Generate Secret Key

In order to generate a Secret Key and add it into the current KeyStore, click on Generate Secret Key. In the new window, the user has the option to select from a wide range of key algorithms and sizes. The algorithms are defined for 2 providers: for the Bouncy Castle Provider and for the Sun JCE Provider (if it exists on the system where CERTivity is running), allowing the user to select only the supported key sizes for each algorithm depending on the algorithm type and provider. In case the Sun JCE Provider is not available, the Default provider will be used which means that all the Secret Key algorithms (that CERTivity supports) will be displayed with the key sizes starting from 1 for each algorithm. For this case, if the algorithm or the key size is not supported by the Default provider, an error will be displayed.

To generate a Secret Key, the user has to select a Provider, then to select an algorithm, then a key size, and finally to enter an alias for the Secret Key which will be generated.

A screenshot for generate secret key action can be seen below:

Note

JKS and PKCS#12 KeyStore types do not support storing Secret Keys. This is a limitation of the standards, not of the CERTivity application.

The key algorithms are dictating the JCE provider and the key sizes supported. These are depicted in the following table.

Table 5.2. Size and Provider for Secret Keys

Key AlgorithmKey SizeProvider
AES1 - 256Bouncy Castle
128 - 256, multiple of 64Sun JCE
AESWrap1 - 256Bouncy Castle
ARCFOUR40 - 1024Sun JCE
Blowfish1 - 448Bouncy Castle
32 - 448, multiple of 8Sun JCE
Camellia128 - 256, multiple of 64Bouncy Castle
Cast51 - 128Bouncy Castle
Cast61 - 256Bouncy Castle
DES64Bouncy Castle
56Sun JCE
DESede128, 192Bouncy Castle
112, 168Sun JCE
DESedeWrap128, 192Bouncy Castle
GOST28147256Bouncy Castle
Grainv180Bouncy Castle
Grain128128Bouncy Castle
HC128128Bouncy Castle
HC256256Bouncy Castle
Noekeon128Bouncy Castle
RC21 - 1024Bouncy Castle
40 - 1024Sun JCE
RC440 - 2048Bouncy Castle
RC51 - 128Bouncy Castle
RC5-641 - 256Bouncy Castle
RC61 - 256Bouncy Castle
Rijndael1 - 256Bouncy Castle
Salsa20128, 256Bouncy Castle
SEED128Bouncy Castle
Serpent128 - 256, multiple of 64Bouncy Castle
Skipjack1 - 128Bouncy Castle
TEA128Bouncy Castle
Twofish128 - 256, multiple of 64Bouncy Castle
VMPC128, 6144Bouncy Castle
VMPC-KSA3128, 6144Bouncy Castle
XTEA128Bouncy Castle
HmacMD21 -Bouncy Castle
HmacMD41 -Bouncy Castle
HmacMD51 -Bouncy Castle
1 -Sun JCE
HmacRIPEMD1281 -Bouncy Castle
HmacRIPEMD1601 -Bouncy Castle
HmacSHA11 -Bouncy Castle
1 -Sun JCE
HmacSHA2241 -Bouncy Castle
HmacSHA2561 -Bouncy Castle
40 -Sun JCE
HmacSHA3841 -Bouncy Castle
40 -Sun JCE
HmacSHA5121 -Bouncy Castle
40 -Sun JCE
HmacTIGER1 -Bouncy Castle