DESKeyGenerator ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- javax.crypto.KeyGeneratorSpi
- - iaik.security.cipher.DESKeyGenerator

```
public class DESKeyGenerator
extends javax.crypto.KeyGeneratorSpi
```
This class provides the functionality of a DES key generator. A key generator is used for creating secret keys for symmetric algorithms.
An application uses
```
KeyGenerator des_key_gen =
 KeyGenerator.getInstance("DES");
```
for creating a KeyGenerator object for the DES algorithm. For actually generating the requested secret DES key from the KeyGenerator object just created, an application calls the generateKey method after having initialized the generator with some random seed or relied on the default system-provided source of randomness:
```
 SecretKey des_key = des_key_gen.generateKey();
 
```
Due to the way, the DES algorithm generates sub-keys for the several DES rounds, some initial keys may be classified as weak or semi-weak keys reducing the security of the DES cipher (see "Applied Cryptography", Bruce Schneier, ISBN 0-471-59756-2). This KeyGenerator class ensures to generate a strong DES key by repeating the key generation process as long as comparison with all the known weak and semi-weak DES keys will show that the just created key is not a strong one.
For ensuring to create a strong DES key, the key generation process is repeated as long as comparison with all the known weak and semi-weak DES keys will show that the just created key is not a strong DES key.

This class SHOULD NOT be used directly; it should only be used through the JCA/JCE.

Warning:

On July 27 2004, NIST announced that the strength of the DES algorithm is no longer sufficient to adequately protect Federal government information. As a result, NIST has proposed withdrawing FIPS 46-3, which specifies DES, and two related standards. Please refer to the excerpt from the Federal Register / Vol. 69, No. 142 / Monday, July 26, 2004 / Notice: Announcing Proposed Withdrawal of Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) and Request for Comments.

Future use of DES by Federal agencies is to be permitted only as a component function of the Triple Data Encryption Algorithm ( TDEA)(NIST Special Publication 800-67). TDEA may be used for the protection of Federal information (except keying option 3 (1-key Triple-DES)); however, NIST encourages agencies to implement the faster and stronger algorithm specified by FIPS 197, Advanced Encryption Standard ( AES) instead.

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details
See Also:
KeyGenerator, KeyGeneratorSpi, SecretKey, SecretKey, DES

Constructor Summary

Constructors
Constructor and Description

DESKeyGenerator()
The constructor; creates a new instance of the DES key generation algorithm.

Constructors
Constructor and Description
`DESKeyGenerator()` The constructor; creates a new instance of the DES key generation algorithm.

Method Summary

Methods
Modifier and Type	Method and Description
`static void`	`adjustParity(byte[] key, int offset)` Adjusts the parity-bits of a DES key, supplied in a byte array beginning at the given offset.
`static boolean`	`checkParity(byte[] key, int offset, boolean odd)` Checks if the given DES key, supplied in a byte array beginning at the given offset, is parity adjusted.
`protected javax.crypto.SecretKey`	`engineGenerateKey()` Generates a secret key.
`protected void`	`engineInit(java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)` Initializes the key generator with the specified parameter set and a user-provided source of randomness.
`protected void`	`engineInit(int strength, java.security.SecureRandom random)` Initializes this key generator for a certain keysize, using the given source of randomness.
`protected void`	`engineInit(java.security.SecureRandom random)` Initializes the key generator.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DESKeyGenerator
```
public DESKeyGenerator()
```
    The constructor; creates a new instance of the DES key generation algorithm.
    Applications should not use this constructor, instead the key generation algorithm should be requested from the appropriate JCA/JCE cryptographic service provider as follows: KeyGenerator.getInstance("DES", "IAIK").
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    status output interface (exceptions)
- Method Detail
  - engineGenerateKey
```
protected javax.crypto.SecretKey engineGenerateKey()
```
    Generates a secret key.
    FIPS 140-2:
    
    FIPS Service: Key Generation
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 crypto officer role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data output interface (return value)
    
    status output interface (exceptions)
    Returns:
    [FIPS 140-2 data output] [FIPS 140-2 CSP] the new key
  - adjustParity
```
public static void adjustParity(byte[] key,
                int offset)
```
    Adjusts the parity-bits of a DES key, supplied in a byte array beginning at the given offset.
    FIPS 140-2:
    
    FIPS Service: Modify Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Parameters:
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the byte array holding the DES key
    offset - [FIPS 140-2 data input] the offset indicating where the key starts within the given byte array
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - checkParity
```
public static boolean checkParity(byte[] key,
                  int offset,
                  boolean odd)
```
    Checks if the given DES key, supplied in a byte array beginning at the given offset, is parity adjusted.
    FIPS 140-2:
    
    FIPS Service: Query Object
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions, return value)
    Parameters:
    key - [FIPS 140-2 data input] [FIPS 140-2 CSP] the byte array holding the DES key
    offset - [FIPS 140-2 data input] the offset indicating where the key starts within the given byte array
    odd - [FIPS 140-2 control input] whether to check for odd or even parity
    
    Returns:
    [FIPS 140-2 status output] true if checking for odd parity and the key is odd parity adjusted; true if checking for even parity and the key is even parity adjusted; false in any other case (note that if this method returns false when checking for odd (even) parity, this does not necessarily mean that the key is even (odd) parity adjusted
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineInit
```
protected void engineInit(java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                   throws java.security.InvalidAlgorithmParameterException
```
    Initializes the key generator with the specified parameter set and a user-provided source of randomness.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Specified by:
    
    engineInit in class javax.crypto.KeyGeneratorSpi
    
    Parameters:
    params - [FIPS 140-2 data input] the key generation parameters
    random - [FIPS 140-2 control input] the source of randomness for this key generator
    
    Throws:
    
    java.security.InvalidAlgorithmParameterException - [FIPS 140-2 status output] if params is inappropriate for this key generator
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineInit
```
protected void engineInit(int strength,
              java.security.SecureRandom random)
```
    Initializes this key generator for a certain keysize, using the given source of randomness.
    Lengths outside the range of minimum to maximum length default to the default length.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    data input interface (parameters)
    
    status output interface (exceptions)
    Specified by:
    
    engineInit in class javax.crypto.KeyGeneratorSpi
    
    Parameters:
    keysize - [FIPS 140-2 data input] the keysize. This is an algorithm-specific metric, specified in number of bits.
    random - [FIPS 140-2 control input] the source of randomness for this key generator
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations
  - engineInit
```
protected void engineInit(java.security.SecureRandom random)
```
    Initializes the key generator.
    The strength defaults to the default length.
    FIPS 140-2:
    
    FIPS Service: Initialization
    
    This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:
    
    control input interface (API call, parameters)
    
    status output interface (exceptions)
    Specified by:
    
    engineInit in class javax.crypto.KeyGeneratorSpi
    
    Parameters:
    random - [FIPS 140-2 control input] the source of randomness for this generator
    
    Throws:
    
    Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not allowed to perform cryptographic operations

Class DESKeyGenerator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DESKeyGenerator

Method Detail

engineGenerateKey

adjustParity

checkParity

engineInit

engineInit

engineInit