IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1 API Documentation: Class IAIK

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.security.provider
Class IAIK

java.lang.Object
  |
  +--java.util.Dictionary
        |
        +--java.util.Hashtable
              |
              +--java.util.Properties
                    |
                    +--java.security.Provider
                          |
                          +--iaik.utils.ExtendedProvider
                                |
                                +--iaik.security.provider.IAIK

All Implemented Interfaces:: Cloneable, Map, Serializable

public final class IAIK
extends ExtendedProvider

This class represents the master class of the IAIK Security Package Provider (SPP) for the Java Security API.

The provider architecture has been introduced by the Java Cryptographic Architecture (JCA) making it possible for different cryptographic implementations to operate on common interfaces (consult the Java Cryptography Architecture API Specification & Reference).

For generally accessing and using provider-specific algorithm implementations, engine classes and factory methods are used. Engine classes provide interfaces to the functioanlity of a type of cryptographic algorithm, and factory methods are used for obtaining some specific implementation. To get, for instance, an object of the MessageDigest engine class, use the corresponding getInstance factory method:

 MessageDigest md = MessageDigest.getInstance("AlgorithmName", "ProviderName");

Specifying a particular provider is optionally (for using the IAIK provider, specify "IAIK"). If no provider is stated, all actual providers are searched until one is found that implements the desired algorithm, e.g.:

 MessageDigest md5 = MessageDigest.getInstance("MD5");

If none of the installed providers supports the requested algorithm, a NoSuchAlgorithmException is thrown.

The term provider is an abbreviation for Cryptographic Package Provider and denotes a package or a set of packages supplying a concrete implementation of a subset of the cryptography aspects of the Java Security API (see JCA). A JCA provider may realize implementations of digital signature, message digest, and key pair generation algorithms. If the JCA API is extended by a Java Cryptography Extension (JCE) API for supporting encryption and key exchange, a provider additionaly may implement encryption and key exchange algorithms.

This class represents the master class of the IAIK security package provider. It extends the java.security.Provider class for registering the IAIK provider specific security implementations within the Java security architecture. The IAIK provider supports both, algorithm implemetations for JCA, and for the JCE extension. If you want to use it with JDK1.1.x, you will also have to add jdk11x_update.jar to your CLASSPATH. jdk11x_update.jar is just an IAIK implementation of the required JDK 1.2 classes which are not available in JDK 1.1.x. jdk11x_update.jar is included in the IAIK-JCE distribution which may be downloaded at http://jce.iaik.tugraz.at/download/. This IAIK provider master class automatically checks if the required JDK1.2 classes are included in your classpath and will trigger a RuntimeException if the check fails.
If you want to use the IAIK provider with Java 1.4 you will have to use the signed version (see installation instructions).

Note that depending on which IAIK JCE JAR file you are using not all algorithms may be available because of legal issues. In particular RC5, RC6, IDEA, and ESDH are not included in the default distribution. If you want to use those algorithms as well you need to download the full version of the JAR file, see the download page, but make sure you have understood the related legal and patent issues.

The following table lists the names - case sensitive (!) - of several algorithms supported by the IAIK provider. The table is devided into two parts. The first part contains the JCA related implementations, and the second part lists the JCE algorithms. For each algorithm, the corresponding specification and all registered aliases are reported. Please note, that IAIK-JCE handles the algorithm names case-sensitiv to be compatible with Java 1.1.

JCA implementations

Message Digest Algorithms
MessageDigest md = MessageDigest.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

Md2 (Message Digest 2) RSA Data Security, Inc.愀 MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value -

Md5 (Message Digest 5) RSA Data Security, Inc.愀 MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value -

SHA-1 (Secure Hash Algorithm) SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 160-bit hash value SHA, 1.3.14.3.2.18, SHA1

SHA224 (224 bit Secure Hash Algorithm) 224 bit message digest algorithm as proposed by NIST SHA-224

SHA256 (256 bit Secure Hash Algorithm) 256 bit message digest algorithm as proposed by NIST SHA-256

SHA384 (384 bit Secure Hash Algorithm) 384 bit message digest algorithm as proposed by NIST SHA-384

SHA512 (512 bit Secure Hash Algorithm) 512 bit message digest algorithm as proposed by NIST SHA-512

RIPEMD128 (RACE Integrity Primitives Evaluation Message Digest 128) 128-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3. RipeMd128, RIPEMD-128, 1.3.36.3.2.2

RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest 160) 160-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) ; specified in ISO/IEC 10118-3. RipeMd160, RIPEMD-160, 1.3.36.3.2.1

Digital Signature Algorithms²
Signature sig = Signature.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RawDSA (Raw Digital Signature Algorithm) "Raw" (input has to be already hashed with SHA-1) DSA signature algorithm as specified in FIPS PUB 186 -

DSA (Digital Signature Algorithm) DSS (DSA with SHA-1) signature algorithm as specified in FIPS PUB 186 SHA/DSA, SHA-1/DSA, DSS, SHAwithDSA, SHA1withDSA, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3

SSL/RSA (SSL with RSA encryption) RSA based signature algorithm using the SHA and MD5 hash algorithms for message digest computation as specified by the Secure Sockets Layer (SSL v3.0) protocol; in accordance to PKCS#1 -

MD2/RSA (MD2 with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the MD2 algorithm for message digest computation as specified in PKCS#1 MD2WithRSA, MD2withRSA, 1.2.840.113549.1.1.2

MD5/RSA (MD5 with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the MD5 algorithm for message digest computation as specified in PKCS#1 MD5WithRSA, MD5withRSA, 1.2.840.113549.1.1.4

SHA/RSA (SHA with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the Secure Hash Algorithm (SHA) for message digest computation; in accordance to PKCS#1 SHA-1/RSA, SHA1/RSA, SHAWithRSA, SHA1WithRSA, SHAwithRSA, SHA1withRSA, 1.3.14.3.2.29, 1.2.840.113549.1.1.5

SHA256/RSA (SHA256 with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the SHA-256 for message digest computation; in accordance to PKCS#1 SHA-256/RSA, SHA256WithRSA, SHA256withRSA, 1.2.840.113549.1.1.11

SHA384/RSA (SHA384 with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the SHA-384 for message digest computation; in accordance to PKCS#1 SHA-384/RSA, SHA384WithRSA, SHA384withRSA, 1.2.840.113549.1.1.12

SHA512/RSA (SHA512 with RSA encryption) RSA PKCS#1v1.5 based signature algorithm using the SHA-512 for message digest computation; in accordance to PKCS#1 SHA-512/RSA, SHA512WithRSA, SHA512withRSA, 1.2.840.113549.1.1.13

RIPEMD160/RSA (rsaSignatureWithRipemd160) RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd160 algorithm for message digest computation RipeMd160WithRSA, RipeMd160withRSA, RIPEMD-160/RSA, 1.3.36.3.3.1.2

RIPEMD128/RSA (rsaSignatureWithRipemd128) RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd128 algorithm for message digest computation RipeMd128WithRSA, RipeMd128withRSA, RIPEMD-128/RSA, 1.3.36.3.3.1.3

