java - 获取 JCE KeyGenerators 所有可能的 key 大小

Question

我正在编写一个 Web 服务，它允许用户从算法列表中选择一个算法并生成指定大小的 key (使用 KeyGenerator)。我无法通过 API 找到任何方法来获取指定算法的一组可能的 key 大小。如果我尝试生成一个大小无效的 key ，我将得到一个异常指示，错误消息中包含该算法的可能 key 大小，但我想为用户预先确定一个选择列表。如果存在，任何人都可以指出正确的 API 吗？

Answer 1

我不认为这可以通过 API 获得，因为一些算法采用范围而不是不同的值。

来自 Java Cryptography Architecture Documentation (Java 7) , Keysize Restrictions 部分，KeyGenerator:

The SunJCE provider uses the following default keysizes (in bits) and enforces the following restrictions:

KeyGenerator
╔══════════════════════╦══════════════════╦════════════════════════════════════════════════════════════════════════════════╗
║   Algorithm Name     ║ Default Keysize  ║                             Restrictions/Comments                              ║
╠══════════════════════╬══════════════════╬════════════════════════════════════════════════════════════════════════════════╣
║ AES                  ║             128  ║ Keysize must be equal to 128, 192, or 256.                                     ║
║ ARCFOUR (RC4)        ║             128  ║ Keysize must range between 40 and 1024 (inclusive).                            ║
║ Blowfish             ║             128  ║ Keysize must be a multiple of 8, ranging from 32 to 448 (inclusive).           ║
║ DES                  ║              56  ║ Keysize must be equal to 56.                                                   ║
║ DESede (Triple DES)  ║             168  ║ Keysize must be equal to 112 or 168.                                           ║
║                      ║                  ║ A keysize of 112 will generate a Triple DES key with 2 intermediate keys, and  ║
║                      ║                  ║ a keysize of 168 will generate a Triple DES key with 3 intermediate keys.      ║
║                      ║                  ║ Due to the "Meet-In-The-Middle" problem, even though 112 or 168 bits of key    ║
║                      ║                  ║ material are used, the effective keysize is 80 or 112 bits respectively.       ║
║ HmacMD5              ║             512  ║ No keysize restriction.                                                        ║
║ HmacSHA1             ║             512  ║ No keysize restriction.                                                        ║
║ HmacSHA256           ║             256  ║ No keysize restriction.                                                        ║
║ HmacSHA384           ║             384  ║ No keysize restriction.                                                        ║
║ HmacSHA512           ║             512  ║ No keysize restriction.                                                        ║
║ RC2                  ║             128  ║ Keysize must range between 40 and 1024 (inclusive).                            ║
╚══════════════════════╩══════════════════╩════════════════════════════════════════════════════════════════════════════════╝

我建议您为用户输入提供一个合适的组件(可编辑组合框)，该组件根据算法选择而变化，然后为其提供验证。