What exactly does specifying "AES" as the algorithm in KeyGenerator.getInstance() do?

Question

I'm confused as to why I need to specify an algorithm such as "AES" when generating a key for encryption, e.g...

KeyGenerator kg = KeyGenerator.getInstance("AES");

It clearly is not used for specifying the size of the key since AES keys can be 128, 192, or 256-bits. That part would be done via init()...

kg.init(256, new SecureRandom());
SecretKey key = kg.generateKey();

For what it's worth, the above example code was borrowed from http://android-developers.blogspot.de/2013/02/using-cryptography-to-store-credentials.html

Furthermore, NIST FIPS-197 states...

No weak or semi-weak keys have been identified for the AES algorithm, and there is no restriction on key selection.

...so that would lead me to believe that any 128, 192, or 256 bits could be used as a key.

Clearly, specifying "AES" when I get a cipher instance, e.g...

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");

...is necessary to indicate the cipher algorithm to be use. I just don't get what the purpose of specifying it for the key generation does.

Thanks.

Answer 1

As mentioned in the comments, other keys than AES may require more attention. And it is best to have a symmetrical method for DES and AES so you can switch between the algorithms.

Furthermore, not all cryptographic providers may create keys in memory. The Java JCA is also compatible with hardware key stores. For PKCS#11 providers (for instance) it is required to know the type of the key when it is being generated.