RSA (Raw RSA) Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do all the hashing and DigestInfo coding outside. RawRSA

RawRSASSA-PKCS1-v1_5 (Raw RSA PKCS1v1.5) Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do the hashing outside. RSAPkcs15, RawRSAPkcs15, RSASSA-PKCS1-v1_5, RawRSASSA-PKCS1-v1_5

MD2withRSAandMGF1 (RSA PSS with MD2 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using MD2 as hash and MGF1 as mask generation algorithm. -

MD5withRSAandMGF1 (RSA PSS with MD5 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using MD5 as hash and MGF1 as mask generation algorithm. -

SHA1withRSAandMGF1 (RSA PSS with SHA-1 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using SHA-1 as hash and MGF1 as mask generation algorithm. SHAwithRSAandMGF1, SHA-1withRSAandMGF1

SHA256withRSAandMGF1 (RSA PSS with SHA256 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using SHA256 as hash and MGF1 as mask generation algorithm. SHA-256withRSAandMGF1

SHA384withRSAandMGF1 (RSA PSS with SHA384 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using SHA384 as hash and MGF1 as mask generation algorithm. SHA-384withRSAandMGF1

SHA512withRSAandMGF1 (RSA PSS with SHA512 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using SHA512 as hash and MGF1 as mask generation algorithm. SHA-512withRSAandMGF1

RIPEMD128withRSAandMGF1 (RSA PSS with RipeMd128 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd128 as hash and MGF1 as mask generation algorithm. RIPEMD-128withRSAandMGF1

RIPEMD160withRSAandMGF1 (RSA PSS with RipeMd160 and MGF1) RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd160 as hash and MGF1 as mask generation algorithm. RIPEMD-160withRSAandMGF1

RSASSA-PSS (RSA PSS) RSA PKCS#1v2.1 PSS signature algorithm; all parameters have to be supplied by the application. RSAPss, PSS, 1.2.840.113549.1.1.10

RawRSASSA-PSS (Raw RSA PSS) RSA PKCS#1v2.1 PSS signature algorithm; all parameters and message hash have to be supplied by the application. RawRSAPss, RawPSS

Key Pair Generators
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RSA (RSA key pair generator) Key pair generation method for RSA encryption as described in PKCS#1 -

DSA (DSA key pair generator) Key pair generation method for the DSA algorithm as described in FIPS PUB 186 1.3.14.3.2.12, 1.2.840.10040.4.1

ESDH (ESDH Key Pair Generator) Key pair generator for Ephemeral Static Diffie Hellman key exchange as described in RFC 2631 ESDiffieHellman

Key Factories
KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RSA (RSA key factory) Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1 -

DSA (DSA key factory) Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186 1.3.14.3.2.12, 1.2.840.10040.4.1

Algorithm Parameters
AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DSA (DSA parameters) Algorithm parameters (p, q, g) representation for the Digital Signature Algorithm (DSA) -

RawRSASSA-PKCS1-v1_5 (RSA PKCS1v1.5 signature algorithm parameters) Algorithm parameters for the RSASSA-PKCS1-v1_5 signature scheme (see PKCS#1; only may be used to specify the hash algorithm when using a raw RSA PKCS1v1.5 signature engine RSASSA-PKCS1-v1_5, RSAPkcs15, RawRSAPkcs15

RSASSA-PSS (RSA PSS parameters) Algorithm parameters for the RSA PKCS#1v2.1 PSS signature scheme RSAPss, PSS, 1.2.840.113549.1.1.10

RSAES-OAEP (RSA OAEP parameters) Algorithm parameters for the RSA PKCS#1v2.1 OAEP encryption scheme RSAOaep, OAEP, 1.2.840.113549.1.1.7

MGF1 (MGF1 parameters) Algorithm parameters for the RSA PKCS#1v2.1 MGF1 mask generation function as used by the PSS signature and OAEP encryption scheme mgf1, 1.2.840.113549.1.1.8

Key Stores
KeyStore keyStore = KeyStore.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

IAIKKeyStore (IAIKKeyStore) The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 Password-Based Cryptography Standard KeyStore

Certificate Factories
X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

X.509 (X.509 certificate factory) Certifcate factory for generating X.509 certificates and CRLs (as specified in the RFC 2459) from their encodings -

Qualified (Qualified certificate factory) Certifcate factory for generating qualified certificates from their encodings according to the PKIX Qualified Certificate Profile -

Mask Generation Functions
MaskGenerationAlgorithm mga = MaskGenerationAlgorithm.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

MGF1 (PKCS#1v2.1) mask generation function MGF1 as used by the PSS signature and OAEP encryption scheme. mgf1, 1.2.840.113549.1.1.8

Secure Random Generators
SecureRandom random = new iaik.security.random.<Class Name>()

Class Name Specification -

SHA1Random A SHA-1 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

MD5Random A MD5 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

RipeMd160Random A RIPEMD-160 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

SHA256Random A SHA-256 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

SHA384Random A SHA-384 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

SHA512Random A SHA-512 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. -

SHA1FIPS186Random A SHA-1 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. -

RipeMd160FIPS186Random A RIPEMD-160 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. -

SHA256FIPS186Random A SHA-256 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. -

SHA384FIPS186Random A SHA-384 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. -

SHA512FIPS186Random A SHA-512 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. -

