diff --git a/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel
index 0eebbdf4ef..9dec9ef944 100644
--- a/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel
@@ -247,6 +247,7 @@ java_library(
     name = "key_type_manager",
     srcs = ["KeyTypeManager.java"],
     deps = [
+        ":key_template",
         "//proto:tink_java_proto",
         "//src/main/java/com/google/crypto/tink/annotations:alpha",
         "@com_google_protobuf//:protobuf_javalite",
@@ -257,6 +258,7 @@ android_library(
     name = "key_type_manager-android",
     srcs = ["KeyTypeManager.java"],
     deps = [
+        ":key_template-android",
         "//proto:tink_java_proto_lite",
         "//src/main/java/com/google/crypto/tink/annotations:alpha",
         "@com_google_protobuf//:protobuf_javalite",
diff --git a/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java b/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java
index 972b6b0f7b..f125a9dc31 100644
--- a/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java
@@ -180,6 +180,20 @@ public KeyFactory(Class<KeyFormatProtoT> clazz) {
       this.clazz = clazz;
     }
 
+    /**
+     * A container that contains key format and other information that form key templates supported
+     * by this factory.
+     */
+    public static final class KeyFormat<KeyFormatProtoT> {
+      public KeyFormatProtoT keyFormat;
+      public KeyTemplate.OutputPrefixType outputPrefixType;
+
+      public KeyFormat(KeyFormatProtoT keyFormat, KeyTemplate.OutputPrefixType outputPrefixType) {
+        this.keyFormat = keyFormat;
+        this.outputPrefixType = outputPrefixType;
+      }
+    }
+
     /**
      * Returns the class corresponding to the key format protobuffer.
      */
@@ -208,14 +222,14 @@ public abstract KeyFormatProtoT parseKeyFormat(ByteString byteString)
     public abstract KeyT createKey(KeyFormatProtoT keyFormat) throws GeneralSecurityException;
 
     /**
-     * Derives a new key from a given format, using the given {@param pseudoRandomness}.
+     * Derives a new key from a given format, using the given {@code pseudoRandomness}.
      *
-     * <p>Implementations need to note that the given paramter {@param pseudoRandomness} may only
+     * <p>Implementations need to note that the given paramter {@code pseudoRandomness} may only
      * produce a finite amount of randomness. Hence, proper implementations will first obtain all
      * the pseudorandom bytes needed; and only after produce the key.
      *
      * <p>While {@link validateKeyFormat} is called before this method will be called,
-     * implementations must check the version of the given {@param keyFormat}, as {@link
+     * implementations must check the version of the given {@code keyFormat}, as {@link
      * validateKeyFormat} is also called from {@link createKey}.
      *
      * <p>Not every KeyTypeManager needs to implement this; if not implemented a {@link
@@ -223,8 +237,12 @@ public abstract KeyFormatProtoT parseKeyFormat(ByteString byteString)
      */
     public KeyT deriveKey(KeyFormatProtoT keyFormat, InputStream pseudoRandomness)
         throws GeneralSecurityException {
-      throw new GeneralSecurityException(
-          "deriveKey not implemented for key of type " + clazz.toString());
+      throw new GeneralSecurityException("deriveKey not implemented for key of type " + clazz);
+    }
+
+    /** Returns supported key formats and their names. */
+    public Map<String, KeyFormat<KeyFormatProtoT>> keyFormats() {
+      return Collections.emptyMap();
     }
   }
 
diff --git a/java_src/src/main/java/com/google/crypto/tink/Registry.java b/java_src/src/main/java/com/google/crypto/tink/Registry.java
index 93f253409e..d4b9f32875 100644
--- a/java_src/src/main/java/com/google/crypto/tink/Registry.java
+++ b/java_src/src/main/java/com/google/crypto/tink/Registry.java
@@ -17,7 +17,6 @@
 package com.google.crypto.tink;
 
 import com.google.crypto.tink.proto.KeyData;
-import com.google.crypto.tink.proto.KeyTemplate;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.InvalidProtocolBufferException;
 import com.google.protobuf.MessageLite;
@@ -25,6 +24,7 @@
 import java.security.GeneralSecurityException;
 import java.util.Collections;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
@@ -88,6 +88,9 @@ public final class Registry {
   private static final ConcurrentMap<Class<?>, PrimitiveWrapper<?, ?>> primitiveWrapperMap =
       new ConcurrentHashMap<>();
 
+  private static final ConcurrentMap<String, KeyTemplate> keyTemplateMap =
+      new ConcurrentHashMap<>(); // name -> KeyTemplate mapping
+
   /**
    * A container which either is constructed from a {@link KeyTypeManager} or from a {@link
    * KeyManager}.
@@ -328,6 +331,7 @@ static synchronized void reset() {
     newKeyAllowedMap.clear();
     catalogueMap.clear();
     primitiveWrapperMap.clear();
+    keyTemplateMap.clear();
   }
 
   /**
@@ -428,28 +432,66 @@ public static synchronized <P> void registerKeyManager(final KeyManager<P> manag
   }
 
