Re: JCE1.2 -- Blowfish has no KeyFactory?

Jan Luehe (luehe@laguna.eng.sun.com)
Wed, 7 Apr 1999 18:49:18 -0700 (PDT)

Message-Id: <199904080149.SAA09988@laguna.eng.sun.com>
Date: Wed, 7 Apr 1999 18:49:18 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: JCE1.2 -- Blowfish has no KeyFactory?
To: java-security@java.sun.com, josh@privada.net

Josh:

> String password = "mypassword";
> SecretKeyFactory kf = SecretKeyFactory.getInstance("DES");
> KeySpec spec = new DESKeySpec(password.getBytes(), 0);
> SecretKey sk = kf.generateSecret(spec);
>
> However, since there is no BlowfishKeyFactory, this can't be done for
Blowfish.
> Is there any particular, cryptographic reason why there is no
> BlowfishKeyFactory? Or is there some other way to do what I am trying to do?

Please check the "Blowfish Example" in Appendix D of the
API_users_guide.html in the JCE documentation.

It explains how to construct a Blowfish key from some
given bytes, using the generic javax.crypto.spec.SecretKeySpec class.

For all key types for which there is no special key specification
class, you can use the generic "SecretKeySpec" class and specify
the particular algorithm name in its constructor.

The only reason why there is a key specification class for DES,
but none for Blowfish, is that in the case of DES you might
want to know if some given bytes (representing the DES key material) are
parity-adjusted (see method javax.crypto.spec.DESKeySpec.isParityAdjusted())
or represent a "weak" DES key
(see method javax.crypto.spec.DESKeySpec.isWeak()), before creating
a DES key object from those bytes.

Jan