AnsiRandom A triple DES based secure random according to ANSI X9.17. -

JCA implementations
Message Digest Algorithms MessageDigest md = MessageDigest.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`Md2` (Message Digest 2)	RSA Data Security, Inc.愀 MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value	-
`Md5` (Message Digest 5)	RSA Data Security, Inc.愀 MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value	-
`SHA-1` (Secure Hash Algorithm)	SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 160-bit hash value	SHA, 1.3.14.3.2.18, SHA1
`SHA224` (224 bit Secure Hash Algorithm)	224 bit message digest algorithm as proposed by NIST	SHA-224
`SHA256` (256 bit Secure Hash Algorithm)	256 bit message digest algorithm as proposed by NIST	SHA-256
`SHA384` (384 bit Secure Hash Algorithm)	384 bit message digest algorithm as proposed by NIST	SHA-384
`SHA512` (512 bit Secure Hash Algorithm)	512 bit message digest algorithm as proposed by NIST	SHA-512
`RIPEMD128` (RACE Integrity Primitives Evaluation Message Digest 128)	128-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3.	RipeMd128, RIPEMD-128, 1.3.36.3.2.2
`RIPEMD160` (RACE Integrity Primitives Evaluation Message Digest 160)	160-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) ; specified in ISO/IEC 10118-3.	RipeMd160, RIPEMD-160, 1.3.36.3.2.1
Digital Signature Algorithms² Signature sig = Signature.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RawDSA` (Raw Digital Signature Algorithm)	"Raw" (input has to be already hashed with SHA-1) DSA signature algorithm as specified in FIPS PUB 186	-
`DSA` (Digital Signature Algorithm)	DSS (DSA with SHA-1) signature algorithm as specified in FIPS PUB 186	SHA/DSA, SHA-1/DSA, DSS, SHAwithDSA, SHA1withDSA, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3
`SSL/RSA` (SSL with RSA encryption)	RSA based signature algorithm using the SHA and MD5 hash algorithms for message digest computation as specified by the Secure Sockets Layer (SSL v3.0) protocol; in accordance to PKCS#1	-
`MD2/RSA` (MD2 with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the MD2 algorithm for message digest computation as specified in PKCS#1	MD2WithRSA, MD2withRSA, 1.2.840.113549.1.1.2
`MD5/RSA` (MD5 with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the MD5 algorithm for message digest computation as specified in PKCS#1	MD5WithRSA, MD5withRSA, 1.2.840.113549.1.1.4
`SHA/RSA` (SHA with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the Secure Hash Algorithm (SHA) for message digest computation; in accordance to PKCS#1	SHA-1/RSA, SHA1/RSA, SHAWithRSA, SHA1WithRSA, SHAwithRSA, SHA1withRSA, 1.3.14.3.2.29, 1.2.840.113549.1.1.5
`SHA256/RSA` (SHA256 with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the SHA-256 for message digest computation; in accordance to PKCS#1	SHA-256/RSA, SHA256WithRSA, SHA256withRSA, 1.2.840.113549.1.1.11
`SHA384/RSA` (SHA384 with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the SHA-384 for message digest computation; in accordance to PKCS#1	SHA-384/RSA, SHA384WithRSA, SHA384withRSA, 1.2.840.113549.1.1.12
`SHA512/RSA` (SHA512 with RSA encryption)	RSA PKCS#1v1.5 based signature algorithm using the SHA-512 for message digest computation; in accordance to PKCS#1	SHA-512/RSA, SHA512WithRSA, SHA512withRSA, 1.2.840.113549.1.1.13
`RIPEMD160/RSA` (rsaSignatureWithRipemd160)	RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd160 algorithm for message digest computation	RipeMd160WithRSA, RipeMd160withRSA, RIPEMD-160/RSA, 1.3.36.3.3.1.2
`RIPEMD128/RSA` (rsaSignatureWithRipemd128)	RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd128 algorithm for message digest computation	RipeMd128WithRSA, RipeMd128withRSA, RIPEMD-128/RSA, 1.3.36.3.3.1.3
`RSA` (Raw RSA)	Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do all the hashing and DigestInfo coding outside.	RawRSA
`RawRSASSA-PKCS1-v1_5` (Raw RSA PKCS1v1.5)	Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do the hashing outside.	RSAPkcs15, RawRSAPkcs15, RSASSA-PKCS1-v1_5, RawRSASSA-PKCS1-v1_5
`MD2withRSAandMGF1` (RSA PSS with MD2 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using MD2 as hash and MGF1 as mask generation algorithm.	-
`MD5withRSAandMGF1` (RSA PSS with MD5 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using MD5 as hash and MGF1 as mask generation algorithm.	-
`SHA1withRSAandMGF1` (RSA PSS with SHA-1 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using SHA-1 as hash and MGF1 as mask generation algorithm.	SHAwithRSAandMGF1, SHA-1withRSAandMGF1
`SHA256withRSAandMGF1` (RSA PSS with SHA256 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using SHA256 as hash and MGF1 as mask generation algorithm.	SHA-256withRSAandMGF1
`SHA384withRSAandMGF1` (RSA PSS with SHA384 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using SHA384 as hash and MGF1 as mask generation algorithm.	SHA-384withRSAandMGF1
`SHA512withRSAandMGF1` (RSA PSS with SHA512 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using SHA512 as hash and MGF1 as mask generation algorithm.	SHA-512withRSAandMGF1
`RIPEMD128withRSAandMGF1` (RSA PSS with RipeMd128 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd128 as hash and MGF1 as mask generation algorithm.	RIPEMD-128withRSAandMGF1
`RIPEMD160withRSAandMGF1` (RSA PSS with RipeMd160 and MGF1)	RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd160 as hash and MGF1 as mask generation algorithm.	RIPEMD-160withRSAandMGF1
`RSASSA-PSS` (RSA PSS)	RSA PKCS#1v2.1 PSS signature algorithm; all parameters have to be supplied by the application.	RSAPss, PSS, 1.2.840.113549.1.1.10
`RawRSASSA-PSS` (Raw RSA PSS)	RSA PKCS#1v2.1 PSS signature algorithm; all parameters and message hash have to be supplied by the application.	RawRSAPss, RawPSS
Key Pair Generators KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RSA` (RSA key pair generator)	Key pair generation method for RSA encryption as described in PKCS#1	-
`DSA` (DSA key pair generator)	Key pair generation method for the DSA algorithm as described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
`ESDH` (ESDH Key Pair Generator)	Key pair generator for Ephemeral Static Diffie Hellman key exchange as described in RFC 2631	ESDiffieHellman
Key Factories KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RSA` (RSA key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1	-
`DSA` (DSA key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
Algorithm Parameters AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DSA` (DSA parameters)	Algorithm parameters (p, q, g) representation for the Digital Signature Algorithm (DSA)	-
`RawRSASSA-PKCS1-v1_5` (RSA PKCS1v1.5 signature algorithm parameters)	Algorithm parameters for the RSASSA-PKCS1-v1_5 signature scheme (see PKCS#1; only may be used to specify the hash algorithm when using a raw RSA `PKCS1v1.5` signature engine	RSASSA-PKCS1-v1_5, RSAPkcs15, RawRSAPkcs15
`RSASSA-PSS` (RSA PSS parameters)	Algorithm parameters for the RSA PKCS#1v2.1 PSS signature scheme	RSAPss, PSS, 1.2.840.113549.1.1.10
`RSAES-OAEP` (RSA OAEP parameters)	Algorithm parameters for the RSA PKCS#1v2.1 OAEP encryption scheme	RSAOaep, OAEP, 1.2.840.113549.1.1.7
`MGF1` (MGF1 parameters)	Algorithm parameters for the RSA PKCS#1v2.1 MGF1 mask generation function as used by the PSS signature and OAEP encryption scheme	mgf1, 1.2.840.113549.1.1.8
Key Stores KeyStore keyStore = KeyStore.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`IAIKKeyStore` (IAIKKeyStore)	The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 Password-Based Cryptography Standard	KeyStore
Certificate Factories X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`X.509` (X.509 certificate factory)	Certifcate factory for generating X.509 certificates and CRLs (as specified in the RFC 2459) from their encodings	-
`Qualified` (Qualified certificate factory)	Certifcate factory for generating qualified certificates from their encodings according to the PKIX Qualified Certificate Profile	-
Mask Generation Functions MaskGenerationAlgorithm mga = MaskGenerationAlgorithm.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`MGF1`	(PKCS#1v2.1) mask generation function MGF1 as used by the PSS signature and OAEP encryption scheme.	mgf1, 1.2.840.113549.1.1.8
Secure Random Generators SecureRandom random = new iaik.security.random.<Class Name>()
Class Name	Specification	-
`SHA1Random`	A SHA-1 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`MD5Random`	A MD5 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`RipeMd160Random`	A RIPEMD-160 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`SHA256Random`	A SHA-256 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`SHA384Random`	A SHA-384 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`SHA512Random`	A SHA-512 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI.	-
`SHA1FIPS186Random`	A SHA-1 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator.	-
`RipeMd160FIPS186Random`	A RIPEMD-160 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator.	-
`SHA256FIPS186Random`	A SHA-256 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator.	-
`SHA384FIPS186Random`	A SHA-384 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator.	-
`SHA512FIPS186Random`	A SHA-512 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator.	-
`AnsiRandom`	A triple DES based secure random according to ANSI X9.17.	-

JCE implementations

Ciphers¹
Cipher cipher = Cipher.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DES (Data Encryption Standard) Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (Triple DES) A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on two or three keys 3DES

IDEA (International Data Encryption Algorithm) Symmetric 64-bit block encryption algorithm, patented by Ascom Systec Ltd.; key length: 128 bits -

Blowfish (Blowfish) 64-bit block cipher with variable length keys (up to 448 bits); developed by Bruce Schneier -

GOST (Gosudarstvennyi Standard) Russian 64 bit Feistel based block cipher with a key length of 256 bits; described in the goverment standard GOST 28147-89 -

CAST128 (Carlisle Adams and Stafford Tavares) 64 bit Feistel type block cipher with a key length of 40-128 bits CAST, CAST5

RC2 (Ron愀 Code 2; Rivest Cipher 2) Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; described in RFC2268 -

ARCFOUR Variable-key-size stream cipher, specified by the IETF draft "A Stream Cipher Encryption Algorithm 'Arcfour'" (draft-kaukonen-cipher-arcfour-03.txt). It is believed to be compatible with RC4[TM] (described for example in Bruce Schneier愀 Applied Cryptography), a proprietary cipher of RSA Security Inc.. RC4

RC5 (Ron愀 Code 5; Rivest Cipher 5) Variable-key-size 64-Bit block cipher with variable number of rounds; developed by Ron Rivest for RSA Data Security, Inc. The RC5 [TM] algorithm is patented, for licensing conditions contact RSA DSI. -

RSA (Rivest Shamir Adleman) Public key encryption algorithm, developed by Ron Rivest, Adi Shamir and Leonard Adleman; described in PKCS#1. See note about blinding. -

PbeWithMD5AndDES_CBC (password based "MD5 with DES-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS#5 PBEWithMD5AndDES

PbeWithSHAAnd3_KeyTripleDES_CBC (password based "SHA with TripleDES-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12 -

PbeWithSHAAnd40BitRC2_CBC (password based "SHA with 40BitRC2-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12 -

RC6 (AES candidate) 128 bit block cipher with 20 rounds aimed at the keysizes of 128, 192, and 256 bits, specified by Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin in their paper The RC6 [TM] Block Cipher available from the AES Web site at http://www.nist.gov/aes/. -

MARS (AES candidate) 128 bit block cipher with a total of 32 rounds and accepts keys from 128 to 448 bits, specified by IBM in their paper MARS - a candidate cipher for AES available at http://www.research.ibm.com/security/mars.html. -

Twofish (AES candidate) 128-bit Feistel-type block cipher that accepts a variable-length key up to 256 bits, developed by B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, see http://www.nist.gov/aes/. -

Rijndael (Advanced Encryption Standard AES) Block cipher with variable block length (this implementation uses 128 bit) and key length, designed by Joan Daemen and Vincent Rijmen, see http://www.nist.gov/aes/. AES

Rijndael-256 (Advanced Encryption Standard AES) Rijndael cipher implementation for block size of 256 bit. -

Serpent (AES candidate) 128 bit block cipher with variable key length, designed R. Anderson, E. Biham, L. Knudsen, see http://www.nist.gov/aes/. -

DESedeWrapDESede (Triple-DES Key Wrap) Triple-DES key wrap algorithm as used by CMS for wrapping TripleDES content encryption keys with TripleDES key encryption keys 3DESWrap3DES, TripleDESWrapTripleDES, 1.2.840.113549.1.9.16.3.6

RC2WrapRC2 (RC2 Key Wrap) RC2 key wrap algorithm as used by CMS for wrapping RC2 content encryption keys with RC2 key encryption keys 1.2.840.113549.1.9.16.3.7

IDEAWrapIDEA (IDEA Key Wrap) IDEA key wrap algorithm as used by CMS for wrapping IDEA content encryption keys with IDEA key encryption keys IdeaWrapIdea, 1.3.6.1.4.1.188.7.1.1.6

CAST128WrapCAST128 (CAST128 Key Wrap) CAST128 key wrap algorithm as used by CMS for wrapping CAST128 content encryption keys with CAST128 key encryption keys CAST5WrapCAST5, CASTWrapCAST, 1.2.840.113533.7.66.15

Key Exchange Algorithms
KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman Key Agreement) DH key exchange protocol as described in PKCS#3 DiffieHellman, 1.2.840.113549.1.3.1

ESDH (Ephemeral Static Diffie Hellman Key Agreement) ESDH key exchange based algorithm for generating shared key materialas as described in RFC 2631 ESDiffieHellman, 1.2.840.113549.1.9.16.3.5

Message Authentiaction Codes
MAC mac = MAC.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

HMAC/MD5 (HMAC with MD5) Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm HmacMD5, 1.3.6.1.5.5.8.1.1

HMAC/SHA (HMAC with SHA) Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm HmacSHA1, HMAC/SHA-1, 1.3.6.1.5.5.8.1.2, 1.2.840.113549.2.7

HMAC/SHA256 (HMAC with SHA256) Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-256 as message digest algorithm HmacSHA256, HMAC/SHA-256

HMAC/SHA384 (HMAC with SHA384) Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-384 as message digest algorithm HmacSHA384, HMAC/SHA-384

HMAC/SHA512 (HMAC with SHA512) Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512 as message digest algorithm HmacSHA512, HMAC/SHA-512

HMAC/RIPEMD128 (HMAC with RipeMd128) Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd128 as message digest algorithm HmacRipeMd128, HMAC/RIPEMD-128, HMAC/RipeMd128

HMAC/RIPEMD160 (HMAC with RipeMd160) Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd160 as message digest algorithm HmacRipeMd160, HMAC/RIPEMD-160, 1.3.6.1.5.5.8.1.4, HMAC/RipeMd160

Key Pair Generators
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman key pair generator) Key pair generation method for Diffie Hellman key exchange as described in PKCS#3 DiffieHellman

Key Factories
KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman key factory) Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3 DiffieHellman

ESDH (Ephemeral Static Diffie Hellman key factory) Key factory for converting keys into key specifications (and vice versa) to be used for Ephemeral Static Diffie Hellman key exchange which is described in RFC 2631 ESDiffieHellman, 1.2.840.10046.2.1

Key Generators
KeyGenerator keyGen = KeyGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

AES (AES key generator) Key generation method for the Advanced Encryption Standard (AES, Rijndael) block cipher. -

DES (DES key generator) Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (Triple DES key generator) Key generation method for the TripleDES cipher 3DES

