Key Generation
SafeNet ProtectToolkit-J can generate random keys for each of the cipher algorithms it supports. These keys are Cryptoki session keys; they are not stored permanently on the adapter. Session keys are not thread-safe and so may only be used by a single Cipher instance and a single Signature (or MAC) instance at any time. Thus, it is allowable to use a DES key for encryption in a Cipher instance and a single MAC instance but not two Cipher instances. Keys fetched from the SafeNet ProtectToolkit-J KeyStore do not have this restriction.
When generating a random key, the size of the key will be as follows:
| Key Name | Default Key Size | Valid Key Sizes |
|---|---|---|
| DES | 56 | 56 |
| DESede | 196 | 128,196 |
| AES | 128 | 128,196, 256 |
| IDEA | 128 | 128 |
| CAST128 | 128 | 8-128 |
| RC2 | 64 | 0-1024 |
| RC4 | 64 | 8-2048 |
| RSA | 1024 | 512-4096 |
| DSA | 1024 | 512-3072 |
| DH | 1024 | 512-4096 |
This section describes the following:
