|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public final class IAIK extends ExtendedProvider
The provider architecture has been introduced by the Java Cryptographic Architecture (JCA) making it possible for different cryptographic implementations to operate on common interfaces.
For generally accessing and using provider-specific algorithm
implementations, engine classes and factory methods are used.
Engine classes provide interfaces to the functionality of a type of
cryptographic algorithm, and factory methods are used for obtaining some
specific implementation. To get, for instance, an object of the
MessageDigest engine class, use the corresponding
getInstance factory method:
MessageDigest md = MessageDigest.getInstance("AlgorithmName", "ProviderName");
Specifying a particular provider is optionally (for using the IAIK provider,
specify "IAIK"). If no provider is given, all installed
providers are searched until one is found that implements the desired
algorithm, e.g.:
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
If none of the installed providers supports the requested algorithm, a
NoSuchAlgorithmException is thrown.
The term provider is an abbreviation for Cryptographic Package Provider and denotes a package or a set of packages supplying a concrete implementation of a subset of the cryptography aspects of the Java Security API (JCA). A JCA provider may realize implementations of digital signature, message digest, and key pair generation algorithms. If the JCA API is extended by a Java Cryptography Extension (JCE) API for supporting encryption and key exchange, a provider additionally may implement encryption and key exchange algorithms.
This class represents the master class of the IAIK security package provider.
It extends the java.security.Provider class for registering the
IAIK provider specific security implementations within the Java security
architecture. The IAIK provider supports both, algorithm implementations for
JCA, and for the JCE extension. If you want to use the IAIK provider with
Java 1.4 you will have to use the signed version (see installation
instructions).
Note that depending on which IAIK JCE JAR file you are using not all algorithms may be available because of legal issues. In particular RC5, RC6, IDEA, and ESDH are not included in the default distribution. If you want to use those algorithms as well you need to download the full version of the JAR file, see the download page, but make sure you have understood the related legal and patent issues.
The following table lists the names - case sensitive - of several algorithms supported by the IAIK provider. The table is divided into two parts. The first part contains the JCA related implementations, and the second part lists the JCE algorithms. For each algorithm, the corresponding specification and all registered aliases are reported.
| JCA implementations | ||
|---|---|---|
Message Digest Algorithms
MessageDigest md = MessageDigest.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
SHA1 (Secure Hash Algorithm)
|
SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 160-bit hash value | SHA, SHA-1, 1.3.14.3.2.26, 1.3.14.3.2.18 |
SHA224 (224 bit Secure
Hash Algorithm) |
224 bit message digest algorithm as proposed by NIST | SHA-224, 2.16.840.1.101.3.4.2.4 |
SHA256 (256 bit Secure
Hash Algorithm) |
256 bit message digest algorithm as proposed by NIST | SHA-256, 2.16.840.1.101.3.4.2.1 |
SHA384 (384 bit Secure
Hash Algorithm) |
384 bit message digest algorithm as proposed by NIST | SHA-384, 2.16.840.1.101.3.4.2.2 |
SHA512 (512 bit Secure
Hash Algorithm) |
512 bit message digest algorithm as proposed by NIST | SHA-512, 2.16.840.1.101.3.4.2.3 |
SHA512/224 (256 bit Secure
Hash Algorithm) |
224 bit message digest algorithm based on SHA-512 as proposed by FIPS 180-4 | SHA-512/224, 2.16.840.1.101.3.4.2.5 |
SHA512/256 (256 bit Secure
Hash Algorithm) |
256 bit message digest algorithm based on SHA-512 as proposed by FIPS 180-4 | SHA-512/256, 2.16.840.1.101.3.4.2.6 |
SHA3-224 (224 bit Secure
Hash Algorithm 3) |
224 bit message digest algorithm as proposed by NIST (FIPS PUB 202) | SHA3224, 2.16.840.1.101.3.4.2.7 |
SHA3-256 (256 bit Secure
Hash Algorithm 3) |
256 bit message digest algorithm as proposed by NIST (FIPS PUB 202) | SHA3256, 2.16.840.1.101.3.4.2.8 |
SHA3-384 (384 bit Secure
Hash Algorithm 3) |
384 bit message digest algorithm as proposed by NIST (FIPS PUB 202) | SHA3384, 2.16.840.1.101.3.4.2.9 |
SHA3-512 (512 bit Secure
Hash Algorithm 3) |
512 bit message digest algorithm as proposed by NIST (FIPS PUB 202) | SHA3512, 2.16.840.1.101.3.4.2.10 |
SHAKE128 (SHA-3 XOF
"Secure Hash Algorithm with KECCAK" with 128 bits security strength) |
SHAKE128 Extendable Output Function (XOF) as proposed by NIST (FIPS PUB 202).
Also available as MessageDigest engine |
SHAKE-128, 2.16.840.1.101.3.4.2.11, 2.16.840.1.101.3.4.2.17 |
SHAKE256 (SHA-3 XOF
"Secure Hash Algorithm with KECCAK" with 256 bits security strength) |
SHAKE256 Extendable Output Function (XOF) as proposed by NIST (FIPS PUB 202).
Also available as MessageDigest engine |
SHAKE-256, 2.16.840.1.101.3.4.2.12, 2.16.840.1.101.3.4.2.18 |
SHAKE128 (SHA-3 XOF
"Secure Hash Algorithm with KECCAK" with 128 bits security strength) |
SHAKE128 Extendable Output Function (XOF) as proposed by NIST (FIPS PUB 202).
Also available as |
SHAKE-128, 2.16.840.1.101.3.4.2.11, 2.16.840.1.101.3.4.2.17 |
SHAKE256 (SHA-3 XOF
"Secure Hash Algorithm with KECCAK" with 256 bits security strength) |
SHAKE256 Extendable Output Function (XOF) as proposed by NIST (FIPS PUB 202).
Also available as |
SHAKE-256, 2.16.840.1.101.3.4.2.12, 2.16.840.1.101.3.4.2.18 |
Md2 (Message Digest 2) |
RSA Data Security, Inc.'s MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value | 1.2.840.113549.2.2 |
Md5 (Message Digest 5) |
RSA Data Security, Inc.'s MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value | 1.2.840.113549.2.5 |
RIPEMD128 (RACE
Integrity Primitives Evaluation Message Digest 128) |
128-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3. | RipeMd128, RIPEMD-128, 1.3.36.3.2.2, 1.0.10118.3.0.50 |
RIPEMD160 (RACE
Integrity Primitives Evaluation Message Digest 160) |
160-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) ; specified in ISO/IEC 10118-3. | RipeMd160, RIPEMD-160, 1.3.36.3.2.1, 1.0.10118.3.0.49 | RIPEMD256 (RACE
Integrity Primitives Evaluation Message Digest 256) |
256-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3. | RipeMd256, RIPEMD-256, 1.3.36.3.2.3 |
RIPEMD320 (RACE
Integrity Primitives Evaluation Message Digest 320) |
320-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) | RipeMd320, RIPEMD-320 |
Whirlpool |
512-bit hash value producing message digest algorithm; developed by Paulo S.L.M. Barreto and Vincent Rijmen; specified in ISO/IEC 10118-3. | 1.0.10118.3.0.55 |
GOST3411 |
256-bit hash value producing Russian message digest algorithm; see RFC 5831 | GOST3411, 1.2.643.2.2.9 |
BLAKE224 |
224-bit hash value producing SHA-3 candidate BLAKE | BLAKE-224 |
BLAKE256 |
256-bit hash value producing SHA-3 candidate BLAKE | BLAKE-256 |
BLAKE384 |
384-bit hash value producing SHA-3 candidate BLAKE | BLAKE-384 |
BLAKE512 |
512-bit hash value producing SHA-3 candidate BLAKE | BLAKE-512 |
Groestl224 |
224-bit hash value producing SHA-3 candidate Groestl | Groestl-224 |
Groestl256 |
256-bit hash value producing SHA-3 candidate Groestl | Groestl-256 |
Groestl384 |
384-bit hash value producing SHA-3 candidate Groestl | Groestl-384 |
Groestl512 |
512-bit hash value producing SHA-3 candidate Groestl | Groestl-512 |
JH224 |
224-bit hash value producing SHA-3 candidate JH | JH-224 |
JH256 |
256-bit hash value producing SHA-3 candidate JH | JH-256 |
JH384 |
384-bit hash value producing SHA-3 candidate JH | JH-384 |
JH512 |
512-bit hash value producing SHA-3 candidate JH | JH-512 |
KECCAK224 |
224-bit hash value producing SHA-3 candidate Keccak | KECCAK-224 |
KECCAK256 |
256-bit hash value producing SHA-3 candidate Keccak | KECCAK-256 |
KECCAK384 |