IDEA (IDEA key generator) Key generation method for the IDEA cipher which is patented by Ascom Systec Ltd. -

Blowfish (Blowfish key generator) Key generation method for the Blowfish 64-bit block cipher; developed by Bruce Schneier -

GOST (GOST key generator) Key generation method for the GOST 64-bit block cipher. -

CAST128 (CAST128 key generator) Key generation method for the CAST128 64 bit Feistel type block cipher CAST, CAST5

RC2 (RC2 key generator) Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc. -

ARCFOUR (ARCFOUR key generator) Key generation method for the ARCFOUR stream cipher. RC4

RC5 (RC5 key generator) Key generation method for the RC5 block cipher. -

RC6 (RC6 key generator) Key generation method for the RC6 AES candidate block cipher. -

MARS (MARS key generator) Key generation method for the MARS AES candidate block cipher. -

Rijndael (Rijndael key generator) Key generation method for the Rijndael AES block cipher. -

Rijndael-256 (Rijndael key generator) Key generation method for the Rijndael AES block cipher with block size of 256 bits. -

Serpent (Serpent key generator) Key generation method for the Serpent AES candidate block cipher. -

Twofish (Twofish key generator) Key generation method for the Twofish AES candidate block cipher. -

PKCS#12 (PKCS#12 key generator) Key generation method for for deriving PKCS#12 secret keys from password, salt and iteration count. count -

PKCS12-IV (PKCS#12 Iv generator) Key generation method for for deriving PKCS#12 initialization vectors from password, salt and iteration count. count -

PKCS12-MAC (PKCS#12 MAC-Key generator) Key generation method for for deriving PKCS#12 MAC-keys from password, salt and an iteration count. count -

PBKDF2 (password based key derivation function 2) Key generation method for for deriving PKCS#5-2 keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.0 Password-Based Cryptography Standard) -

Secret Key Factories
SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DES (DES Key Factory) Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (DESede Key Factory) Secret Key Factory for the DESede (3DES) algorithm 3DES

IDEA (IDEA Key Factory) Secret Key Factory for the IDEA block cipher -

Blowfish (Blowfish Key Factory) Secret Key Factory for the Blowfish block cipher -

GOST (GOST Key Factory) Secret Key Factory for the GOST block cipher -

CAST128 (CAST128 Key Factory) Secret Key Factory for the CAST128 block cipher CAST5, CAST

RC2 (RC2 Key Factory) Secret Key Factory for the RC2 block cipher -

ARCFOUR (ARCFOUR Key Factory) Secret Key Factory for the ARCFOUR stream cipher -

RC5 (RC5 Key Factory) Secret Key Factory for the RC5 block cipher -

RC6 (RC6 Key Factory) Secret Key Factory for the RC6 AES candidate block cipher -

MARS (MARS Key Factory) Secret Key Factory for the MARS AES candidate block cipher -

Serpent (Serpent Key Factory) Secret Key Factory for the Serpent AES candidate block cipher -

Twofish (Twofish Key Factory) Secret Key Factory for the Twofish AES candidate block cipher -

Rijndael (Rijndael Key Factory) Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher AES

Rijndael-256 (Rijndael Key Factory) Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher with block size of 256 bits. AES

PBE (Password Based Encryption Key Factory) Password Based Encryption according to PKCS#5 PKCS#5

PKCS#12 (Password Based Encryption Key Factory) Password Based Encryption according to PKCS#12 -

Algorithm Parameter Generators
AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman parameter generator) Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange according to RFC 2631. DiffieHellman

ESDH (Ephemeral Static Diffie Hellman parameter generator) Generator for creating parameters for the Ephemeral Static Diffie Hellman key exchange according to RFC 2631. ESDiffieHellman

PBE (PBE parameter generator) Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS#5 / PKCS#12 -

DSA (DSA parameter generator) Generator for creating parameters (prime, sub-prime, base generator) to be used for DSA according to FIPS PUB 186. -

Algorithm Parameters
AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman parameters) Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3 DiffieHellman

ESDH (Ephemeral Static Diffie Hellman parameters) Algorithm parameters for Ephmeral Static Diffie Hellman key exchange according to RFC 2631 ESDiffieHellman

ESDHKEK (Ephemeral Static Diffie Hellman key encryption key (KEK) parameters) Algorithm parameters (OtherInfo) representation for generation of shared key material based on the Ephmeral Static Diffie Hellman key exchange according to RFC 2631 DiffieHellman

PBE (PBE parameters) Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS#5 / PKCS#12 -

DES (DES parameters) Algorithm parameters (initialization vector) representation for the DES cipher -

DESede (DESede parameters) Algorithm parameters (initialization vector) representation for the DESede cipher 3DES

IDEA (IDEA parameters) Algorithm parameters (initialization vector) representation for the IDEA cipher -

Blowfish (Blowfish parameters) Algorithm parameters (initialization vector) representation for the Blowfish cipher -

GOST (GOST parameters) Algorithm parameters (initialization vector) representation for the GOST cipher -

CAST128 (CAST128 parameters) Algorithm parameters (initialization vector) representation for the CAST128 cipher CAST5, CAST

RC2 (RC2 parameters) Algorithm parameters representation for the RC2 cipher -

RC5 (RC5 parameters) Algorithm parameters (initialization vector) representation for the RC5 cipher -

RC6 (RC6 parameters) Algorithm parameters (initialization vector) representation for the RC6 cipher -

MARS (MARS parameters) Algorithm parameters (initialization vector) representation for the MARS cipher -

Twofish (Twofish parameters) Algorithm parameters (initialization vector) representation for the Twofish cipher -

Serpent (Serpent parameters) Algorithm parameters (initialization vector) representation for the Serpent cipher -

Rijndael (Rijndael parameters) Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) AES

Rijndael-256 (Rijndael parameters) Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) block cipher with block size of 256 bits. AES

RC2Wrap (RC2 key wrap parameters) Algorithm parameters (RC2ParameterVersion) representation for the RC2 Key Wrap algorithm as used by CMS. RC2KeyWrap, RC2WrapRC2

CAST128Wrap (CAST128 key wrap parameters) Algorithm parameters (key length) representation for the CAST128 Key Wrap algorithm as used by CMS. CAST128KeyWrap, CAST128WrapCAST128, CASTWrap, CASTKeyWrap, CASTWrapCAST, CAST5Wrap, CAST5KeyWrap, CAST5WrapCAST5

JCE implementations
Ciphers¹ Cipher cipher = Cipher.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DES` (Data Encryption Standard)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (Triple DES)	A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on two or three keys	3DES
`IDEA` (International Data Encryption Algorithm)	Symmetric 64-bit block encryption algorithm, patented by Ascom Systec Ltd.; key length: 128 bits	-
`Blowfish` (Blowfish)	64-bit block cipher with variable length keys (up to 448 bits); developed by Bruce Schneier	-
`GOST` (Gosudarstvennyi Standard)	Russian 64 bit Feistel based block cipher with a key length of 256 bits; described in the goverment standard GOST 28147-89	-
`CAST128` (Carlisle Adams and Stafford Tavares)	64 bit Feistel type block cipher with a key length of 40-128 bits	CAST, CAST5
`RC2` (Ron愀 Code 2; Rivest Cipher 2)	Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; described in RFC2268	-
`ARCFOUR`	Variable-key-size stream cipher, specified by the IETF draft "A Stream Cipher Encryption Algorithm 'Arcfour'" (draft-kaukonen-cipher-arcfour-03.txt). It is believed to be compatible with RC4[TM] (described for example in Bruce Schneier愀 Applied Cryptography), a proprietary cipher of RSA Security Inc..	RC4
`RC5` (Ron愀 Code 5; Rivest Cipher 5)	Variable-key-size 64-Bit block cipher with variable number of rounds; developed by Ron Rivest for RSA Data Security, Inc. The RC5 [TM] algorithm is patented, for licensing conditions contact RSA DSI.	-
`RSA` (Rivest Shamir Adleman)	Public key encryption algorithm, developed by Ron Rivest, Adi Shamir and Leonard Adleman; described in PKCS#1. See note about blinding.	-
`PbeWithMD5AndDES_CBC` (password based "MD5 with DES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS#5	PBEWithMD5AndDES
`PbeWithSHAAnd3_KeyTripleDES_CBC` (password based "SHA with TripleDES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
`PbeWithSHAAnd40BitRC2_CBC` (password based "SHA with 40BitRC2-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
`RC6` (AES candidate)	128 bit block cipher with 20 rounds aimed at the keysizes of 128, 192, and 256 bits, specified by Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin in their paper The RC6 [TM] Block Cipher available from the AES Web site at http://www.nist.gov/aes/.	-
`MARS` (AES candidate)	128 bit block cipher with a total of 32 rounds and accepts keys from 128 to 448 bits, specified by IBM in their paper MARS - a candidate cipher for AES available at http://www.research.ibm.com/security/mars.html.	-
`Twofish` (AES candidate)	128-bit Feistel-type block cipher that accepts a variable-length key up to 256 bits, developed by B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, see http://www.nist.gov/aes/.	-
`Rijndael` (Advanced Encryption Standard AES)	Block cipher with variable block length (this implementation uses 128 bit) and key length, designed by Joan Daemen and Vincent Rijmen, see http://www.nist.gov/aes/.	AES
`Rijndael-256` (Advanced Encryption Standard AES)	Rijndael cipher implementation for block size of 256 bit.	-
`Serpent` (AES candidate)	128 bit block cipher with variable key length, designed R. Anderson, E. Biham, L. Knudsen, see http://www.nist.gov/aes/.	-
`DESedeWrapDESede` (Triple-DES Key Wrap)	Triple-DES key wrap algorithm as used by CMS for wrapping TripleDES content encryption keys with TripleDES key encryption keys	3DESWrap3DES, TripleDESWrapTripleDES, 1.2.840.113549.1.9.16.3.6
`RC2WrapRC2` (RC2 Key Wrap)	RC2 key wrap algorithm as used by CMS for wrapping RC2 content encryption keys with RC2 key encryption keys	1.2.840.113549.1.9.16.3.7
`IDEAWrapIDEA` (IDEA Key Wrap)	IDEA key wrap algorithm as used by CMS for wrapping IDEA content encryption keys with IDEA key encryption keys	IdeaWrapIdea, 1.3.6.1.4.1.188.7.1.1.6
`CAST128WrapCAST128` (CAST128 Key Wrap)	CAST128 key wrap algorithm as used by CMS for wrapping CAST128 content encryption keys with CAST128 key encryption keys	CAST5WrapCAST5, CASTWrapCAST, 1.2.840.113533.7.66.15
Key Exchange Algorithms KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman Key Agreement)	DH key exchange protocol as described in PKCS#3	DiffieHellman, 1.2.840.113549.1.3.1
`ESDH` (Ephemeral Static Diffie Hellman Key Agreement)	ESDH key exchange based algorithm for generating shared key materialas as described in RFC 2631	ESDiffieHellman, 1.2.840.113549.1.9.16.3.5
Message Authentiaction Codes MAC mac = MAC.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`HMAC/MD5` (HMAC with MD5)	Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm	HmacMD5, 1.3.6.1.5.5.8.1.1
`HMAC/SHA` (HMAC with SHA)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm	HmacSHA1, HMAC/SHA-1, 1.3.6.1.5.5.8.1.2, 1.2.840.113549.2.7
`HMAC/SHA256` (HMAC with SHA256)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-256 as message digest algorithm	HmacSHA256, HMAC/SHA-256
`HMAC/SHA384` (HMAC with SHA384)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-384 as message digest algorithm	HmacSHA384, HMAC/SHA-384
`HMAC/SHA512` (HMAC with SHA512)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512 as message digest algorithm	HmacSHA512, HMAC/SHA-512
`HMAC/RIPEMD128` (HMAC with RipeMd128)	Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd128 as message digest algorithm	HmacRipeMd128, HMAC/RIPEMD-128, HMAC/RipeMd128
`HMAC/RIPEMD160` (HMAC with RipeMd160)	Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd160 as message digest algorithm	HmacRipeMd160, HMAC/RIPEMD-160, 1.3.6.1.5.5.8.1.4, HMAC/RipeMd160
Key Pair Generators KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman key pair generator)	Key pair generation method for Diffie Hellman key exchange as described in PKCS#3	DiffieHellman
Key Factories KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
`ESDH` (Ephemeral Static Diffie Hellman key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for Ephemeral Static Diffie Hellman key exchange which is described in RFC 2631	ESDiffieHellman, 1.2.840.10046.2.1
Key Generators KeyGenerator keyGen = KeyGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`AES` (AES key generator)	Key generation method for the Advanced Encryption Standard (AES, Rijndael) block cipher.	-
`DES` (DES key generator)	Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (Triple DES key generator)	Key generation method for the TripleDES cipher	3DES
`IDEA` (IDEA key generator)	Key generation method for the IDEA cipher which is patented by Ascom Systec Ltd.	-
`Blowfish` (Blowfish key generator)	Key generation method for the Blowfish 64-bit block cipher; developed by Bruce Schneier	-
`GOST` (GOST key generator)	Key generation method for the GOST 64-bit block cipher.	-
`CAST128` (CAST128 key generator)	Key generation method for the CAST128 64 bit Feistel type block cipher	CAST, CAST5
`RC2` (RC2 key generator)	Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc.	-
`ARCFOUR` (ARCFOUR key generator)	Key generation method for the ARCFOUR stream cipher.	RC4
`RC5` (RC5 key generator)	Key generation method for the RC5 block cipher.	-
`RC6` (RC6 key generator)	Key generation method for the RC6 AES candidate block cipher.	-
`MARS` (MARS key generator)	Key generation method for the MARS AES candidate block cipher.	-
`Rijndael` (Rijndael key generator)	Key generation method for the Rijndael AES block cipher.	-
`Rijndael-256` (Rijndael key generator)	Key generation method for the Rijndael AES block cipher with block size of 256 bits.	-
`Serpent` (Serpent key generator)	Key generation method for the Serpent AES candidate block cipher.	-
`Twofish` (Twofish key generator)	Key generation method for the Twofish AES candidate block cipher.	-
`PKCS#12` (PKCS#12 key generator)	Key generation method for for deriving PKCS#12 secret keys from password, salt and iteration count. count	-
`PKCS12-IV` (PKCS#12 Iv generator)	Key generation method for for deriving PKCS#12 initialization vectors from password, salt and iteration count. count	-
`PKCS12-MAC` (PKCS#12 MAC-Key generator)	Key generation method for for deriving PKCS#12 MAC-keys from password, salt and an iteration count. count	-
`PBKDF2` (password based key derivation function 2)	Key generation method for for deriving PKCS#5-2 keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.0 Password-Based Cryptography Standard)	-
Secret Key Factories SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DES` (DES Key Factory)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (DESede Key Factory)	Secret Key Factory for the DESede (3DES) algorithm	3DES
`IDEA` (IDEA Key Factory)	Secret Key Factory for the IDEA block cipher	-
`Blowfish` (Blowfish Key Factory)	Secret Key Factory for the Blowfish block cipher	-
`GOST` (GOST Key Factory)	Secret Key Factory for the GOST block cipher	-
`CAST128` (CAST128 Key Factory)	Secret Key Factory for the CAST128 block cipher	CAST5, CAST
`RC2` (RC2 Key Factory)	Secret Key Factory for the RC2 block cipher	-
`ARCFOUR` (ARCFOUR Key Factory)	Secret Key Factory for the ARCFOUR stream cipher	-
`RC5` (RC5 Key Factory)	Secret Key Factory for the RC5 block cipher	-
`RC6` (RC6 Key Factory)	Secret Key Factory for the RC6 AES candidate block cipher	-
`MARS` (MARS Key Factory)	Secret Key Factory for the MARS AES candidate block cipher	-
`Serpent` (Serpent Key Factory)	Secret Key Factory for the Serpent AES candidate block cipher	-
`Twofish` (Twofish Key Factory)	Secret Key Factory for the Twofish AES candidate block cipher	-
`Rijndael` (Rijndael Key Factory)	Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher	AES
`Rijndael-256` (Rijndael Key Factory)	Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher with block size of 256 bits.	AES
`PBE` (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS#5	PKCS#5
`PKCS#12` (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS#12	-
Algorithm Parameter Generators AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman parameter generator)	Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange according to RFC 2631.	DiffieHellman
`ESDH` (Ephemeral Static Diffie Hellman parameter generator)	Generator for creating parameters for the Ephemeral Static Diffie Hellman key exchange according to RFC 2631.	ESDiffieHellman
`PBE` (PBE parameter generator)	Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS#5 / PKCS#12	-
`DSA` (DSA parameter generator)	Generator for creating parameters (prime, sub-prime, base generator) to be used for DSA according to FIPS PUB 186.	-
Algorithm Parameters AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman parameters)	Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
`ESDH` (Ephemeral Static Diffie Hellman parameters)	Algorithm parameters for Ephmeral Static Diffie Hellman key exchange according to RFC 2631	ESDiffieHellman
`ESDHKEK` (Ephemeral Static Diffie Hellman key encryption key (KEK) parameters)	Algorithm parameters (OtherInfo) representation for generation of shared key material based on the Ephmeral Static Diffie Hellman key exchange according to RFC 2631	DiffieHellman
`PBE` (PBE parameters)	Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS#5 / PKCS#12	-
`DES` (DES parameters)	Algorithm parameters (initialization vector) representation for the DES cipher	-
`DESede` (DESede parameters)	Algorithm parameters (initialization vector) representation for the DESede cipher	3DES
`IDEA` (IDEA parameters)	Algorithm parameters (initialization vector) representation for the IDEA cipher	-
`Blowfish` (Blowfish parameters)	Algorithm parameters (initialization vector) representation for the Blowfish cipher	-
`GOST` (GOST parameters)	Algorithm parameters (initialization vector) representation for the GOST cipher	-
`CAST128` (CAST128 parameters)	Algorithm parameters (initialization vector) representation for the CAST128 cipher	CAST5, CAST
`RC2` (RC2 parameters)	Algorithm parameters representation for the RC2 cipher	-
`RC5` (RC5 parameters)	Algorithm parameters (initialization vector) representation for the RC5 cipher	-
`RC6` (RC6 parameters)	Algorithm parameters (initialization vector) representation for the RC6 cipher	-
`MARS` (MARS parameters)	Algorithm parameters (initialization vector) representation for the MARS cipher	-
`Twofish` (Twofish parameters)	Algorithm parameters (initialization vector) representation for the Twofish cipher	-
`Serpent` (Serpent parameters)	Algorithm parameters (initialization vector) representation for the Serpent cipher	-
`Rijndael` (Rijndael parameters)	Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES)	AES
`Rijndael-256` (Rijndael parameters)	Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) block cipher with block size of 256 bits.	AES
`RC2Wrap` (RC2 key wrap parameters)	Algorithm parameters (RC2ParameterVersion) representation for the RC2 Key Wrap algorithm as used by CMS.	RC2KeyWrap, RC2WrapRC2
`CAST128Wrap` (CAST128 key wrap parameters)	Algorithm parameters (key length) representation for the CAST128 Key Wrap algorithm as used by CMS.	CAST128KeyWrap, CAST128WrapCAST128, CASTWrap, CASTKeyWrap, CASTWrapCAST, CAST5Wrap, CAST5KeyWrap, CAST5WrapCAST5

