Cipher initialization - when?
I have server code which creates data encrypted with a 3DES key and signed with an RSA key constantly (it's basically some custom authentication service). In the original implementation, I had only one static Cipher object of each type (3DES encryption, 3DES decryption, RSA signing), to which access was synchronized, and which were all initialized with the respective key before an encryption or signing operation.
Now I wanted to improve performance and get rid of the synchronization, so I created a dynamic pool of those Cipher objects, which basically creates a set of Cipher objects for a request thread. This part works fine so far, so I got rid of synchronization.
But I also wanted to remove unnecessary intializations, so initialized each cipher only once at creation time, 3DES and RSA. As a result, I got problems with the 3DES ciphers (I'm using IAIK), where I could encrypt data, and when I decrypted it, the first 8 bytes were all of a sudden different (or corrupted, maybe). With the RSA ciphers I didn't have any problem like that.
The javadoc of "Cipher" isn't really specific enough for me. Is it correct that in principle a Cipher object has to be initialized with its key only once, when it's being created, and never again? If so, my problems would probably mean there's some bug in the IAIK provider.
