I am generating some random API key(256 bits long) using java 7, two methods provided below, generate() and generate2(). Are there any difference ? if so which one is more secure /better?
Thanks in advance.
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.bind.DatatypeConverter;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class RandomAESKeyGen {
public static String generate(final int keyLen) throws NoSuchAlgorithmException {
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(keyLen);
SecretKey secretKey = keyGen.generateKey();
byte[] encoded = secretKey.getEncoded();
return DatatypeConverter.printHexBinary(encoded).toLowerCase();
}
public static String generate2(final int keyLen) throws NoSuchAlgorithmException {
SecureRandom random = new SecureRandom();
byte bytes[] = new byte[keyLen/8];
random.nextBytes(bytes);
return DatatypeConverter.printHexBinary(bytes).toLowerCase();
}
public static void main(String[] args) {
String key = null;
for(int i=0; i< 5; ++i) {
try {
key = RandomAESKeyGen.generate(128);
} catch (NoSuchAlgorithmException e) {
System.out.println("Exception caught");
e.printStackTrace();
}
System.out.println(key);
}
System.out.println("==================");
for(int i=0; i< 5; ++i) {
try {
key = RandomAESKeyGen.generate(256);
} catch (NoSuchAlgorithmException e) {
System.out.println("Exception caught");
e.printStackTrace();
}
System.out.println(key);
}
System.out.println("==================");
for(int i=0; i< 5; ++i) {
try {
key = RandomAESKeyGen.generate2(128);
} catch (NoSuchAlgorithmException e) {
System.out.println("Exception caught");
e.printStackTrace();
}
System.out.println(key);
}
System.out.println("==================");
for(int i=0; i< 5; ++i) {
try {
key = RandomAESKeyGen.generate2(256);
} catch (NoSuchAlgorithmException e) {
System.out.println("Exception caught");
e.printStackTrace();
}
System.out.println(key);
}
}
}
Result from test above:
d6e21b44f47e3591fe3f04fa7f103128
8ece59484693e2376b196f2d33636b79
7fc0d320c1bdcdb927564fac95a79ef5
57c50e27f0d2b00e8f9ed0e519c6e8bb
efb1781846903d703106c8458b24c699
==================
cd81c144951d82b656ae9b8e78957c02bccc0d38db3dec1a1898b6ae715a28bc
1be78294e1d78eb303595cbe04ba1445baa4a044b0f99d77ca4a437d2a9b44ad
cce98925beb899a1c5710d7d6ae171ab6143db0cb421fdbb5b8ded8fe744bb42
7afcf673bd6557be6325d0129ad5eab35770fced759e37bdc5181d813065ccd6
4d3585605757c2681ab2789a0e6d25e842630ca9d27f256029c6ccb0c1a97ddf
==================
79fc08d98883af87e61e8fb1dab050b7
1f43be9e9481a8df3181aea5e2d17474
38dfe28d6e897e0be390b467a03992e8
6bc72524559f0975f7692133d1435ae6
cc79935f16af56287a82afdce2b1dbb0
==================
372ff9d52d99f674e177c61bc606cc72464c53ae87e26dfc78ac6f737fb35dc0
c00fe1573fc2c6b259181dccfb43644be2caad1355ad5921c623b5408a686a0e
7b72fdd8f17770333622566fff126e20f384224f340d6225c24a76048523c018
b65471cdc0e5d37bb869684962a90892539018f57f4aac177dd90f69c509ec75
73fe999d582f4752b129d7058738ee0edd300424ba55f7166e273cc641f1e55a
JRE is generating cipher key in the same way as you are. You methods are thus equivalent.