Key Generation
SafeNet ProtectToolkit-J can generate random keys for each of the cipher algorithms it supports. These keys are Cryptoki session keys; they are not stored permanently on the adapter. Session keys are not thread-safe and so may only be used by a single Cipher instance and a single Signature (or MAC) instance at any time. Thus, it is allowable to use a DES key for encryption in a Cipher instance and a single MAC instance but not two Cipher instances. Keys fetched from the SafeNet ProtectToolkit-J KeyStore do not have this restriction.
When generating a random key, the size of the key will be as follows:
Key Name | Default Key Size | Valid Key Sizes |
---|---|---|
DES | 56 | 56 |
DESede | 196 | 128,196 |
AES | 128 | (128,196,256) |
IDEA | 128 | 128 |
CAST128 | 128 | 8-128 |
RC2 | 64 | 0-1024 |
RC4 | 64 | 8-2048 |
RSA | 1024 | 512-4096 |
DSA | 1024 | 512-4096 |
DH | 1024 | 512-4096 |
This section describes the following: