RC4

This algorithm is a stream cipher with a variable length key, usually 40-bit or 128-bit. RC4 is a trademark of RSA Data Security. A description of the algorithm may be found in Applied Cryptography by Bruce Schneier.

RC4 Cipher Initialization

Since the RC4 Cipher is a stream cipher, it always operates in the same mode, which may be specified by the transformations “RC4” or “RC4/ECB/NoPadding”. To create an instance of this class, use the Cipher.getInstance() method with “SAFENET” as the provider and one of the valid transformation strings.

The size of the output of this cipher will always be the same as that of the input.

This Cipher will accept a javax.crypto.spec.SecretKeySpec or au.com.safenet.crypto.provider.CryptokiSecretKey as the key parameter during initialization.

This Cipher does not support initialization with algorithm parameters, and so the Cipher.getParameters() method will always return null.

RC4 Key

The RC4 Cipher requires either a SecretKeySpec or ProtectToolkit-J provider RC4 Key during initialization. The RC4 key may be any length of 8 to 2048 bits.

To create an appropriate SecretKeySpec, pass an array of up to 256 bytes and the algorithm name “RC4” to the SecretKeySpec constructor. For example:

byte[] keyBytes = { 0x41, 0x22, 0x35, 0x17,
                    0x39, 0xDF, 0x28, 0x94,
                    0x11, 0x93, 0x55, 0x67,
                    0x39, 0xAC, 0xCD, 0xFF };
SecretKeySpec desKey = new SecretKeySpec(keyBytes, “RC4”);

Alternatively, a random ProtectToolkit-J RC4 key can be generated using the KeyGenerator, as described in section Public Keys, or a provider-independent form as described in section Key Specifications. The RC4 key may also be stored in the ProtectToolkit-J KeyStore, as described inKey Storage.

The ProtectToolkit-J RC4 key will return the string “RC4” as its algorithm name, “RAW” as its encoding. However, since the key is stored within the hardware, the actual key encoding may not be available.

The key value can only be extracted from a key if the associated Cryptoki key is not marked as Sensitive. The keys generated in ProtectToolkit-J will always be marked as sensitive. It is possible, however, to access any Cryptoki keys stored on the device, and it is possible that the attributes of these keys have been modified.

RC4 KeyGenerator

The RC4 KeyGenerator is used to generate random RC4 keys. The generated key will be a hardware key that has the Cryptoki CKA_EXTRACTABLE and CKA_SENSITIVE attributes set. Since these keys are marked as sensitive, their getEncoded() method will return null.

During initialization, the strength parameter may be any length from 8 to 2048. The default key size is 128 bits. The random parameter is ignored as the hardware includes a cryptographically-secure random source.

Keys generated using the KeyGenerator are not thread-safe. That is, a ProtectToolkit-J Key instance may only be used by a single Cipher instance (as well as a single MAC instance) at any given time. See Key Generation for information on threading and ProtectToolkit-J keys.

RC4 SecretKeyFactory

The RC4 SecretKeyFactory is used to construct ProtectToolkit-J keys from their provider-independent form. The provider-independent form of the RC4 key is the au.com.safenet.crypto.spec.RC4KeySpec class.

Keys generated using the SecretKeyFactory are not thread-safe. That is, a ProtectToolkit-J Key instance may only be used by a single Cipher instance (as well as a single MAC instance) at any given time. SeeKey Generation for information on threading and ProtectToolkit-J keys.

For example, to create the provider-based key from its provider-independent form:

byte[] keyBytes = { 0x41, 0x22, 0x35, 0x17,
                    0x39, 0xDB, 0xDC, 0xEF
                    0x11, 0x93, 0x55, 0x67,
                    0x39, 0xAC, 0xCD, 0xFF };
RC4KeySpec castKeySpec = new RC4KeySpec(keyBytes);
SecretKeyFactory castKeyFact =
           SecretKeyFactory.getInstance(“RC4”, “SAFENET”);
SecretKey castKey=castKeyFact.generateSecret(castEdeKeySpec);

RC4 Example Code

The following example code will create a random RC4 key, then create a RC4 cipher. Next, it initializes the cipher for encryption using the newly-created key. We then save the initialization vector and encrypt the string "hello world".

To perform the decryption, we simply re-initialize the cipher in decrypt mode, with the same key. In this case there is no need to process the initialization vector, as there is none with the RC4 algorithm.

KeyGenerator keyGen = KeyGenerator.getInstance("RC4",
                                               "SAFENET");
Key rc4Key = keyGen.generateKey();
Cipher rc4Cipher = Cipher.getInstance("RC4", "SAFENET");
rc4Cipher.init(Cipher.ENCRYPT_MODE, rc4Key);
byte[] cipherText = rc4Cipher.doFinal(
                                   "hello world".getBytes());
rc4Cipher.init(Cipher.DECRYPT_MODE, rc4Key);
byte[] plainText = desCipher.doFinal(cipherText);