   /**
-   * Throws a general security exception iff there is already a key manager registered for typeURL,
-   * and at least one of the following is true:
-   *   * The class implementing the existing key manager differs from the given one.
-   *   * The value of newKeyAllowed currently registered is false, but the input parameter is true.
+   * Throws a general security exception if one of these conditions holds:
+   *
+   * <ul>
+   *   <li>There is already a key manager registered for {@code typeURL}, and at least one of the
+   *       following is true:
+   *       <ul>
+   *         <li>The class implementing the existing key manager differs from the given one.
+   *         <li>The value of {@code newKeyAllowed} currently registered is false, but the input
+   *             parameter is true.
+   *       </ul>
+   *   <li>The {@code newKeyAllowed} flag is true, and at least one of the following is true:
+   *       <ul>
+   *         <li>The key manager was already registered, but it contains new key templates.
+   *         <li>The key manager is new, but it contains existing key templates.
    */
-  private static synchronized void ensureKeyManagerInsertable(
-      String typeUrl, Class<?> implementingClass, boolean newKeyAllowed)
-      throws GeneralSecurityException {
-    if (!keyManagerMap.containsKey(typeUrl)) {
-      return;
-    }
+  private static synchronized <KeyProtoT extends MessageLite, KeyFormatProtoT extends MessageLite>
+      void ensureKeyManagerInsertable(
+          String typeUrl,
+          Class<?> implementingClass,
+          Map<String, KeyTypeManager.KeyFactory.KeyFormat<KeyFormatProtoT>> keyFormats,
+          boolean newKeyAllowed)
+          throws GeneralSecurityException {
     KeyManagerContainer container = keyManagerMap.get(typeUrl);
-    if (!container.getImplementingClass().equals(implementingClass)) {
-        logger.warning("Attempted overwrite of a registered key manager for key type " + typeUrl);
+    if (container != null && !container.getImplementingClass().equals(implementingClass)) {
+      logger.warning("Attempted overwrite of a registered key manager for key type " + typeUrl);
       throw new GeneralSecurityException(
           String.format(
               "typeUrl (%s) is already registered with %s, cannot be re-registered with %s",
               typeUrl, container.getImplementingClass().getName(), implementingClass.getName()));
     }
-    if (newKeyAllowed && !newKeyAllowedMap.get(typeUrl)) {
+    if (newKeyAllowed && newKeyAllowedMap.containsKey(typeUrl) && !newKeyAllowedMap.get(typeUrl)) {
       throw new GeneralSecurityException("New keys are already disallowed for key type " + typeUrl);
     }
+
+    if (newKeyAllowed) {
+      if (keyManagerMap.containsKey(typeUrl)) {
+        // When re-inserting an already present KeyTypeManager, no new key templates should be
+        // present.
+        for (Map.Entry<String, KeyTypeManager.KeyFactory.KeyFormat<KeyFormatProtoT>> entry :
+            keyFormats.entrySet()) {
+          if (!keyTemplateMap.containsKey(entry.getKey())) {
+            throw new GeneralSecurityException(
+                "Attempted to register a new key template "
+                    + entry.getKey()
+                    + " from an existing key manager of type "
+                    + typeUrl);
+          }
+        }
+      } else {
+        // Check that new key managers can't overwrite existing key templates.
+        for (Map.Entry<String, KeyTypeManager.KeyFactory.KeyFormat<KeyFormatProtoT>> entry :
+            keyFormats.entrySet()) {
+
+          if (keyTemplateMap.containsKey(entry.getKey())) {
+            throw new GeneralSecurityException(
+                "Attempted overwrite of a registered key template " + entry.getKey());
+          }
+        }
+      }
+    }
   }
 
   /**
@@ -470,11 +512,28 @@ public static synchronized <P> void registerKeyManager(
       throw new IllegalArgumentException("key manager must be non-null.");
     }
     String typeUrl = manager.getKeyType();
-    ensureKeyManagerInsertable(typeUrl, manager.getClass(), newKeyAllowed);
+    // Use an empty key format because old-style key managers don't export their key formats
+    ensureKeyManagerInsertable(typeUrl, manager.getClass(), Collections.emptyMap(), newKeyAllowed);
     keyManagerMap.putIfAbsent(typeUrl, createContainerFor(manager));
     newKeyAllowedMap.put(typeUrl, Boolean.valueOf(newKeyAllowed));
   }
 