384-bit hash value producing SHA-3 candidate Keccak | KECCAK-384 |
KECCAK512 |
512-bit hash value producing SHA-3 candidate Keccak | KECCAK-512 |
Skein224 |
224-bit hash value producing SHA-3 candidate Skein | Skein-224 |
Skein256 |
256-bit hash value producing SHA-3 candidate Skein | Skein-256 |
Skein384 |
384-bit hash value producing SHA-3 candidate Skein | Skein-384 |
Skein512 |
512-bit hash value producing SHA-3 candidate Skein | Skein-512 |
Digital Signature Algorithms2, 3
Signature sig = Signature.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
RawDSA (Raw Digital
Signature Algorithm) |
"Raw" (input has to be already hashed with SHA-1) DSA signature algorithm as specified in FIPS PUB 186 | NONEwithDSA |
DSA (Digital Signature
Algorithm) |
DSS (DSA with SHA-1) signature algorithm as specified in FIPS PUB 186-2 | SHA/DSA, SHA-1/DSA, DSS, SHAwithDSA, SHA1withDSA, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3 |
SHA224withDSA
(Digital Signature Algorithm with SHA-224) |
DSA signature algorithm using SHA-224 for hash calculation as specified in FIPS PUB 186-3 | SHA224/DSA, SHA-224/DSA, SHA224withDSA, SHA-224withDSA, 2.16.840.1.101.3.4.3.1 |
SHA256withDSA
(Digital Signature Algorithm with SHA-256) |
DSA signature algorithm using SHA-256 for hash calculation as specified in FIPS PUB 186-3 | SHA256/DSA, SHA-256/DSA, SHA256withDSA, SHA-256withDSA, 2.16.840.1.101.3.4.3.2 |
SHA384withDSA
(Digital Signature Algorithm with SHA-384) |
DSA signature algorithm using SHA-384 for hash calculation as specified in FIPS PUB 186-3 | SHA384/DSA, SHA-384/DSA, SHA384withDSA, SHA-384withDSA, 2.16.840.1.101.3.4.3.3 |
SHA512withDSA
(Digital Signature Algorithm with SHA-512) |
DSA signature algorithm using SHA-512 for hash calculation as specified in FIPS PUB 186-3 | SHA512/DSA, SHA-512/DSA, SHA512withDSA, SHA-512withDSA, 2.16.840.1.101.3.4.3.4 |
SHA3-224withDSA
(Digital Signature Algorithm with SHA3-224) |
DSA signature algorithm using SHA3-224 for hash calculation as specified in FIPS PUB 186-3 | SHA3-224/DSA, , 2.16.840.1.101.3.4.3.5 |
SHA3-256withDSA
(Digital Signature Algorithm with SHA3-256) |
DSA signature algorithm using SHA3-256 for hash calculation as specified in FIPS PUB 186-3 | SHA3-256/DSA, 2.16.840.1.101.3.4.3.6 |
SHA3-384withDSA
(Digital Signature Algorithm with SHA3-384) |
DSA signature algorithm using SHA3-384 for hash calculation as specified in FIPS PUB 186-3 | SHA3-384/DSA, 2.16.840.1.101.3.4.3.7 |
SHA3-512withDSA
(Digital Signature Algorithm with SHA3-512) |
DSA signature algorithm using SHA3-512 for hash calculation as specified in FIPS PUB 186-3 | SHA3-512/DSA, 2.16.840.1.101.3.4.3.8 |
SSL/RSA (SSL
with RSA encryption) |
RSA based signature algorithm using the SHA and MD5 hash algorithms for message digest computation as specified by the Secure Sockets Layer (SSL) protocol; in accordance to PKCS#1 | - |
MD2/RSA (MD2
with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the MD2 algorithm for message digest computation as specified in PKCS#1 | MD2WithRSA, MD2withRSA, 1.2.840.113549.1.1.2 |
MD5/RSA (MD5
with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the MD5 algorithm for message digest computation as specified in PKCS#1 | MD5WithRSA, MD5withRSA, 1.2.840.113549.1.1.4 |
