dear community,
i've been trying to figure out how people are serialising secret keys
using the JCE. seems to me that there are an awful lot of KeySpec
cl***** missing for symmetric keys. so how does it work?
originally my application used object serialisation, which works great
on any algorithm of course - but good luck serialising between VM types
and versions.
so my application is now restriected to DES for session keys, because
it's the only algorithm sup****ted by a KeySpec class. here's the code -
serialise ()
{
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance
(sessionKeyAlgorithm, sessionKeyProvider);
DESKeySpec keySpec = (DESKeySpec) keyFactory.getKeySpec
(inSecretKey, DESKeySpec.class);
return keySpec.getKey ();
}
deserialise ()
{
DESKeySpec keySpec = new DESKeySpec (inEncodedKey);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance
(sessionKeyAlgorithm, sessionKeyProvider);
return keyFactory.generateSecret (keySpec);
}
i'd like to do the equivalent for Blowfish, but there simply isn't the
KeySpec cl***** around to do it. do i have to write my own security
provider, my own BlowFish algorithm, and my own KeySpec cl***** to do
this, or is there an easier way?
btw i evaluated RSA BSafe and they didn't have any KeySpec cl***** for
their algorithms either. they said "oh just use our API" but of course
the JCE has so many nice things going for it. just seems like this part
is a wrinkle in an otherwise solid library.
thanks for any help received,
j
|