+  /**
+   * Tries to register {@code manager} for {@code manager.getKeyType()}. If {@code newKeyAllowed} is
+   * true, users can generate new keys with this manager using the {@link Registry#newKey} methods.
+   *
+   * <p>If there is an existing key manager, throws an exception if {@code manager} and the existing
+   * key manager aren't instances of the same class, or if {@code newKeyAllowed} is true while the
+   * existing key manager could not create new keys. Otherwise registration succeeds.
+   *
+   * <p>If {@code newKeyAllowed} is true, also tries to register the key templates supported by
+   * {@code manager}.
+   *
+   * @throws GeneralSecurityException if there's an existing key manager is not an instance of the
+   *     class of {@code manager}, or the registration tries to re-enable the generation of new
+   *     keys.
+   * @throws GeneralSecurityException if there's an existing key template.
+   */
   public static synchronized <KeyProtoT extends MessageLite> void registerKeyManager(
       final KeyTypeManager<KeyProtoT> manager, boolean newKeyAllowed)
       throws GeneralSecurityException {
@@ -482,10 +541,18 @@ public static synchronized <KeyProtoT extends MessageLite> void registerKeyManag
       throw new IllegalArgumentException("key manager must be non-null.");
     }
     String typeUrl = manager.getKeyType();
-    ensureKeyManagerInsertable(typeUrl, manager.getClass(), newKeyAllowed);
+    ensureKeyManagerInsertable(
+        typeUrl,
+        manager.getClass(),
+        newKeyAllowed ? manager.keyFactory().keyFormats() : Collections.emptyMap(),
+        newKeyAllowed);
+
     if (!keyManagerMap.containsKey(typeUrl)) {
       keyManagerMap.put(typeUrl, createContainerFor(manager));
       keyDeriverMap.put(typeUrl, createDeriverFor(manager));
+      if (newKeyAllowed) {
+        registerKeyTemplates(typeUrl, manager.keyFactory().keyFormats());
+      }
     }
     newKeyAllowedMap.put(typeUrl, Boolean.valueOf(newKeyAllowed));
   }
@@ -494,6 +561,9 @@ public static synchronized <KeyProtoT extends MessageLite> void registerKeyManag
    * Tries to register {@code manager} for {@code manager.getKeyType()}. If {@code newKeyAllowed} is
    * true, users can generate new keys with this manager using the {@link Registry#newKey} methods.
    *
+   * <p>If {@code newKeyAllowed} is true, also tries to register the key templates supported by
+   * {@code manager}.
+   *
    * <p>If there is an existing key manager, throws an exception if {@code manager} and the existing
    * key manager aren't instances of the same class, or if {@code newKeyAllowed} is true while the
    * existing key manager could not create new keys. Otherwise registration succeeds.
@@ -501,6 +571,7 @@ public static synchronized <KeyProtoT extends MessageLite> void registerKeyManag
    * @throws GeneralSecurityException if there's an existing key manager is not an instance of the
    *     class of {@code manager}, or the registration tries to re-enable the generation of new
    *     keys.
+   * @throws GeneralSecurityException if there's an existing key template.
    */
   public static synchronized <KeyProtoT extends MessageLite, PublicKeyProtoT extends MessageLite>
       void registerAsymmetricKeyManagers(
@@ -513,8 +584,14 @@ void registerAsymmetricKeyManagers(
     }
     String privateTypeUrl = privateKeyTypeManager.getKeyType();
     String publicTypeUrl = publicKeyTypeManager.getKeyType();
-    ensureKeyManagerInsertable(privateTypeUrl, privateKeyTypeManager.getClass(), newKeyAllowed);
-    ensureKeyManagerInsertable(publicTypeUrl, publicKeyTypeManager.getClass(), false);
+    ensureKeyManagerInsertable(
+        privateTypeUrl,
+        privateKeyTypeManager.getClass(),
+        newKeyAllowed ? privateKeyTypeManager.keyFactory().keyFormats() : Collections.emptyMap(),
+        newKeyAllowed);
+    // No key format because a public key manager cannot create new keys
+    ensureKeyManagerInsertable(
+        publicTypeUrl, publicKeyTypeManager.getClass(), Collections.emptyMap(), false);
     if (privateTypeUrl.equals(publicTypeUrl)) {
       throw new GeneralSecurityException("Private and public key type must be different.");
     }
@@ -548,6 +625,10 @@ void registerAsymmetricKeyManagers(
           privateTypeUrl,
           createPrivateKeyContainerFor(privateKeyTypeManager, publicKeyTypeManager));
       keyDeriverMap.put(privateTypeUrl, createDeriverFor(privateKeyTypeManager));
+      if (newKeyAllowed) {
+        registerKeyTemplates(
+            privateKeyTypeManager.getKeyType(), privateKeyTypeManager.keyFactory().keyFormats());
+      }
     }
     newKeyAllowedMap.put(privateTypeUrl, newKeyAllowed);
     if (!keyManagerMap.containsKey(publicTypeUrl)) {
@@ -558,6 +639,20 @@ void registerAsymmetricKeyManagers(
     newKeyAllowedMap.put(publicTypeUrl, false);
   }
 
+  private static <KeyFormatProtoT extends MessageLite> void registerKeyTemplates(
+      String typeUrl,
+      Map<String, KeyTypeManager.KeyFactory.KeyFormat<KeyFormatProtoT>> keyFormats) {
+    for (Map.Entry<String, KeyTypeManager.KeyFactory.KeyFormat<KeyFormatProtoT>> entry :
+        keyFormats.entrySet()) {
+      keyTemplateMap.put(
+          entry.getKey(),
+          KeyTemplate.create(
+              typeUrl,
+              entry.getValue().keyFormat.toByteArray(),
+              entry.getValue().outputPrefixType));
+    }
+  }
+
   /**
    * Tries to register {@code manager} for the given {@code typeUrl}. Users can generate new keys
    * with this manager using the {@link Registry#newKey} methods.
@@ -739,8 +834,8 @@ public static synchronized KeyData newKeyData(com.google.crypto.tink.KeyTemplate
    *
    * @return a new key
    */
-  public static synchronized MessageLite newKey(KeyTemplate keyTemplate)
-      throws GeneralSecurityException {
+  public static synchronized MessageLite newKey(
+      com.google.crypto.tink.proto.KeyTemplate keyTemplate) throws GeneralSecurityException {
     KeyManager<?> manager = getUntypedKeyManager(keyTemplate.getTypeUrl());
     if (newKeyAllowedMap.get(keyTemplate.getTypeUrl()).booleanValue()) {
       return manager.newKey(keyTemplate.getValue());
@@ -778,7 +873,8 @@ public static synchronized MessageLite newKey(String typeUrl, MessageLite format
    *
    * <p>This functions ignores {@code keyTemplate.getOutputPrefix()}.
    */
-  static synchronized KeyData deriveKey(KeyTemplate keyTemplate, InputStream randomStream)
+  static synchronized KeyData deriveKey(
+      com.google.crypto.tink.proto.KeyTemplate keyTemplate, InputStream randomStream)
       throws GeneralSecurityException {
     String typeUrl = keyTemplate.getTypeUrl();
     if (!keyDeriverMap.containsKey(typeUrl)) {
@@ -965,6 +1061,14 @@ public static <P> P wrap(PrimitiveSet<P> primitiveSet)
     return wrap(primitiveSet, primitiveSet.getPrimitiveClass());
   }
 