SHA1/RSA (SHA
with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the Secure Hash Algorithm (SHA1) for message digest computation; in accordance to PKCS#1 | SHA/RSA, SHA-1/RSA, SHA1/RSA, SHAWithRSA, SHA1WithRSA, SHAwithRSA, SHA1withRSA, SHA-1withRSA, 1.3.14.3.2.29, 1.2.840.113549.1.1.5 |
SHA224/RSA
(SHA224 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA-224 algorithm for message digest computation; in accordance to PKCS#1 | SHA-224/RSA, SHA224WithRSA, SHA224withRSA, 1.2.840.113549.1.1.14 |
SHA256/RSA
(SHA256 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA-256 algorithm for message digest computation; in accordance to PKCS#1 | SHA-256/RSA, SHA256WithRSA, SHA256withRSA, 1.2.840.113549.1.1.11 |
SHA384/RSA
(SHA384 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA-384 algorithm for message digest computation; in accordance to PKCS#1 | SHA-384/RSA, SHA384WithRSA, SHA384withRSA, 1.2.840.113549.1.1.12 |
SHA512/RSA
(SHA512 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA-512 algorithm for message digest computation; in accordance to PKCS#1 | SHA-512/RSA, SHA512WithRSA, SHA512withRSA, 1.2.840.113549.1.1.13 |
SHA512-224/RSA
(SHA512-224 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA512-224 algorithm for message digest computation; in accordance to PKCS#1 | SHA512/224WithRSA, SHA512-224WithRSA, SHA512/224withRSA, SHA512-224withRSA, 1.2.840.113549.1.1.15 |
SHA512-256/RSA
(SHA512-256 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA512-256 algorithm for message digest computation; in accordance to PKCS#1 | SHA512/256WithRSA, SHA512-256WithRSA, SHA512/256withRSA, SHA512-256withRSA, 1.2.840.113549.1.1.16 |
SHA3-224/RSA
(SHA3-224 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA3-224 algorithm for message digest computation; in accordance to PKCS#1 | SHA3-224WithRSA, SHA3-224withRSA, 2.16.840.1.101.3.4.3.13 |
SHA3-256/RSA
(SHA3-256 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA3-256 algorithm for message digest computation; in accordance to PKCS#1 | SHA3-256WithRSA, SHA3-256withRSA, 2.16.840.1.101.3.4.3.14 |
SHA3-384/RSA
(SHA3-384 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA3-384 algorithm for message digest computation; in accordance to PKCS#1 | SHA3-384WithRSA, SHA3-384withRSA, 2.16.840.1.101.3.4.3.15 |
SHA3-512/RSA
(SHA3-512 with RSA encryption) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the SHA3-512 algorithm for message digest computation; in accordance to PKCS#1 | SHA3-512WithRSA, SHA3-512withRSA, 2.16.840.1.101.3.4.3.16 |
RIPEMD160/RSA (rsaSignatureWithRipemd160) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd160 algorithm for message digest computation | RipeMd160WithRSA, RipeMd160withRSA, RIPEMD-160/RSA, 1.3.36.3.3.1.2 |
RIPEMD128/RSA (rsaSignatureWithRipemd128) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd128 algorithm for message digest computation | RipeMd128WithRSA, RipeMd128withRSA, RIPEMD-128/RSA, 1.3.36.3.3.1.3 | RIPEMD128/RSA (rsaSignatureWithRipemd256) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the RipeMd256 algorithm for message digest computation | RipeMd256WithRSA, RipeMd256withRSA, RIPEMD-256/RSA, 1.3.36.3.3.1.4 |
WHIRLPOOL/RSA (rsaSignatureWithWhirlpool) |
