| Jason Proctor 2007-06-18, 10:11 pm |
| dear community,
i've been trying to figure out how people are serialising secret keys
using the JCE. seems to me that there are an awful lot of KeySpec
classes missing for symmetric keys. so how does it work?
originally my application used object serialisation, which works great
on any algorithm of course - but good luck serialising between VM types
and versions.
so my application is now restriected to DES for session keys, because
it's the only algorithm supported by a KeySpec class. here's the code -
serialise ()
{
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance
(sessionKeyAlgorithm, sessionKeyProvider);
DESKeySpec keySpec = (DESKeySpec) keyFactory.getKeySpec
(inSecretKey, DESKeySpec.class);
return keySpec.getKey ();
}
deserialise ()
{
DESKeySpec keySpec = new DESKeySpec (inEncodedKey);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance
(sessionKeyAlgorithm, sessionKeyProvider);
return keyFactory.generateSecret (keySpec);
}
i'd like to do the equivalent for Blowfish, but there simply isn't the
KeySpec classes around to do it. do i have to write my own security
provider, my own BlowFish algorithm, and my own KeySpec classes to do
this, or is there an easier way?
btw i evaluated RSA BSafe and they didn't have any KeySpec classes for
their algorithms either. they said "oh just use our API" but of course
the JCE has so many nice things going for it. just seems like this part
is a wrinkle in an otherwise solid library.
thanks for any help received,
j
|