Key Generation
SafeNet ProtectToolkit-J can generate random keys for each of the cipher algorithms it supports. These keys are Cryptoki session keys; they are not stored permanently on the adapter. Session keys are not thread-safe and so may only be used by a single Cipher instance and a single Signature (or MAC) instance at any time. Thus, it is allowable to use a DES key for encryption in a Cipher instance and a single MAC instance but not two Cipher instances. Keys fetched from the SafeNet ProtectToolkit-J KeyStore do not have this restriction.
When generating a random key, the size of the key will be as follows:
| Key Name | Default Key Size | Valid Key Sizes |
|---|---|---|
|
DES |
56 |
56 |
|
DESede |
196 |
128,196 |
|
AES |
128 |
(128,196,256) |
|
IDEA |
128 |
128 |
|
CAST128 |
128 |
8-128 |
|
RC2 |
64 |
0-1024 |
|
RC4 |
64 |
8-2048 |
|
RSA |
1024 |
512-4096 |
|
DSA |
1024 |
512-4096 |
|
DH |
1024 |
512-4096 |
This section describes the following:
