Generating random API key, 2 method provided, any difference?

Gob00st picture Gob00st · Jan 20, 2015 · Viewed 8.2k times · Source

I am generating some random API key(256 bits long) using java 7, two methods provided below, generate() and generate2(). Are there any difference ? if so which one is more secure /better?

Thanks in advance.

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.bind.DatatypeConverter;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

public class RandomAESKeyGen {
    public static String generate(final int keyLen) throws NoSuchAlgorithmException {

        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(keyLen);
        SecretKey secretKey = keyGen.generateKey();
        byte[] encoded = secretKey.getEncoded();
        return DatatypeConverter.printHexBinary(encoded).toLowerCase();
    }

    public static String generate2(final int keyLen) throws NoSuchAlgorithmException {

        SecureRandom random = new SecureRandom();
        byte bytes[] = new byte[keyLen/8];
        random.nextBytes(bytes);
        return DatatypeConverter.printHexBinary(bytes).toLowerCase();
    }

    public static void main(String[] args) {
        String key = null;
        for(int i=0; i< 5; ++i) {
            try {
                key = RandomAESKeyGen.generate(128);
            } catch (NoSuchAlgorithmException e) {
                System.out.println("Exception caught");
                e.printStackTrace();
            }
            System.out.println(key);
        }
        System.out.println("==================");

        for(int i=0; i< 5; ++i) {
            try {
                key = RandomAESKeyGen.generate(256);
            } catch (NoSuchAlgorithmException e) {
                System.out.println("Exception caught");
                e.printStackTrace();
            }
            System.out.println(key);
        }
        System.out.println("==================");

        for(int i=0; i< 5; ++i) {
            try {
                key = RandomAESKeyGen.generate2(128);
            } catch (NoSuchAlgorithmException e) {
                System.out.println("Exception caught");
                e.printStackTrace();
            }
            System.out.println(key);
        }
        System.out.println("==================");

        for(int i=0; i< 5; ++i) {
            try {
                key = RandomAESKeyGen.generate2(256);
            } catch (NoSuchAlgorithmException e) {
                System.out.println("Exception caught");
                e.printStackTrace();
            }
            System.out.println(key);
        }
    }
}

Result from test above:

d6e21b44f47e3591fe3f04fa7f103128
8ece59484693e2376b196f2d33636b79
7fc0d320c1bdcdb927564fac95a79ef5
57c50e27f0d2b00e8f9ed0e519c6e8bb
efb1781846903d703106c8458b24c699
==================
cd81c144951d82b656ae9b8e78957c02bccc0d38db3dec1a1898b6ae715a28bc
1be78294e1d78eb303595cbe04ba1445baa4a044b0f99d77ca4a437d2a9b44ad
cce98925beb899a1c5710d7d6ae171ab6143db0cb421fdbb5b8ded8fe744bb42
7afcf673bd6557be6325d0129ad5eab35770fced759e37bdc5181d813065ccd6
4d3585605757c2681ab2789a0e6d25e842630ca9d27f256029c6ccb0c1a97ddf
==================
79fc08d98883af87e61e8fb1dab050b7
1f43be9e9481a8df3181aea5e2d17474
38dfe28d6e897e0be390b467a03992e8
6bc72524559f0975f7692133d1435ae6
cc79935f16af56287a82afdce2b1dbb0
==================
372ff9d52d99f674e177c61bc606cc72464c53ae87e26dfc78ac6f737fb35dc0
c00fe1573fc2c6b259181dccfb43644be2caad1355ad5921c623b5408a686a0e
7b72fdd8f17770333622566fff126e20f384224f340d6225c24a76048523c018
b65471cdc0e5d37bb869684962a90892539018f57f4aac177dd90f69c509ec75
73fe999d582f4752b129d7058738ee0edd300424ba55f7166e273cc641f1e55a

Answer

Pavel Horal picture Pavel Horal · Jan 21, 2015

JRE is generating cipher key in the same way as you are. You methods are thus equivalent.