RSA PKCS#1v1.5 based signature algorithm (PKCS#1) using the Whirlpool algorithm (ISO/IEC 10118-3) for message digest computation | WHIRLPOOLWithRSA, WHIRLPOOLwithRSA, WHIRLPOOL/RSA |
RSA (Raw RSA) |
Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do all the hashing and DigestInfo coding outside. | RawRSA, NONEwithRSA, RSAforSSL |
RawRSASSA-PKCS1-v1_5 (Raw RSA PKCS1v1.5) |
Raw RSA PKCS#1v1.5 based signature algorithm (PKCS#1) requiring the application to do the hashing outside. | RSAPkcs15, RawRSAPkcs15, NONEwithRSAPkcs15, RSASSA-PKCS1-v1_5, RawRSASSA-PKCS1-v1_5, NONEwithRSASSA-PKCS1-v1_5 |
MD2withRSAandMGF1 (RSA PSS with MD2 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using MD2 as hash and MGF1 as mask generation algorithm. | - |
MD5withRSAandMGF1 (RSA PSS with MD5 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using MD5 as hash and MGF1 as mask generation algorithm. | - |
SHA1withRSAandMGF1 (RSA PSS with SHA-1 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA-1 as hash and MGF1 as mask generation algorithm. | SHAwithRSAandMGF1, SHA-1withRSAandMGF1 |
SHA224withRSAandMGF1 (RSA PSS with SHA224 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA224 as hash and MGF1 as mask generation algorithm. | SHA-224withRSAandMGF1 |
SHA256withRSAandMGF1 (RSA PSS with SHA256 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA256 as hash and MGF1 as mask generation algorithm. | SHA-256withRSAandMGF1 |
SHA384withRSAandMGF1 (RSA PSS with SHA384 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA384 as hash and MGF1 as mask generation algorithm. | SHA-384withRSAandMGF1 |
SHA512withRSAandMGF1 (RSA PSS with SHA512 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA512 as hash and MGF1 as mask generation algorithm. | SHA-512withRSAandMGF1 |
SHA512/224withRSAandMGF1 (RSA PSS with SHA512/224 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA512/224 as hash and MGF1 as mask generation algorithm. | SHA512-224withRSAandMGF1 |
SHA512/256withRSAandMGF1 (RSA PSS with SHA512/256 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA512/256 as hash and MGF1 as mask generation algorithm. | SHA512-256withRSAandMGF1 |
SHA3-224withRSAandMGF1 (RSA PSS with SHA3-224 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA3-224 as hash and MGF1 as mask generation algorithm. | - |
SHA3-256withRSAandMGF1 (RSA PSS with SHA3-256 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA3-256 as hash and MGF1 as mask generation algorithm. | - |
SHA3-384withRSAandMGF1 (RSA PSS with SHA3-384 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA3-384 as hash and MGF1 as mask generation algorithm. | - |
SHA3-512withRSAandMGF1 (RSA PSS with SHA3-512 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using SHA3-512 as hash and MGF1 as mask generation algorithm. | - |
RIPEMD128withRSAandMGF1 (RSA PSS with RipeMd128 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd128 as hash and MGF1 as mask generation algorithm. | RIPEMD-128withRSAandMGF1 |
RIPEMD160withRSAandMGF1 (RSA PSS with RipeMd160 and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using RipeMd160 as hash and MGF1 as mask generation algorithm. | RIPEMD-160withRSAandMGF1 |
WHIRLPOOLwithRSAandMGF1 (RSA PSS with WHIRLPOOL and MGF1) |