+  /**
+   * Returns an immutable map of key templates and their names supported by registered key managers
+   * that are allowed to generate new keys.
+   */
+  public static synchronized Map<String, KeyTemplate> keyTemplates() {
+    return Collections.unmodifiableMap(keyTemplateMap);
+  }
+
   /**
    * Returns the input primitive required when creating a {@code wrappedPrimitive}.
    *
diff --git a/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java
index dbcc1f6742..20e3fdad25 100644
--- a/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java
@@ -32,6 +32,9 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * This key manager generates new {@code AesGcmKey} keys and produces new instances of {@code
@@ -116,6 +119,16 @@ public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream inputStream)
           throw new GeneralSecurityException("Reading pseudorandomness failed", e);
         }
       }
+
+      @Override
+      public Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats() {
+        Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> result = new HashMap<>();
+        result.put("AES128_GCM", createKeyFormat(16, KeyTemplate.OutputPrefixType.TINK));
+        result.put("AES128_GCM_RAW", createKeyFormat(16, KeyTemplate.OutputPrefixType.RAW));
+        result.put("AES256_GCM", createKeyFormat(32, KeyTemplate.OutputPrefixType.TINK));
+        result.put("AES256_GCM_RAW", createKeyFormat(32, KeyTemplate.OutputPrefixType.RAW));
+        return Collections.unmodifiableMap(result);
+      }
     };
   }
 
@@ -197,4 +210,10 @@ private static KeyTemplate createKeyTemplate(
     return KeyTemplate.create(
         new AesGcmKeyManager().getKeyType(), format.toByteArray(), prefixType);
   }
+
+  private static KeyFactory.KeyFormat<AesGcmKeyFormat> createKeyFormat(
+      int keySize, KeyTemplate.OutputPrefixType prefixType) {
+    AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(keySize).build();
+    return new KeyFactory.KeyFormat<>(format, prefixType);
+  }
 }
diff --git a/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java b/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java
index 98e43c1f96..2624f4ff61 100644
--- a/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java
@@ -38,7 +38,6 @@
 import com.google.crypto.tink.proto.KeyData;
 import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
 import com.google.crypto.tink.proto.KeyStatusType;
-import com.google.crypto.tink.proto.KeyTemplate;
 import com.google.crypto.tink.proto.Keyset;
 import com.google.crypto.tink.proto.OutputPrefixType;
 import com.google.crypto.tink.signature.SignatureKeyTemplates;
@@ -56,6 +55,9 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.GeneralSecurityException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -181,8 +183,7 @@ public void testGetKeyManager_shouldWorkHmac() throws Exception {
   @Test
   public void testGetKeyManager_legacy_wrongType_shouldThrowException() throws Exception {
     KeyManager<Aead> wrongType = Registry.getKeyManager(MacConfig.HMAC_TYPE_URL);
-    KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
-    HmacKey hmacKey = (HmacKey) Registry.newKey(template);
+    HmacKey hmacKey = (HmacKey) Registry.newKey(MacKeyTemplates.HMAC_SHA256_128BITTAG);
 
     ClassCastException e =
         assertThrows(
@@ -398,7 +399,7 @@ public void testGetPrimitive_AesGcm_shouldWork() throws Exception {
 
   @Test
   public void testGetPrimitive_legacy_Hmac_shouldWork() throws Exception {
-    KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
+    com.google.crypto.tink.proto.KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
     HmacKey hmacKey = (HmacKey) Registry.newKey(template);
     KeyData hmacKeyData = Registry.newKeyData(template);
     Mac mac = Registry.getPrimitive(hmacKeyData);
@@ -413,7 +414,7 @@ public void testGetPrimitive_legacy_Hmac_shouldWork() throws Exception {
 
   @Test
   public void testGetPrimitive_Hmac_shouldWork() throws Exception {
-    KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
+    com.google.crypto.tink.proto.KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG;
     HmacKey hmacKey = (HmacKey) Registry.newKey(template);
     KeyData hmacKeyData = Registry.newKeyData(template);
     Mac mac = Registry.getPrimitive(hmacKeyData, Mac.class);
@@ -520,8 +521,26 @@ public void testNewKeyData_keyTemplateClass_unregisteredTypeUrl_throwsException(
     assertThrows(GeneralSecurityException.class, () -> Registry.newKeyData(template));
   }
 
+  private static Map<String, KeyTypeManager.KeyFactory.KeyFormat<AesGcmKeyFormat>>
+      createTestAesGcmKeyFormats() {
+    Map<String, KeyTypeManager.KeyFactory.KeyFormat<AesGcmKeyFormat>> formats = new HashMap<>();
+    formats.put(
+        "TINK",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            AesGcmKeyFormat.newBuilder().setKeySize(16).build(),
+            KeyTemplate.OutputPrefixType.TINK));
+    formats.put(
+        "RAW",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            AesGcmKeyFormat.newBuilder().setKeySize(32).build(), KeyTemplate.OutputPrefixType.RAW));
+    return Collections.unmodifiableMap(formats);
+  }
+
   /** Implementation of a KeyTypeManager for testing. */
   private static class TestKeyTypeManager extends KeyTypeManager<AesGcmKey> {
+    private Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats =
+        createTestAesGcmKeyFormats();
+
     public TestKeyTypeManager() {
       super(
           AesGcmKey.class,
@@ -539,6 +558,24 @@ public FakeAead getPrimitive(AesGcmKey key) {
           });
     }
 
