AWS CloudHSM
User Guide

Generate Triple DES Symmetric Key

** Example code only - Not for production use **

This page includes example code that has not been fully tested. It is designed for test environments. Do not run this code in production.

This example shows how to generate a 168-bit Triple DES (3DES) symmetric key and save it in an HSM. By default, the keys that the HSM generates are not saved. To save a key, call the makeKeyPersistant method below. You can save the key object and use the key handle in other operations.

Note

This example uses the loginWithEnvVars() method in the Log In To and Out Of an HSM sample to log in to the HSM. You can substitute the login method that you prefer. Also, the example assumes that the Cavium provider is included in your Java provider file. If it is not, create an instance of the provider and substitute it for the Cavium string.

import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import com.amazonaws.cloudhsm.examples.operations.LoginLogoutExample; import com.cavium.cfm2.CFM2Exception; import com.cavium.cfm2.Util; import com.cavium.key.CaviumDES3Key; import com.cavium.key.parameter.CaviumDESKeyGenParameterSpec; public class DES3SymmetricKeyGeneration { // The key size can be either 168 or 192 bits. public static void main(String[] z) { LoginLogoutExample.loginWithEnvVars(); new DES3SymmetricKeyGeneration().generate3DesKey(168, true); new DES3SymmetricKeyGeneration().generate3DesKey(168, "DESKey-1", false, true); LoginLogoutExample.logout(); } public Key generate3DesKey(int keySize, boolean isPersistent) { KeyGenerator keyGen; try { // Create an instance of the provider. keyGen = KeyGenerator.getInstance("DESede","Cavium"); // Generate the key. keyGen.init(keySize); SecretKey des3Key = keyGen.generateKey(); System.out.println("Key Generated!"); if(des3Key instanceof CaviumDES3Key) { System.out.println("Key is of type CaviumDES3Key"); CaviumDES3Key ck = (CaviumDES3Key) des3Key; // Save the key handle. You'll need this to perform future encryption and decryption operations. System.out.println("Key Handle = " + ck.getHandle()); // Get the key label generated by the SDK. System.out.println("Key Label = " + ck.getLabel()); // Get the Extractable property of the key. System.out.println("Is Key Extractable? : " + ck.isExtractable()); // Get the Persistent property of the key. System.out.println("Is Key Persistent? : " + ck.isPersistent()); // By default, keys are not persistent. Make them Persistent here. if(isPersistent){ System.out.println("Setting Key as Persistent:"); makeKeyPersistant(ck); System.out.println("Key is Persistent!"); } System.out.println("Is Key Persistant? : " + ck.isPersistent()); // Verify the key type and size. System.out.println("Key Algo : " + ck.getAlgorithm()); System.out.println("Key Size : " + ck.getSize()); } return des3Key; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } return null; } // This method allows you to specify the size in bits of the key, the private key label, whether the private key // can be extracted, and whether the key is persistent. public Key generate3DesKey(int keySize, String keyLabel, boolean isExtractable, boolean isPersistent) { KeyGenerator keyGen; try { // Create an instance of the provider. keyGen = KeyGenerator.getInstance("DESede","Cavium"); // Generate the key. CaviumDESKeyGenParameterSpec desKeyGenSpec = new CaviumDESKeyGenParameterSpec(keySize, keyLabel, isExtractable, isPersistent); keyGen.init(desKeyGenSpec); SecretKey des3Key = keyGen.generateKey(); System.out.println("Key Generated!"); if(des3Key instanceof CaviumDES3Key) { System.out.println("Key is of type CaviumDES3Key"); CaviumDES3Key ck = (CaviumDES3Key) des3Key; // Save the key handle. You'll need this to perform future encryption and decryption operations. System.out.println("Key Handle = " + ck.getHandle()); // Get the key label. System.out.println("Key Label = " + ck.getLabel()); // Get the Extractable property of the key. System.out.println("Is Key Extractable? : " + ck.isExtractable()); //Get the Persistent property of the key. System.out.println("Is Key Persistent? : " + ck.isPersistent()); // Verify the key type and size. System.out.println("Key Algo : " + ck.getAlgorithm()); System.out.println("Key Size : " + ck.getSize()); } return des3Key; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } return null; } // Save the key to the HSM. public static void makeKeyPersistant(Key key) { CaviumDES3Key caviumDES3Key = (CaviumDES3Key) key; try { Util.persistKey(caviumDES3Key); System.out.println("Added Key to HSM"); } catch (CFM2Exception e) { e.printStackTrace(); } } }