclass NoSuchAlgorithmException failure = null; do { Service s = t.next(); try { Instance instance = GetInstance.getInstance(s, KeyPairGeneratorSpi.class); if (instance.impl instanceof KeyPairGenerator) { return getInstance(instance, algorithm); } else { return new Delegate(instance, t, algorithm); } } catch (NoSuchAlgorithmException e) { if (failure == null) { failure = e; } } } while (t.hasNext()); throw failure;
public static java.security.KeyPairGenerator getInstance(java.lang.String algorithm, java.lang.String provider)
Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm.
A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the {@link Security#getProviders() Security.getProviders()} method.
param
algorithm the standard string name of the algorithm. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
param
provider the string name of the provider.
return
the new KeyPairGenerator object.
exception
NoSuchAlgorithmException if a KeyPairGeneratorSpi implementation for the specified algorithm is not available from the specified provider.
exception
NoSuchProviderException if the specified provider is not registered in the security provider list.
exception
IllegalArgumentException if the provider name is null or empty.
see
Provider
Instance instance = GetInstance.getInstance("KeyPairGenerator", KeyPairGeneratorSpi.class, algorithm, provider); return getInstance(instance, algorithm);
public static java.security.KeyPairGenerator getInstance(java.lang.String algorithm, java.security.Provider provider)
Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm.
A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
param
algorithm the standard string name of the algorithm. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
param
provider the provider.
return
the new KeyPairGenerator object.
exception
NoSuchAlgorithmException if a KeyPairGeneratorSpi implementation for the specified algorithm is not available from the specified Provider object.
exception
IllegalArgumentException if the specified provider is null.
see
Provider
since
1.4
Instance instance = GetInstance.getInstance("KeyPairGenerator", KeyPairGeneratorSpi.class, algorithm, provider); return getInstance(instance, algorithm);
public final java.security.Provider getProvider()
Returns the provider of this key pair generator object.
return
the provider of this key pair generator object
disableFailover(); return this.provider;
public void initialize(int keysize, java.security.SecureRandom random)
Initializes the key pair generator for a certain keysize with the given source of randomness (and a default parameter set).
param
keysize the keysize. This is an algorithm-specific metric, such as modulus length, specified in number of bits.
param
random the source of randomness.
exception
InvalidParameterException if the keysize is not supported by this KeyPairGenerator object.
since
1.2
// This does nothing, because either // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own // initialize(keysize, random) method, so the application would // be calling that method directly, or // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case initialize(keysize, random) is // overridden to call the corresponding SPI method. // (This is a special case, because the API and SPI method have the // same name.)
public void initialize(java.security.spec.AlgorithmParameterSpec params)
Initializes the key pair generator using the specified parameter set and the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.).
This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi {@link KeyPairGeneratorSpi#initialize( java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom) initialize} method, passing it params and a source of randomness (obtained from the highest-priority installed provider or system-provided if none of the installed providers supply one). That initialize method always throws an UnsupportedOperationException if it is not overridden by the provider.
param
params the parameter set used to generate the keys.
exception
InvalidAlgorithmParameterException if the given parameters are inappropriate for this key pair generator.
since
1.2
initialize(params, JCAUtil.getSecureRandom());
public void initialize(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
Initializes the key pair generator with the given parameter set and source of randomness.
This concrete method has been added to this previously-defined abstract class. This method calls the KeyPairGeneratorSpi {@link KeyPairGeneratorSpi#initialize( java.security.spec.AlgorithmParameterSpec, java.security.SecureRandom) initialize} method, passing it params and random. That initialize method always throws an UnsupportedOperationException if it is not overridden by the provider.
param
params the parameter set used to generate the keys.
param
random the source of randomness.
exception
InvalidAlgorithmParameterException if the given parameters are inappropriate for this key pair generator.
since
1.2
// This does nothing, because either // 1. the implementation object returned by getInstance() is an // instance of KeyPairGenerator which has its own // initialize(params, random) method, so the application would // be calling that method directly, or // 2. the implementation returned by getInstance() is an instance // of Delegate, in which case initialize(params, random) is // overridden to call the corresponding SPI method. // (This is a special case, because the API and SPI method have the // same name.)
public void initialize(int keysize)
Initializes the key pair generator for a certain keysize using a default parameter set and the SecureRandom implementation of the highest-priority installed provider as the source of randomness. (If none of the installed providers supply an implementation of SecureRandom, a system-provided source of randomness is used.)
param
keysize the keysize. This is an algorithm-specific metric, such as modulus length, specified in number of bits.
exception
InvalidParameterException if the keysize is not supported by this KeyPairGenerator object.
initialize(keysize, JCAUtil.getSecureRandom());