tags:

views:

1009

answers:

2
+1  Q: 

Generating 128-bit keys with keytool

Is there a way to generate a 128-bit key pair suitable for encryption using Sun's keytool program? It seems that the algorithms available in http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator are either not supported or do not allow keys shorter than 512 bits.

The key pair will be used with the ff. code snippet:

Security.addProvider(new BouncyCastleProvider());

KeyStore keyStore = KeyStore.getInstance("PKCS12");

FileInputStream keyStoreSource = new FileInputStream("keystore");

try {
    keyStore.load(keyStoreSource, "password".toCharArray());
} finally {
    keyStoreSource.close();
}

String alias = (String) keyStore.aliases().nextElement();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, "password".toCharArray());
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);

CMSEnvelopedDataStreamGenerator generator = new CMSEnvelopedDataStreamGenerator();

generator.addKeyTransRecipient(certificate);

OutputStream output2 = generator.open(output, CMSEnvelopedDataGenerator.AES128_CBC, BouncyCastleProvider.PROVIDER_NAME);

try {
    IOUtils.copy(input, output2);
} finally {
    output2.close();
    output.close();
}

where output is some OutputStream where the encrypted data will be saved and input is some InputStream where the plaintext data will be read.

A: 

It would make sense that shorter than 512-bit key pairs cannot be generated. Public Key cryptography needs a longer key than symmetric key cryptography to sustain the same level of security. A 128-bit key pair is not recommended for public key cryptography.

Sani Huttunen  2009-05-19 09:17:24
I was looking to generate a test cert to use with AES-128. Am I going about it the wrong way then?
Chry Cheng  2009-05-19 10:10:10
Could you explain in a bit more detail what you wish to accomplish?
Sani Huttunen  2009-05-19 11:39:26
Updated question with code snippet where key pair generated will be used.
Chry Cheng  2009-05-20 07:07:45
+1  A: 

Certificates are used for public key cryptography and do not contain encryption keys for the symmetric block cipher AES-128. Instead, public key cryptography is used only to encrypt or negotiate the 128-bit AES key and the rest of the conversation uses AES.

The 128-bit AES key is not a certificate, it's just 128 bits from a cryptographically strong random number generator or derived from a passphrase using a hashing algorithm such as PBKDF2. How you get these bits will depend on your application. SSL/TLS must negotiate a random key, but a hard disk encryption program would derive the key from a passphrase.

joeforker  2009-05-19 18:17:45
Updated question with code snippet where key pair generated will be used. Hopefully, I have cleared up any confusion. But, yeah, I'm a crypto beginner. :P
Chry Cheng  2009-05-20 07:08:41

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java