CODEWITHSUNDEEP
javaencryptionaes
Student
Student

Reputation: 28375

AES key size in Java

Testing RSA to encrypt an AES key, I realized that RSA has only 1 block with a limited size (settable by the programmer) do store the encrypted key. The question is, when I use:

KeyGenerator.getInstance("AES").generateKey()

the AES keys will have a constant size in every computer and jvm implementation?

Upvotes: 9

Views: 25515

Answers (4)

Dmitriy Pichugin
Dmitriy Pichugin

Reputation: 418

https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html

Every implementation of the Java platform is required to support the following standard Cipher transformations with the keysizes in parentheses:

AES/CBC/NoPadding (128)
AES/CBC/PKCS5Padding (128)
AES/ECB/NoPadding (128)
AES/ECB/PKCS5Padding (128)
DES/CBC/NoPadding (56)
DES/CBC/PKCS5Padding (56)
DES/ECB/NoPadding (56)
DES/ECB/PKCS5Padding (56)
DESede/CBC/NoPadding (168)
DESede/CBC/PKCS5Padding (168)
DESede/ECB/NoPadding (168)
DESede/ECB/PKCS5Padding (168)
RSA/ECB/PKCS1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)

Upvotes: 1

Thomas Pornin
Thomas Pornin

Reputation: 74492

KeyGenerator has several init() methods; you should call one of them before generating a key. The Javadoc for KeyGenerator specifies that in case you do not call one of the init() method, then "each provider must supply (and document) a default initialization."

So this is provider-specific. Since you initialize the key generator with the "AES" algorithm name, one may assume that you will get a key with a size suitable for AES, i.e. 128, 192 or 256 bits (16, 24 and 32 bytes, respectively). But which one you get is up to the actual provider, which may depend upon the JVM and possibly its configuration.

Upvotes: 0

Steve K
Steve K

Reputation: 19586

There is an init method in the KeyGenerator that allows you to specify the number of bits.

KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
SecretKey key = keyGenerator.generateKey();

Will that do what you need?

The default appears to be 128 bits, but I would not assume that all JVM's use the same default, or that it will always be the default.

Upvotes: 16

BenM
BenM

Reputation: 4153

Suns Java Cryptography Extension documentation states that multiple key sizes are supported for AES keys and doesn't provide any information on the default size.

The maximum size of keys can also vary depending on the jurisdictional files used by different versions of Suns JVM.

Upvotes: 2

Related Questions