1) The IAIK provider supports the following cipher modes and padding schemes:

General Usage:

   Cipher cipher = Cipher.getInstance("Cipher/Operation Mode/Padding Scheme");

for instance:

 Cipher des = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
 

 Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "IAIK");

Cipher Modes (default: ECB)

Name Specification

ECB (Electronic Code Book) "DES MODES OF OPERATION", NIST FIPS PUB 81

CBC (Cipher Block Chaining) "DES MODES OF OPERATION", NIST FIPS PUB 81

PCBC (Propagated Cipher Block Chaining) defined by Kerberos

CFB (Cipher FeedBack) "DES MODES OF OPERATION", NIST FIPS PUB 81

OFB (Output FeedBack) "DES MODES OF OPERATION", NIST FIPS PUB 81

CTR (Counter Mode Encryption) "AES MODES OF OPERATION", NIST: CTR-Mode Encryption

0 (only for RSA ciphers) block type 00 for RSA encryption, as specified by PKCS#1

1 (only for RSA ciphers) block type 01 for RSA encryption, as specified by PKCS#1

2 (only for RSA ciphers) block type 02 for RSA encryption, as specified by PKCS#1

Padding Schemes (default: NoPadding)

Name Specification

NoPadding Uses no padding scheme. The input must be a multiple of the block size if no padding is used.