+    public TestKeyTypeManager(Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats) {
+      super(
+          AesGcmKey.class,
+          new PrimitiveFactory<Aead, AesGcmKey>(Aead.class) {
+            @Override
+            public Aead getPrimitive(AesGcmKey key) throws GeneralSecurityException {
+              return new AesGcmJce(key.getKeyValue().toByteArray());
+            }
+          },
+          new PrimitiveFactory<FakeAead, AesGcmKey>(FakeAead.class) {
+            @Override
+            public FakeAead getPrimitive(AesGcmKey key) {
+              return new FakeAead();
+            }
+          });
+      this.keyFormats = keyFormats;
+    }
+
     @Override
     public String getKeyType() {
       return "type.googleapis.com/google.crypto.tink.AesGcmKey";
@@ -606,6 +643,11 @@ public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream stream)
               .setVersion(getVersion())
               .build();
         }
+
+        @Override
+        public Map<String, KeyFactory.KeyFormat<AesGcmKeyFormat>> keyFormats() {
+          return keyFormats;
+        }
       };
     }
   }
@@ -616,6 +658,77 @@ public void testRegisterKeyTypeManager() throws Exception {
     Registry.registerKeyManager(new TestKeyTypeManager(), true);
   }
 
+  @Test
+  public void testRegisterKeyTypeManager_keyTemplates_works() throws Exception {
+    Registry.reset();
+    assertThat(Registry.keyTemplates()).isEmpty();
+
+    Registry.registerKeyManager(new TestKeyTypeManager(), true);
+
+    assertThat(Registry.keyTemplates()).hasSize(2);
+
+    assertThat(Registry.keyTemplates()).containsKey("TINK");
+    assertThat(Registry.keyTemplates().get("TINK").getTypeUrl())
+        .isEqualTo(new TestKeyTypeManager().getKeyType());
+    assertThat(Registry.keyTemplates().get("TINK").getOutputPrefixType())
+        .isEqualTo(KeyTemplate.OutputPrefixType.TINK);
+
+    assertThat(Registry.keyTemplates()).containsKey("RAW");
+    assertThat(Registry.keyTemplates().get("RAW").getTypeUrl())
+        .isEqualTo(new TestKeyTypeManager().getKeyType());
+    assertThat(Registry.keyTemplates().get("RAW").getOutputPrefixType())
+        .isEqualTo(KeyTemplate.OutputPrefixType.RAW);
+  }
+
+  @Test
+  public void testRegisterKeyTypeManager_disallowedNewKey_keyTemplates_works() throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestKeyTypeManager(), false);
+    assertThat(Registry.keyTemplates()).isEmpty();
+  }
+
+  @Test
+  public void testRegisterKeyTypeManager_existingKeyManager_noNewKeyTemplate_works()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestKeyTypeManager(), true);
+    Registry.registerKeyManager(new TestKeyTypeManager(), true);
+  }
+
+  @Test
+  public void testRegisterKeyTypeManager_existingKeyManager_newKeyTemplate_fails()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestKeyTypeManager(), true);
+
+    Map<String, KeyTypeManager.KeyFactory.KeyFormat<AesGcmKeyFormat>> formats = new HashMap<>();
+    formats.put(
+        "NEW_KEY_TEMPLATE_NAME",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            AesGcmKeyFormat.newBuilder().setKeySize(16).build(),
+            KeyTemplate.OutputPrefixType.TINK));
+
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> Registry.registerKeyManager(new TestKeyTypeManager(formats), true));
+  }
+
+  @Test
+  public void testRegisterKeyTypeManager_newKeyManager_existingKeyTemplate_fails()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestKeyTypeManager(), true);
+
+    TestKeyTypeManager manager =
+        new TestKeyTypeManager() {
+          @Override
+          public String getKeyType() {
+            return "blah";
+          }
+        };
+    assertThrows(GeneralSecurityException.class, () -> Registry.registerKeyManager(manager, true));
+  }
+
   @Test
   public void testRegisterKeyTypeManager_getKeyManagerAead_works() throws Exception {
     Registry.reset();
@@ -735,11 +848,12 @@ public void testDeriveKey_succeeds() throws Exception {
     Registry.reset();
     Registry.registerKeyManager(new TestKeyTypeManager(), true);
     AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(16).build();
-    KeyTemplate template = KeyTemplate.newBuilder()
-        .setValue(format.toByteString())
-        .setTypeUrl(new TestKeyTypeManager().getKeyType())
-        .setOutputPrefixType(OutputPrefixType.TINK)
-        .build();
+    com.google.crypto.tink.proto.KeyTemplate template =
+        com.google.crypto.tink.proto.KeyTemplate.newBuilder()
+            .setValue(format.toByteString())
+            .setTypeUrl(new TestKeyTypeManager().getKeyType())
+            .setOutputPrefixType(OutputPrefixType.TINK)
+            .build();
 
     byte[] keyMaterial = Random.randBytes(100);
     KeyData keyData =  Registry.deriveKey(template, new ByteArrayInputStream(keyMaterial));
@@ -758,11 +872,12 @@ public void testDeriveKey_wrongKeySize_validateThrows() throws Exception {
     Registry.reset();
     Registry.registerKeyManager(new TestKeyTypeManager(), true);
     AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(32).build();
-    KeyTemplate template = KeyTemplate.newBuilder()
-        .setValue(format.toByteString())
-        .setTypeUrl(new TestKeyTypeManager().getKeyType())
-        .setOutputPrefixType(OutputPrefixType.TINK)
-        .build();
+    com.google.crypto.tink.proto.KeyTemplate template =
+        com.google.crypto.tink.proto.KeyTemplate.newBuilder()
+            .setValue(format.toByteString())
+            .setTypeUrl(new TestKeyTypeManager().getKeyType())
+            .setOutputPrefixType(OutputPrefixType.TINK)
+            .build();
     ByteArrayInputStream emptyInput = new ByteArrayInputStream(new byte[0]);
     GeneralSecurityException e =
         assertThrows(
@@ -773,8 +888,8 @@ public void testDeriveKey_wrongKeySize_validateThrows() throws Exception {
   @Test
   public void testDeriveKey_inexistantKeyMananger_throws() throws Exception {
     Registry.reset();
-    KeyTemplate template =
-        KeyTemplate.newBuilder()
+    com.google.crypto.tink.proto.KeyTemplate template =
+        com.google.crypto.tink.proto.KeyTemplate.newBuilder()
             .setValue(AesGcmKeyFormat.getDefaultInstance().toByteString())
             .setTypeUrl(new TestKeyTypeManager().getKeyType())
             .setOutputPrefixType(OutputPrefixType.TINK)
@@ -841,6 +956,20 @@ private static class PrivatePrimitiveA {}
 
