If you want to manually specify the provider, just call KeyGenerator.getInstance('AES', 'providerName'). For a truly secure key, you need to be using a hardware security module (HSM) to generate and protect the key. HSM manufacturers will typically supply a JCE provider that will do all the key generation for you, using the code above. AES-256 Encryption with Java and JCEKS. The AES key is nothing more than a. The beginning of this post has shown how easy it is to create new AES-256 keys that reference an alias inside of a. So I wish to encrypt a string using AES-256 and want to provide the user to specify the password for unlocking the string. I plan to use sha-256 to hash to users entered password and use this as the key. Is this secure? And is their a better way of doing this? Edit: it would be nice if people left a comment about why they down-voted it. Jul 06, 2016 Given a message, We would like to encrypt & decrypt plain/cipher text using AES CBC algorithm in java. We will perform following operations: Generate symmetric key using AES-128.; Generate initialization vector used for CBC (Cipher Block Chaining).; Encrypt message using symmetric key and initialization vector.; Decrypt the encrypted message using symmetric key and initialization.
This class provides the functionality of a secret (symmetric) key generator. Key generators are constructed using one of the
getInstance
class methods of this class. KeyGenerator objects are reusable, i.e., after a key has been generated, the same KeyGenerator object can be re-used to generate further keys.
There are two ways to generate a key: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object:
- Algorithm-Independent InitializationAll key generators share the concepts of a keysize and a source of randomness. There is an
init
method in this KeyGenerator class that takes these two universally shared types of arguments. There is also one that takes just akeysize
argument, and uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness (or a system-provided source of randomness if none of the installed providers supply a SecureRandom implementation), and one that takes just a source of randomness.Since no other parameters are specified when you call the above algorithm-independentinit
methods, it is up to the provider what to do about the algorithm-specific parameters (if any) to be associated with each of the keys. - Algorithm-Specific InitializationFor situations where a set of algorithm-specific parameters already exists, there are two
init
methods that have anAlgorithmParameterSpec
argument. One also has aSecureRandom
argument, while the other uses the SecureRandom implementation of the highest-priority installed provider as the source of randomness (or a system-provided source of randomness if none of the installed providers supply a SecureRandom implementation).
![Generate Generate](/uploads/1/2/6/0/126059811/532645539.png)
In case the client does not explicitly initialize the KeyGenerator (via a call to an
init
method), each provider must supply (and document) a default initialization. Every implementation of the Java platform is required to support the following standard
KeyGenerator
algorithms with the keysizes in parentheses: - AES (128)
- DES (56)
- DESede (168)
- HmacSHA1
- HmacSHA256