RSA PKCS#1v2.1 PSS based signature algorithm using WHIRLPOOL as hash and MGF1 as mask generation algorithm. | - |
RSASSA-PSS (RSA
PSS) |
RSA PKCS#1v2.1 PSS signature algorithm; all parameters have to be supplied by the application. | RSAPss, PSS, 1.2.840.113549.1.1.10 |
RawRSASSA-PSS
(Raw RSA PSS) |
RSA PKCS#1v2.1 PSS signature algorithm; all parameters and message hash have to be supplied by the application. | RawRSAPss, RawPSS, NONEwithRSAPss |
RSA-ISO9796-2 (RSA ISO9796-2 S1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery | RSA-ISO9796-2-1 |
RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2 S3) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery | 1.3.36.3.4.2.2, 1.3.36.3.4.2.3 |
SHA/RSA-ISO9796-2 (RSA ISO9796-2 S1 with SHA-1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using SHA-1 as hash algorithm | SHA1/RSA-ISO9796-2, SHA-1/RSA-ISO9796-2, SHAwithRSA/ISO9796-2, SHA1withRSA/ISO9796-2, SHA-1withRSA/ISO9796-2, SHA/RSA-ISO9796-2-1, SHA1/RSA-ISO9796-2-1, SHA-1/RSA-ISO9796-2-1 |
SHA256/RSA-ISO9796-2 (RSA ISO9796-2 S1 with SHA-256) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using SHA-256 as hash algorithm | SHA-256/RSA-ISO9796-2, SHA256withRSA/ISO9796-2, SHA-256withRSA/ISO9796-2, SHA256/RSA-ISO9796-2-1, SHA-256/RSA-ISO9796-2-1 |
SHA384/RSA-ISO9796-2 (RSA ISO9796-2 S1 with SHA-384) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using SHA-384 as hash algorithm | SHA-384/RSA-ISO9796-2, SHA384withRSA/ISO9796-2, SHA-384withRSA/ISO9796-2, SHA384/RSA-ISO9796-2-1, SHA-384/RSA-ISO9796-2-1 |
SHA512/RSA-ISO9796-2 (RSA ISO9796-2 S1 with SHA-512) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using SHA-512 as hash algorithm | SHA-512/RSA-ISO9796-2, SHA512withRSA/ISO9796-2, SHA-512withRSA/ISO9796-2, SHA512/RSA-ISO9796-2-1, SHA-512/RSA-ISO9796-2-1 |
RIPEMD128/RSA-ISO9796-2 (RSA ISO9796-2 S1 with RIPEMD-128) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using RIPEMD-128 as hash algorithm | RIPEMD-128/RSA-ISO9796-2, RIPEMD128withRSA/ISO9796-2, RIPEMD-128withRSA/ISO9796-2, RIPEMD128/RSA-ISO9796-2-1, RIPEMD-128/RSA-ISO9796-2-1 |
RIPEMD160/RSA-ISO9796-2 (RSA ISO9796-2 S1 with RIPEMD-160) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using RIPEMD-160 as hash algorithm | RIPEMD-160/RSA-ISO9796-2, RIPEMD160withRSA/ISO9796-2, RIPEMD-160withRSA/ISO9796-2, RIPEMD160/RSA-ISO9796-2-1, RIPEMD-160/RSA-ISO9796-2-1 |
WHIRLPOOL/RSA-ISO9796-2 (RSA ISO9796-2 S1 with WHIRLPOOL) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S1) with message recovery using WHIRLPOOL as hash algorithm | WHIRLPOOL/RSA-ISO9796-2, WHIRLPOOLwithRSA/ISO9796-2, WHIRLPOOL/RSA-ISO9796-2-1 |
SHAandMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with SHA-1 and MGF1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using SHA-1 as hash and MGF1 as mask generation algorithm | SHA1andMGF1/RSA-ISO9796-2-2-3, SHA-1andMGF1/RSA-ISO9796-2-2-3, SHAwithRSAandMGF1/ISO9796-2, SHA1withRSAandMGF1/ISO9796-2, SHA-1withRSAandMGF1/ISO9796-2, 1.3.36.3.4.2.2.1, 1.3.36.3.4.2.3.1 |
SHA256andMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with SHA-256 and MGF1)
|
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using SHA-256 as hash and MGF1 as mask generation algorithm | SHA-256andMGF1/RSA-ISO9796-2-2-3, SHA256withRSAandMGF1/ISO9796-2, SHA-256withRSAandMGF1/ISO9796-2 |