   private static class PrivatePrimitiveB {}
 
+  private static Map<String, KeyTypeManager.KeyFactory.KeyFormat<Ed25519KeyFormat>>
+      createTestEd25519KeyFormats() {
+    Map<String, KeyTypeManager.KeyFactory.KeyFormat<Ed25519KeyFormat>> formats = new HashMap<>();
+    formats.put(
+        "TINK",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.TINK));
+    formats.put(
+        "RAW",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.RAW));
+    return Collections.unmodifiableMap(formats);
+  }
+
   private static class TestPrivateKeyTypeManager
       extends PrivateKeyTypeManager<Ed25519PrivateKey, Ed25519PublicKey> {
     public TestPrivateKeyTypeManager() {
@@ -895,11 +1024,134 @@ public Ed25519PublicKey getPublicKey(Ed25519PrivateKey privateKey) {
     }
   }
 
+  private static class TestPrivateKeyTypeManagerWithKeyFactory extends TestPrivateKeyTypeManager {
+    private Map<String, KeyTypeManager.KeyFactory.KeyFormat<Ed25519KeyFormat>> keyFormats =
+        createTestEd25519KeyFormats();
+
+    public TestPrivateKeyTypeManagerWithKeyFactory() {
+      super();
+    }
+
+    public TestPrivateKeyTypeManagerWithKeyFactory(
+        Map<String, KeyTypeManager.KeyFactory.KeyFormat<Ed25519KeyFormat>> keyFormats) {
+      super();
+      this.keyFormats = keyFormats;
+    }
+
+    @Override
+    public KeyFactory<Ed25519KeyFormat, Ed25519PrivateKey> keyFactory() {
+      return new KeyFactory<Ed25519KeyFormat, Ed25519PrivateKey>(Ed25519KeyFormat.class) {
+        @Override
+        public void validateKeyFormat(Ed25519KeyFormat format) throws GeneralSecurityException {}
+
+        @Override
+        public Ed25519KeyFormat parseKeyFormat(ByteString byteString)
+            throws InvalidProtocolBufferException {
+          return Ed25519KeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
+        }
+
+        @Override
+        public Ed25519PrivateKey createKey(Ed25519KeyFormat format)
+            throws GeneralSecurityException {
+          return Ed25519PrivateKey.newBuilder()
+              .setKeyValue(ByteString.copyFrom("created", UTF_8))
+              .build();
+        }
+
+        @Override
+        public Ed25519PrivateKey deriveKey(Ed25519KeyFormat format, InputStream inputStream)
+            throws GeneralSecurityException {
+          return Ed25519PrivateKey.newBuilder()
+              .setKeyValue(ByteString.copyFrom("derived", UTF_8))
+              .build();
+        }
+
+        @Override
+        public Map<String, KeyFactory.KeyFormat<Ed25519KeyFormat>> keyFormats() {
+          return keyFormats;
+        }
+      };
+    }
+  }
+
   @Test
   public void testRegisterAssymmetricKeyManagers() throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+  }
+
+  @Test
+  public void testRegisterAssymmetricKeyManagers_keyTemplates_works() throws Exception {
+    Registry.reset();
+    assertThat(Registry.keyTemplates()).isEmpty();
+
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true);
+
+    assertThat(Registry.keyTemplates()).hasSize(2);
+
+    assertThat(Registry.keyTemplates()).containsKey("TINK");
+    assertThat(Registry.keyTemplates().get("TINK").getTypeUrl())
+        .isEqualTo(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType());
+    assertThat(Registry.keyTemplates().get("TINK").getOutputPrefixType())
+        .isEqualTo(KeyTemplate.OutputPrefixType.TINK);
+
+    assertThat(Registry.keyTemplates()).containsKey("RAW");
+    assertThat(Registry.keyTemplates().get("RAW").getTypeUrl())
+        .isEqualTo(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType());
+    assertThat(Registry.keyTemplates().get("RAW").getOutputPrefixType())
+        .isEqualTo(KeyTemplate.OutputPrefixType.RAW);
+  }
+
+  @Test
+  public void testRegisterAssymmetricKeyManagers_disallowedNewKey_keyTemplates_works()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), false);
+    assertThat(Registry.keyTemplates()).isEmpty();
+  }
+
+  @Test
+  public void testRegisterAssymmetricKeyManagers_existingKeyManager_noNewKeyTemplate_works()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true);
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true);
+  }
+
+  @Test
+  public void testRegisterAssymmetricKeyManagers_existingKeyManager_newKeyTemplate_fails()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true);
+
+    Map<String, KeyTypeManager.KeyFactory.KeyFormat<Ed25519KeyFormat>> formats = new HashMap<>();
+    formats.put(
+        "NEW_KEY_TEMPLATE_NAME",
+        new KeyTypeManager.KeyFactory.KeyFormat<>(
+            Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.TINK));
+
+    assertThrows(
+        GeneralSecurityException.class,
+        () ->
+            Registry.registerKeyManager(
+                new TestPrivateKeyTypeManagerWithKeyFactory(formats), true));
+  }
+
+  @Test
+  public void testRegisterAssymmetricKeyManagers_newKeyManager_existingKeyTemplate_fails()
+      throws Exception {
+    Registry.reset();
+    Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true);
+
+    TestPrivateKeyTypeManagerWithKeyFactory manager =
+        new TestPrivateKeyTypeManagerWithKeyFactory() {
+          @Override
+          public String getKeyType() {
+            return "blah";
+          }
+        };
+    assertThrows(GeneralSecurityException.class, () -> Registry.registerKeyManager(manager, true));
   }
 
