Generating 128-bit keys with keytool
Solution 1
You just need to specify different storetype
keytool -genseckey -alias check2 -keyalg AES -keysize 128 -storepass changeit -storetype JCEKS -keystore ks.jck
Solution 2
Certificates are used for public key cryptography and do not contain encryption keys for the symmetric block cipher AES-128. Instead, public key cryptography is used only to encrypt or negotiate the 128-bit AES key and the rest of the conversation uses AES.
The 128-bit AES key is not a certificate, it's just 128 bits from a cryptographically strong random number generator or derived from a passphrase using a hashing algorithm such as PBKDF2. How you get these bits will depend on your application. SSL/TLS must negotiate a random key, but a hard disk encryption program would derive the key from a passphrase.
Comments
-
user3137901 almost 2 years
Is there a way to generate a 128-bit key pair suitable for encryption using Sun's keytool program? It seems that the algorithms available in http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator are either not supported or do not allow keys shorter than 512 bits.
The key pair will be used with the ff. code snippet:
Security.addProvider(new BouncyCastleProvider()); KeyStore keyStore = KeyStore.getInstance("PKCS12"); FileInputStream keyStoreSource = new FileInputStream("keystore"); try { keyStore.load(keyStoreSource, "password".toCharArray()); } finally { keyStoreSource.close(); } String alias = (String) keyStore.aliases().nextElement(); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, "password".toCharArray()); X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); CMSEnvelopedDataStreamGenerator generator = new CMSEnvelopedDataStreamGenerator(); generator.addKeyTransRecipient(certificate); OutputStream output2 = generator.open(output, CMSEnvelopedDataGenerator.AES128_CBC, BouncyCastleProvider.PROVIDER_NAME); try { IOUtils.copy(input, output2); } finally { output2.close(); output.close(); }
where output is some OutputStream where the encrypted data will be saved and input is some InputStream where the plaintext data will be read.
-
user3137901 almost 15 yearsI was looking to generate a test cert to use with AES-128. Am I going about it the wrong way then?
-
Sani Singh Huttunen almost 15 yearsCould you explain in a bit more detail what you wish to accomplish?
-
user3137901 almost 15 yearsUpdated question with code snippet where key pair generated will be used.
-
user3137901 almost 15 yearsUpdated question with code snippet where key pair generated will be used. Hopefully, I have cleared up any confusion. But, yeah, I'm a crypto beginner. :P