Key Generation

SafeNet ProtectToolkit-J can generate random keys for each of the cipher algorithms it supports. These keys are Cryptoki session keys; they are not stored permanently on the adapter. Session keys are not thread-safe and so may only be used by a single Cipher instance and a single Signature (or MAC) instance at any time. Thus, it is allowable to use a DES key for encryption in a Cipher instance and a single MAC instance but not two Cipher instances. Keys fetched from the SafeNet ProtectToolkit-J KeyStore do not have this restriction.

When generating a random key, the size of the key will be as follows:

Key Name Default Key Size Valid Key Sizes

DES

56

56

DESede

196

128,196

AES

128

(128,196,256)

IDEA

128

128

CAST128

128

8-128

RC2

64

0-1024

RC4

64

8-2048

RSA

1024

512-4096

DSA

1024

512-4096

DH

1024

512-4096

 

This section describes the following:

>Secret Keys

>Public Keys