   @Test
@@ -907,7 +1159,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPrimitiveA_wo
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<PrivatePrimitiveA> km =
         Registry.getKeyManager(
             new TestPrivateKeyTypeManager().getKeyType(), PrivatePrimitiveA.class);
@@ -919,7 +1171,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPrimitiveB_wo
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<PrivatePrimitiveB> km =
         Registry.getKeyManager(
             new TestPrivateKeyTypeManager().getKeyType(), PrivatePrimitiveB.class);
@@ -931,7 +1183,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPublicA_works
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<PublicPrimitiveA> km =
         Registry.getKeyManager(new TestPublicKeyTypeManager().getKeyType(), PublicPrimitiveA.class);
     assertThat(km.getKeyType()).isEqualTo(new TestPublicKeyTypeManager().getKeyType());
@@ -942,7 +1194,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPublicB_works
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<PublicPrimitiveB> km =
         Registry.getKeyManager(new TestPublicKeyTypeManager().getKeyType(), PublicPrimitiveB.class);
     assertThat(km.getKeyType()).isEqualTo(new TestPublicKeyTypeManager().getKeyType());
@@ -953,7 +1205,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerWrongPrimitiv
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     GeneralSecurityException e =
         assertThrows(
             GeneralSecurityException.class,
@@ -968,7 +1220,7 @@ public void testRegisterAssymmetricKeyManagers_getPublicKeyManagerWrongPrimitive
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     GeneralSecurityException e =
         assertThrows(
             GeneralSecurityException.class,
@@ -985,7 +1237,7 @@ public void testRegisterAssymmetricKeyManagers_getUntypedPrivateKeyManager_retur
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<?> km = Registry.getUntypedKeyManager(new TestPrivateKeyTypeManager().getKeyType());
     assertThat(km.getPrimitiveClass()).isEqualTo(PrivatePrimitiveA.class);
   }
@@ -997,32 +1249,44 @@ public void testRegisterAssymmetricKeyManagers_getUntypedPublicKeyManager_return
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     KeyManager<?> km = Registry.getUntypedKeyManager(new TestPublicKeyTypeManager().getKeyType());
     assertThat(km.getPrimitiveClass()).isEqualTo(PublicPrimitiveA.class);
   }
 
+  @Test
+  public void testRegisterAssymmetricKeyManagers_newKeyAllowed_withoutKeyFactory_fails()
+      throws Exception {
+    Registry.reset();
+    assertThrows(
+        UnsupportedOperationException.class,
+        () ->
+            Registry.registerAsymmetricKeyManagers(
+                new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true));
+  }
+
   @Test
   public void testRegisterAssymmetricKeyManagers_MoreRestrictedNewKeyAllowed_shouldWork()
       throws Exception {
     Registry.reset();
+
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false);
   }
 
   @Test
   public void testRegisterAssymmetricKeyManagers_SameNewKeyAllowed_shouldWork() throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false);
   }
 
   @Test
@@ -1030,12 +1294,14 @@ public void testRegisterAssymmetricKeyManagers_LessRestrictedNewKeyAllowed_throw
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false);
     assertThrows(
         GeneralSecurityException.class,
         () ->
             Registry.registerAsymmetricKeyManagers(
-                new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true));
+                new TestPrivateKeyTypeManagerWithKeyFactory(),
+                new TestPublicKeyTypeManager(),
+                true));
   }
 
   @Test
@@ -1044,7 +1310,7 @@ public void testRegisterAssymmetricKeyManagers_PublicKeyManagerCanBeRegisteredAl
     Registry.reset();
     Registry.registerKeyManager(new TestPublicKeyTypeManager(), false);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true);
     Registry.registerKeyManager(new TestPublicKeyTypeManager(), false);
   }
 
@@ -1054,7 +1320,7 @@ public void testRegisterAssymmetricKeyManagers_PublicKeyManagerReRegister_getPub
     Registry.reset();
     Registry.registerKeyManager(new TestPublicKeyTypeManager(), false);
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     Registry.registerKeyManager(new TestPublicKeyTypeManager(), false);
 
     // Check that getPublicKeyData works now.
@@ -1080,12 +1346,12 @@ public void testRegisterAssymmetricKeyManagers_DifferentClassPrivateKey_throws()
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     assertThrows(
         GeneralSecurityException.class,
         () ->
             Registry.registerAsymmetricKeyManagers(
-                new TestPrivateKeyTypeManager() {}, new TestPublicKeyTypeManager(), true));
+                new TestPrivateKeyTypeManager() {}, new TestPublicKeyTypeManager(), false));
   }
 
   @Test
@@ -1093,13 +1359,13 @@ public void testRegisterAssymmetricKeyManagers_DifferentClassPublicKey_throws()
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     assertThrows(
         GeneralSecurityException.class,
         () ->
             Registry.registerAsymmetricKeyManagers(
                 // Note: due to the {} this is a subclass of TestPublicKeyTypeManager.
-                new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager() {}, true));
+                new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager() {}, false));
   }
 