SHA384andMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with SHA-384 and MGF1)
|
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using SHA-384 as hash and MGF1 as mask generation algorithm | SHA-384andMGF1/RSA-ISO9796-2-2-3, SHA384withRSAandMGF1/ISO9796-2, SHA-384withRSAandMGF1/ISO9796-2 |
SHA512andMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with SHA-512 and MGF1)
|
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using SHA-512 as hash and MGF1 as mask generation algorithm | SHA-512andMGF1/RSA-ISO9796-2-2-3, SHA512withRSAandMGF1/ISO9796-2, SHA-512withRSAandMGF1/ISO9796-2 |
RIPEMD128andMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with RIPEMD-128 and
MGF1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using RIPEMD-128 as hash and MGF1 as mask generation algorithm | RIPEMD-128andMGF1/RSA-ISO9796-2-2-3, RIPEMD128withRSAandMGF1/ISO9796-2, RIPEMD-128withRSAandMGF1/ISO9796-2 |
RIPEMD160andMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with RIPEMD-160 and
MGF1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using RIPEMD-160 as hash and MGF1 as mask generation algorithm | RIPEMD-160andMGF1/RSA-ISO9796-2-2-3, RIPEMD160withRSAandMGF1/ISO9796-2, RIPEMD-160withRSAandMGF1/ISO9796-2, 1.3.36.3.4.2.2.2, 1.3.36.3.4.2.3.2 |
WHIRLPOOLandMGF1/RSA-ISO9796-2-2-3 (RSA ISO9796-2 S2, S3 with SHA-512 and
MGF1) |
RSA based ISO 9796-2 (2002) signature algorithm (scheme S2, S3) with message recovery using WHIRLPOOL as hash and MGF1 as mask generation algorithm | WHIRLPOOLandMGF1/RSA-ISO9796-2-2-3, WHIRLPOOLwithRSAandMGF1/ISO9796-2, WHIRLPOOLwithRSAandMGF1/ISO9796-2 |
Key Pair Generators
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
RSA (RSA key
pair generator) |
Key pair generation method for the RSA signature scheme as described in PKCS#1. The RSA modulus is generated according to IEEE P1363. | - |
RSA-FIPS-186-3 (RSA key pair generator) |
Key pair generation method for the RSA signature scheme as described in PKCS#1. The RSA modulus is generated according to FIPS 186-3 | RSA-FIPS |
RSASSA-PSS (RSA-PSS key pair generator) |
Key pair generator for generating RSASSA-PSS keys according to RFC 4055 to be used for the RSASSA-PSS signature scheme as specified by PKCS#1v2.1. The RSA modulus is generated according to IEEE P1363. | RSA-PSS, PSS, 1.2.840.113549.1.1.10 |
RSASSA-PSS-FIPS-186-3 (RSA-PSS key pair generator) |
Key pair generator for generating RSASSA-PSS keys according to RFC 4055 to be used for the RSASSA-PSS signature scheme as specified by PKCS#1v2.1. The RSA modulus is generated according to FIPS 186-3 | RSA-PSS-FIPS-186-3, RSA-PSS-FIPS, PSS-FIPS-186-3, PSS-FIPS |
DSA (DSA key
pair generator) |
Key pair generation method for the DSA algorithm as described in FIPS PUB 186-2 | SHAwithDSA, SHA1withDSA, SHA-1withDSA, SHA/DSA, SHA1/DSA, SHA-1/DSA, 1.3.14.3.2.12, 1.2.840.10040.4.1 |
SHA224withDSA (DSA key
pair generator) |
Key pair generation method for the DSA algorithm as described in FIPS PUB 186-2 | SHAwithDSA, SHA-1withDSA, SHA/DSA, SHA1/DSA, SHA-1/DSA, 1.3.14.3.2.12, 1.2.840.10040.4.1 |
SHA224withDSA (DSA/SHA224 key pair generator) |
