Date: Tue, 12 Aug 1997 09:02:06 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: How to serialize a session key
To: java-security@web2.javasoft.com, ashutosh@usa.ltindia.com
Hi Ashutosh:
> please help me on the issue of serializing a session key .
> Actually the problem is that one cannot get an Key object at the other
> end if any generated key is send as a byte array using the getEncoded()
> method . That is you can not initialize a key object by using the byte
> array .
>
> How can I send the key object using serializable interface .
>
> please help ...
We have identified this problem and fixed it in JDK1.2, where you
will be able to initialize a (DES) Key object from a byte array.
For earlier JDK versions, you need to serialize the secret key
after encryption, and deserialize it before decryption.
Here is how you would serialze/deserialize the key:
Key desKey;
// Serialize generated DES key into a file named "keyfile"
ObjectOutputStream outKeyfile = new ObjectOutputStream
(new FileOutputStream("keyfile"));
outKeyfile.writeObject(desKey);
// Encrypt data
// Deserialize DES key from file
ObjectInputStream inKeyfile = new ObjectInputStream
(newFileInputStream("keyfile"));
desKey = (SecretKey)inKeyfile.readObject();
// Decrypt data
As I said: JDK1.2 will make initialization of keys easier.
Jan