Module java.base

Class SecretKeySpec

  • All Implemented Interfaces:
    Serializable, Key, KeySpec, SecretKey, Destroyable

    public class SecretKeySpec
    extends Object
    implements KeySpec, SecretKey
    This class specifies a secret key in a provider-independent fashion.

    It can be used to construct a SecretKey from a byte array, without having to go through a (provider-based) SecretKeyFactory.

    This class is only useful for raw secret keys that can be represented as a byte array and have no key parameters associated with them, e.g., DES or Triple DES keys.

    Since:
    1.4
    See Also:
    SecretKey, SecretKeyFactory, Serialized Form
    • Constructor Detail

      • SecretKeySpec

        public SecretKeySpec​(byte[] key,
                             String algorithm)
        Constructs a secret key from the given byte array.

        This constructor does not check if the given bytes indeed specify a secret key of the specified algorithm. For example, if the algorithm is DES, this constructor does not check if key is 8 bytes long, and also does not check for weak or semi-weak keys. In order for those checks to be performed, an algorithm-specific key specification class (in this case: DESKeySpec) should be used.

        Parameters:
        key - the key material of the secret key. The contents of the array are copied to protect against subsequent modification.
        algorithm - the name of the secret-key algorithm to be associated with the given key material. See the Java Security Standard Algorithm Names document for information about standard algorithm names.
        Throws:
        IllegalArgumentException - if algorithm is null or key is null or empty.
      • SecretKeySpec

        public SecretKeySpec​(byte[] key,
                             int offset,
                             int len,
                             String algorithm)
        Constructs a secret key from the given byte array, using the first len bytes of key, starting at offset inclusive.

        The bytes that constitute the secret key are those between key[offset] and key[offset+len-1] inclusive.

        This constructor does not check if the given bytes indeed specify a secret key of the specified algorithm. For example, if the algorithm is DES, this constructor does not check if key is 8 bytes long, and also does not check for weak or semi-weak keys. In order for those checks to be performed, an algorithm-specific key specification class (in this case: DESKeySpec) must be used.

        Parameters:
        key - the key material of the secret key. The first len bytes of the array beginning at offset inclusive are copied to protect against subsequent modification.
        offset - the offset in key where the key material starts.
        len - the length of the key material.
        algorithm - the name of the secret-key algorithm to be associated with the given key material. See the Java Security Standard Algorithm Names document for information about standard algorithm names.
        Throws:
        IllegalArgumentException - if algorithm is null or key is null, empty, or too short, i.e. key.length-offset<len.
        ArrayIndexOutOfBoundsException - is thrown if offset or len index bytes outside the key.
    • Method Detail

      • getAlgorithm

        public String getAlgorithm()
        Returns the name of the algorithm associated with this secret key.
        Specified by:
        getAlgorithm in interface Key
        Returns:
        the secret key algorithm.
      • getFormat

        public String getFormat()
        Returns the name of the encoding format for this secret key.
        Specified by:
        getFormat in interface Key
        Returns:
        the string "RAW".
      • getEncoded

        public byte[] getEncoded()
        Returns the key material of this secret key.
        Specified by:
        getEncoded in interface Key
        Returns:
        the key material. Returns a new array each time this method is called.
      • equals

        public boolean equals​(Object obj)
        Tests for equality between the specified object and this object. Two SecretKeySpec objects are considered equal if they are both SecretKey instances which have the same case-insensitive algorithm name and key encoding.
        Overrides:
        equals in class Object
        Parameters:
        obj - the object to test for equality with this object.
        Returns:
        true if the objects are considered equal, false if obj is null or otherwise.
        See Also:
        Object.hashCode(), HashMap