PKCS5Padding (PKCS#5 Padding) padding scheme as described in specified by PKCS#5

SSL3Padding padding scheme as described in the Secure Sockets Layer SSL v3.0 specification

ISO78164Padding padding scheme as described in the ISO 7816-4 Standard (Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Interindustry commands for interchange)

PKCS1Padding (only for RSA ciphers) padding scheme as specified by PKCS#1 v1.5

OAEP (only for RSA ciphers) A padding scheme as specified by PKCS#1 v2.1 and P1363. If just OAEP is used as padding name, the hash algorithm is SHA-1 and the mask generation function is MFG1 as specified in PKCS#1. To use a different hash algorithm, the naming scheme is OAEPWith<digest>And<mgf>Padding; e.g. OAEPWithSHA1AndMGF1Padding. This is as specified in the JCE specification.

2) The RSA implementation of the IAIK toolkit supports blinding (see e.g. RSA Labs Bulletin Nr. 2, 23 January, 1996). All RSA implementations of the IAIK provider including RSA ciphers and RSA signatures are based on the RSACipher class, which implements the core RSA operation. In this class, blinding can be switched on and off. Per default blinding is switched on. Practical performance measures showed that blinding decreases the performance not that much. A few percent are typical if public exponents are used which improve the performance; e.g. 65537 (decimal). In practice, such exponents are almost always used.

Version:: File Revision 146
See Also:: Serialized Form

Inner classes inherited from class java.util.Map

Map.Entry

Field Summary

static double version
          Version number of the IAIK JCE.

Fields inherited from class java.util.Properties

defaults

Constructor Summary

IAIK()
          This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Summary

static void addAsJDK14Provider()
          Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4.

static void addAsJDK14Provider(boolean printStatusInfo)
          Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4.

static void addAsProvider()
          Static method which installs the SecurityProvider IAIK.

static void addAsProvider(boolean printStatusInfo)
          Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.

static IAIK getInstance()
          Return an instance of this class.

static MessageDigest getMd5()
          Return a new implementation of the Md5 message digest.

static boolean getUseOldMd5()
          Check whether the old or the new implementation of the Md5 algorithm is active.

static void setUseOldMd5(boolean useOldMd5)
          Set whether to use the old or the new implementation of the Md5 algorithm.

Methods inherited from class iaik.utils.ExtendedProvider

isAvailable, puta, putc, putc

Methods inherited from class java.security.Provider

clear, entrySet, getInfo, getName, getVersion, keySet, load, put, putAll, remove, toString, values

Methods inherited from class java.util.Properties

getProperty, getProperty, list, list, propertyNames, save, setProperty, store

Methods inherited from class java.util.Hashtable

clone, contains, containsKey, containsValue, elements, equals, get, hashCode, isEmpty, keys, rehash, size

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

version

public static final double version

Version number of the IAIK JCE. Currently 3.1.

Constructor Detail

IAIK

public IAIK()

This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Detail

addAsProvider

public static void addAsProvider()

Static method which installs the SecurityProvider IAIK.

getInstance

public static IAIK getInstance()

Return an instance of this class. Identical to calling the constructor except that it returns as a previously created instance if available.

addAsProvider

public static void addAsProvider(boolean printStatusInfo)

Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.

Parameters:: printStatusInfo - prints some status information and system properties

addAsJDK14Provider

public static void addAsJDK14Provider(boolean printStatusInfo)

Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4. JDK1.4 requires some work around to use a JCE provider as first provider.

Parameters:: printStatusInfo - prints some status information and system properties

addAsJDK14Provider

public static void addAsJDK14Provider()

Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4. JDK1.4 requires some work around to use a JCE provider as first provider.

Parameters:: printStatusInfo - prints some status information and system properties

setUseOldMd5

public static void setUseOldMd5(boolean useOldMd5)

Set whether to use the old or the new implementation of the Md5 algorithm. The new implementation is about twice as fast, but crashes on some older JIT compilers. Therefore, set this to true only if Md5 crashes or hangs on your VM. This flag will only affect IAIK instances created after this call is made.

The current default is to use the OLD version to be compatible with all systems.

getUseOldMd5

public static boolean getUseOldMd5()

Check whether the old or the new implementation of the Md5 algorithm is active.

getMd5

public static MessageDigest getMd5()

Return a new implementation of the Md5 message digest. It will be either the new or the old implementation depending on the setting of the useOldMd5 flag. Applications should not use this method, it is for internal library use only, use MessageDigest.getInstance() instead.

Overview

Package

Class

Tree

Deprecated

Index

Help

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Cipher Modes (default: ECB)
Name	Specification
ECB (Electronic Code Book)	"DES MODES OF OPERATION", NIST FIPS PUB 81
CBC (Cipher Block Chaining)	"DES MODES OF OPERATION", NIST FIPS PUB 81
PCBC (Propagated Cipher Block Chaining)	defined by Kerberos
CFB (Cipher FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
OFB (Output FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
CTR (Counter Mode Encryption)	"AES MODES OF OPERATION", NIST: CTR-Mode Encryption
0 (only for RSA ciphers)	block type 00 for RSA encryption, as specified by PKCS#1
1 (only for RSA ciphers)	block type 01 for RSA encryption, as specified by PKCS#1
2 (only for RSA ciphers)	block type 02 for RSA encryption, as specified by PKCS#1
Padding Schemes (default: NoPadding)
Name	Specification
NoPadding	Uses no padding scheme. The input must be a multiple of the block size if no padding is used.
PKCS5Padding (PKCS#5 Padding)	padding scheme as described in specified by PKCS#5
SSL3Padding	padding scheme as described in the Secure Sockets Layer SSL v3.0 specification
ISO78164Padding	padding scheme as described in the ISO 7816-4 Standard (Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Interindustry commands for interchange)
PKCS1Padding (only for RSA ciphers)	padding scheme as specified by PKCS#1 v1.5
OAEP (only for RSA ciphers)	A padding scheme as specified by PKCS#1 v2.1 and P1363. If just `OAEP` is used as padding name, the hash algorithm is SHA-1 and the mask generation function is MFG1 as specified in PKCS#1. To use a different hash algorithm, the naming scheme is `OAEPWith`<digest>`And`<mgf>`Padding`; e.g. `OAEPWithSHA1AndMGF1Padding`. This is as specified in the JCE specification.

Field Summary
`static double`	`version` Version number of the IAIK JCE.

Constructor Summary
`IAIK()` This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Summary
`static void`	`addAsJDK14Provider()` Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4.
`static void`	`addAsJDK14Provider(boolean printStatusInfo)` Static method which installs the SecurityProvider IAIK as first provider for JDK 1.4.
`static void`	`addAsProvider()` Static method which installs the SecurityProvider IAIK.
`static void`	`addAsProvider(boolean printStatusInfo)` Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.
`static IAIK`	`getInstance()` Return an instance of this class.
`static MessageDigest`	`getMd5()` Return a new implementation of the Md5 message digest.
`static boolean`	`getUseOldMd5()` Check whether the old or the new implementation of the Md5 algorithm is active.
`static void`	`setUseOldMd5(boolean useOldMd5)` Set whether to use the old or the new implementation of the Md5 algorithm.

iaik.security.provider Class IAIK

version

IAIK

addAsProvider

getInstance

addAsProvider

addAsJDK14Provider

addAsJDK14Provider

setUseOldMd5

getUseOldMd5

getMd5

iaik.security.provider
Class IAIK