   @Test
@@ -1107,11 +1373,11 @@ public void testRegisterAssymmetricKeyManagers_thenNormalRegister_throws()
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     assertThrows(
         GeneralSecurityException.class,
         // Note: due to the {} this is a subclass of TestPublicKeyTypeManager.
-        () -> Registry.registerKeyManager(new TestPrivateKeyTypeManager() {}, true));
+        () -> Registry.registerKeyManager(new TestPrivateKeyTypeManager() {}, false));
   }
 
   @Test
@@ -1119,11 +1385,11 @@ public void testRegisterAssymmetricKeyManagers_thenNormalRegisterForPublic_throw
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     assertThrows(
         GeneralSecurityException.class,
         // Note: due to the {} this is a subclass of TestPublicKeyTypeManager.
-        () -> Registry.registerKeyManager(new TestPublicKeyTypeManager() {}, true));
+        () -> Registry.registerKeyManager(new TestPublicKeyTypeManager() {}, false));
   }
 
   @Test
@@ -1131,7 +1397,7 @@ public void testRegisterAssymmetricKeyManagers_ThrowsWithDifferentPublicKeyManag
       throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
     GeneralSecurityException e =
         assertThrows(
             GeneralSecurityException.class,
@@ -1144,7 +1410,7 @@ public String getKeyType() {
                         return "bla";
                       }
                     },
-                    true));
+                    false));
     assertExceptionContains(e, "public key manager corresponding to");
   }
 
@@ -1152,9 +1418,9 @@ public String getKeyType() {
   public void testAsymmetricKeyManagers_deriveKey_withoutKeyFactory() throws Exception {
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true);
-    KeyTemplate template =
-        KeyTemplate.newBuilder()
+        new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false);
+    com.google.crypto.tink.proto.KeyTemplate template =
+        com.google.crypto.tink.proto.KeyTemplate.newBuilder()
             .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString())
             .setTypeUrl(new TestPrivateKeyTypeManager().getKeyType())
             .setOutputPrefixType(OutputPrefixType.TINK)
@@ -1167,49 +1433,15 @@ public void testAsymmetricKeyManagers_deriveKey_withoutKeyFactory() throws Excep
 
   @Test
   public void testAsymmetricKeyManagers_deriveKey() throws Exception {
-    TestPrivateKeyTypeManager testPrivateKeyTypeManagerWithDeriveKey =
-        new TestPrivateKeyTypeManager() {
-          @Override
-          public KeyFactory<Ed25519KeyFormat, Ed25519PrivateKey> keyFactory() {
-            return new KeyFactory<Ed25519KeyFormat, Ed25519PrivateKey>(Ed25519KeyFormat.class) {
-              @Override
-              public void validateKeyFormat(Ed25519KeyFormat format)
-                  throws GeneralSecurityException {}
-
-              @Override
-              public Ed25519KeyFormat parseKeyFormat(ByteString byteString)
-                  throws InvalidProtocolBufferException {
-                return Ed25519KeyFormat.parseFrom(
-                    byteString, ExtensionRegistryLite.getEmptyRegistry());
-              }
-
-              @Override
-              public Ed25519PrivateKey createKey(Ed25519KeyFormat format)
-                  throws GeneralSecurityException {
-                return Ed25519PrivateKey.newBuilder()
-                    .setKeyValue(ByteString.copyFrom("created", UTF_8))
-                    .build();
-              }
-
-              @Override
-              public Ed25519PrivateKey deriveKey(Ed25519KeyFormat format, InputStream inputStream)
-                  throws GeneralSecurityException {
-                return Ed25519PrivateKey.newBuilder()
-                    .setKeyValue(ByteString.copyFrom("derived", UTF_8))
-                    .build();
-              }
-            };
-          }
-        };
-
     Registry.reset();
     Registry.registerAsymmetricKeyManagers(
-        testPrivateKeyTypeManagerWithDeriveKey, new TestPublicKeyTypeManager(), true);
-    KeyTemplate template = KeyTemplate.newBuilder()
-        .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString())
-        .setTypeUrl(testPrivateKeyTypeManagerWithDeriveKey.getKeyType())
-        .setOutputPrefixType(OutputPrefixType.TINK)
-        .build();
+        new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true);
+    com.google.crypto.tink.proto.KeyTemplate template =
+        com.google.crypto.tink.proto.KeyTemplate.newBuilder()
+            .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString())
+            .setTypeUrl(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType())
+            .setOutputPrefixType(OutputPrefixType.TINK)
+            .build();
 
     KeyData keyData =  Registry.deriveKey(template, new ByteArrayInputStream(new byte[0]));
     Ed25519PrivateKey key =
diff --git a/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java
index e7fe7bab36..9e1ed5580a 100644
--- a/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java
@@ -465,4 +465,13 @@ public void testKeyTemplateAndManagerCompatibility() throws Exception {
     testKeyTemplateCompatible(manager, AesGcmKeyManager.aes256GcmTemplate());
     testKeyTemplateCompatible(manager, AesGcmKeyManager.rawAes256GcmTemplate());
   }
+
+  @Test
+  public void testKeyFormats() throws Exception {
+    factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM").keyFormat);
+    factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_RAW").keyFormat);
+
+    factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM").keyFormat);
+    factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_RAW").keyFormat);
+  }
 }
diff --git a/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel
index 30545b865f..a17d1e68bb 100644
--- a/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel
+++ b/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel
@@ -117,6 +117,7 @@ java_test(
         "@com_google_protobuf//:protobuf_javalite",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
+        "@maven//:pl_pragmatists_JUnitParams",
     ],
 )