000026136 - How to convert symmetric keys to JCE KeySpec format

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026136
Applies ToRSA BSAFE Crypto-C
RSA BSAFE Crypto-C ME
RSA BSAFE Crypto-J
IssueHow to convert symmetric keys to JCE KeySpec format
Notes

Symmetric Keys are just plain arrays of bytes - except for DESede and DES keys which have parity.
The BSAFE C libraries simply use unsigned char arrays to hold these keys.
The Crypto-J jsafe.jar library uses the first array in a byte[][] to store a symmetric key.

JCE uses the following KeySpec classes:
javax.crypto.spec.DESedeKeySpec can be used to import and export Triple DES keys. This class sets up the parity of the Triple DES key.
javax.crypto.spec.DESKeySpec can be used to import and export DES keys. This class sets up the parity of the DES key.
javax.crypto.spec.SecretKeySpec can be used to import and export all other symmetric keys (for example AES keys).

To create a JSAFE key and convert it to JCE KeySpec format:
// creating the jsafe key
byte[][] jsafeAes128KeyData = { {
(byte)0x80, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00 }  };
JSAFE_SecretKey key = JSAFE_SecretKey.getInstance("AES128", "Java"); key.setKeyData(jsafeAes128KeyData);
// extracting the jsafe key
byte[][] jsafeKeyData = key.getKeyData();
// converting the jsafe key to JCE KeySpec format
byte[] jceKeyData = jsafeKeyData[0];
SecretKeyFactory skf = SecretKeyFactory.getInstance("AES", "JsafeJCE");
SecretKeySpec sKeySpec = new SecretKeySpec(jceKeyData, "AES");
SecretKey sKey = skf.generateSecret(sKeySpec);

Legacy Article IDa33301

Attachments

    Outcomes