RC2
This algorithm is a 64-bit block cipher with a variable-length key usually 40-bit or 128-bit. RC2 was designed by Ron Rivest and is a trademark of RSA Data Security. For more information on this algorithm, see RFC-2268.
RC2 Cipher Initialization
This cipher supports both ECB and CBC modes, and may be used with NoPadding or PKCS5Padding. To create an instance of this class, use the Cipher.getInstance() method with “SAFENET” as the provider and one of the following strings as the transformation:
>RC2
>RC2/ECB/NoPadding
>RC2/ECB/PKCS5Padding
>RC2/CBC/NoPadding
>RC2/CBC/PKCS5Padding
Using the “RC2” transformation, the Cipher will default to ECB and NoPadding.
If the NoPadding mode is selected, the input data must be a multiple of 8 bytes; otherwise, the encrypted or decrypted result will be truncated. In PKCS5Padding, arbitrary data lengths are accepted; the ciphertext will be padded to a multiple of 8 bytes, as described in PKCS#5. The decryption process will remove the padding from the data so that the correct plaintext is returned.
This Cipher will accept a javax.crypto.spec.SecretKeySpec or au.com.safenet.crypto.provider.CryptokiSecretKey as the key parameter during initialization.
The RC2 Cipher may also be initialized with an instance of the javax.crypto.spec.RC2ParameterSpec class. With this class it is possible to supply an initialization vector and an effective key size. If the Cipher is not initialized in this way, the effective key size will default to 128.
The IV may be provided as a java.security.AlgorithmParameters or a javax.crypto.spec.IvParameterSpec instance. If the initialization is done using an AlgorithmParameters instance, it must be convertible to an IvParameterSpec using the AlgorithmParameters.getParameterSpec() method.
This Cipher does not support the Cipher.getParameters() method; this method will always return null
. The only supported parameter for this class is the initialization vector, which may be determined using the Cipher.getIV() method.
RC2 Key
The RC2 Cipher requires either a SecretKeySpec or ProtectToolkit-J provider RC2 Key during initialization. The RC2 key may be any length of 8 to 1024 bits.
To create an appropriate SecretKeySpec, pass an array of up to 128 bytes and the algorithm name “RC2” to the SecretKeySpec constructor. For example:
byte[] keyBytes = { 0x41, 0x22, 0x35, 0x17,
0x39, 0xDF, 0x28, 0x94,
0x11, 0x93, 0x55, 0x67,
0x39, 0xAC, 0xCD, 0xFF };
SecretKeySpec rc2Key = new SecretKeySpec(keyBytes, “RC2”);
Alternatively, a random ProtectToolkit-J RC2 key can be generated using the KeyGenerator as described in section Public Keys, or a provider-independent form as described in section Key Specifications. The RC2 key may also be stored in the ProtectToolkit-J KeyStore, as described in Key Storage.
The ProtectToolkit-J RC2 key will return the string “RC2” as its algorithm name, “RAW” as its encoding. However, since the key is stored within the hardware, the actual key encoding may not be available.
The key value can only be extracted from a key if the associated Cryptoki key is not marked as Sensitive. The keys generated in ProtectToolkit-J will always be marked as sensitive. It is possible, however, to access any Cryptoki keys stored on the device, and it is possible that the attributes of these keys have been modified.
RC2 KeyGenerator
The RC2 KeyGenerator is used to generate random RC2 keys. The generated key will be a hardware key that has the Cryptoki CKA_EXTRACTABLE and CKA_SENSITIVE attributes set. Since these keys are marked as sensitive, their getEncoded() method will return null.
During initialization, the strength parameter may be any multiple of 8 up to 1024 inclusive. The default key size is 128 bits. The random parameter is ignored as the hardware includes a cryptographically-secure random source.
Keys generated using the KeyGenerator are not thread-safe. That is, a ProtectToolkit-J Key instance may only be used by a single Cipher instance (as well as a single MAC instance) at any given time. See Key Generation for information on threading and ProtectToolkit-J keys.
RC2 SecretKeyFactory
The RC2 SecretKeyFactory is used to construct ProtectToolkit-J keys from their provider-independent form. The provider-independent form of the RC2 key is the au.com.safenet.crypto.spec.RC2KeySpec class.
Keys generated using the SecretKeyFactory are not thread-safe. That is, a ProtectToolkit-J Key instance may only be used by a single Cipher instance (as well as a single MAC instance) at any given time. SeeKey Generation for information on threading and ProtectToolkit-J keys.
For example, to create the provider based key from its provider-independent form:
byte[] keyBytes = { 0x41, 0x22, 0x35, 0x17,
0x39, 0xDB, 0xDC, 0xEF
0x11, 0x93, 0x55, 0x67,
0x39, 0xAC, 0xCD, 0xFF };
RC2KeySpec rc2KeySpec = new RC2KeySpec(keyBytes);
SecretKeyFactory rc2KeyFact =
SecretKeyFactory.getInstance(“RC2”, “SAFENET”);
SecretKey rc2Key = rc2KeyFact.generateSecret(castEdeKeySpec);
RC2 Example Code
SeeDES for the simple DES example. To convert the example to use RC2, use “RC2” in place of “DES”.
Replace the IvParameterSpec call with the RC2ParameterSpec call, as illustrated in the following code example:
KeyGenerator keyGen = KeyGenerator.getInstance("RC2","SAFENET");
Key rcKey = keyGen.generateKey();
Cipher rc2Cipher = Cipher.getInstance("RC2/CBC/PKCS5Padding","SAFENET");
rc2Cipher.init(Cipher.ENCRYPT_MODE, rcKey);
byte[] iv = rc2Cipher.getIV();
byte[] cipherText = rc2Cipher.doFinal("hello world".getBytes());
rc2Cipher.init(Cipher.DECRYPT_MODE, rcKey,new RC2ParameterSpec(iv));
byte[] plainText = rc2Cipher.doFinal(cipherText);