javax.crypto.KeyGenerator
) is used to generate symmetric encryption keys. A symmetric encryption key is a key that is used for both encryption and decryption of data, by a symmetric encryption algorithm. In this Java KeyGenerator tutorial I will show you how to generate symmetric encryption keys. KeyGenerator
class you must create a KeyGenerator
instance. You create a KeyGenerator
instance by calling the static method getInstance()
passing as parameter the name of the encryption algorithm to create a key for. Here is an example of creating a Java KeyGenerator
instance: KeyGenerator
instance which can generate keys for the AES encryption algorithm. KeyGenerator
instance you must initialize it. Initializing a KeyGenerator
instance is done by calling its init()
method. Here is an example of initializing a KeyGenerator
instance: KeyGenerator
init()
method takes two parameters: The bit size of the keys to generate, and a SecureRandom
that is used during key generation. KeyGenerator
instance is initialized you can use it to generate keys. Generating a key is done by calling the KeyGenerator
generateKey()
method. Here is an example of generating a symmetric key: rsautl
. Instead, do the following:openssl rand
, e.g. openssl rand 32 -out keyfile
.openssl rsautl
.openssl enc
, using the generated key from step 1.smime
— ssl command for S/MIME utility (smime(1)).-encrypt
— chosen method for file process.-binary
— use safe file process. Normally the input message is converted to 'canonical' format as required by the S/MIME specification, this switch disable it. It is necessary for all binary files (like a images, sounds, ZIP archives).-aes-256-cbc
— chosen cipher AES in 256 bit for encryption (strong). If not specified 40 bit RC2 is used (very weak). (Supported ciphers).-in plainfile.zip
— input file name.-out encrypted.zip.enc
— output file name.-outform DER
— encode output file as binary. If is not specified, file is encoded by base64 and file size will be increased by 30%.yourSslCertificate.pem
— file name of your certificate's. That should be in PEM format.-inform DER
— same as -outform
above.-inkey private.key
— file name of your private key. That should be in PEM format and can be encrypted by password.-passin pass:your_password
— (optional) your password for private key encrypt.