Key pair generation method for the DSA algorithm using SHA-224 for parameter generation as specified in FIPS PUB 186-3 | SHA224/DSA, SHA-224/DSA, SHA224withDSA, SHA-224withDSA, 2.16.840.1.101.3.4.3.1 |
SHA256withDSA (DSA/SHA256 key pair generator) |
Key pair generation method for the DSA algorithm using SHA-256 for parameter generation as specified in FIPS PUB 186-3 | SHA256/DSA, SHA-256/DSA, SHA256withDSA, SHA-256withDSA, 2.16.840.1.101.3.4.3.2 |
Key Factories
KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
RSA (RSA key
factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1 | - |
RSASSA-PSS
(RSA-PSS key facrory) |
Key factory for converting RSASSA-PSS ( RFC 4055) keys into key specifications (and vice versa) to to be used for the RSASSA-PSS signature scheme as specified by PKCS#1v2.1 | RSA-PSS, PSS, 1.2.840.113549.1.1.10 |
DSA (DSA key
factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186-2 | SHAwithDSA, SHA1withDSA, SHA-1withDSA, SHA/DSA, SHA1/DSA, SHA-1/DSA, 1.3.14.3.2.12, 1.2.840.10040.4.1, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3, SHA224/DSA, SHA-224/DSA, SHA224withDSA, SHA-224withDSA, 2.16.840.1.101.3.4.3.1, SHA256/DSA, SHA-256/DSA, SHA256withDSA, SHA-256withDSA, 2.16.840.1.101.3.4.3.2 |
Algorithm Parameter Generators
AlgorithmParameterGenerator paramGen =
AlgorithmParameterGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
|
||
| Standard Name | Specification | Aliases |
DSA (DSA
parameter generator) |
Generator for creating parameters (prime, sub-prime, base generator) to be used for DSA according to FIPS PUB 186. | SHAwithDSA, SHA1withDSA, SHA-1withDSA, SHA/DSA, SHA1/DSA, SHA-1/DSA, 1.3.14.3.2.12, 1.2.840.10040.4.1, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3 |
SHA224withDSA (DSA/SHA224 parameter generator) |
DSA parameter generator using SHA-224 as hash algorithm as specified in FIPS PUB 186-3 | SHA224/DSA, SHA-224/DSA, SHA224withDSA, SHA-224withDSA, 2.16.840.1.101.3.4.3.1 |
SHA256withDSA (DSA/SHA256 parameter generator) |
DSA parameter generator using SHA-256 as hash algorithm as specified in FIPS PUB 186-3 | SHA256/DSA, SHA-256/DSA, SHA256withDSA, SHA-256withDSA, 2.16.840.1.101.3.4.3.2 |
Algorithm Parameters
AlgorithmParameters params =
AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");
|
||
| Standard Name | Specification | Aliases |
DSA (DSA
parameters) |
Algorithm parameters (p, q, g) representation for the Digital Signature Algorithm (DSA) | SHAwithDSA, SHA1withDSA, SHA-1withDSA, SHA/DSA, SHA1/DSA, SHA-1/DSA, 1.3.14.3.2.12, 1.2.840.10040.4.1, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.2.840.10040.4.3, SHA224/DSA, SHA-224/DSA, SHA224withDSA, SHA-224withDSA, 2.16.840.1.101.3.4.3.1, SHA256/DSA, SHA-256/DSA, SHA256withDSA, SHA-256withDSA, 2.16.840.1.101.3.4.3.2 |
RawRSASSA-PKCS1-v1_5 (RSA PKCS1v1.5 signature algorithm parameters) |
Algorithm parameters for the RSASSA-PKCS1-v1_5 signature
scheme (see PKCS#1; only may be used to specify the hash algorithm
when using a raw RSA PKCS1v1.5 signature engine |
RSASSA-PKCS1-v1_5, RSAPkcs15, RawRSAPkcs15, NONEwithRSAPkcs15, NONEwithRSASSA-PKCS1-v1_5 |
RSASSA-PSS (RSA
PSS parameters) |
Algorithm parameters for the RSA PKCS#1v2.1 PSS signature scheme | RSA-PSS, RSAPss, PSS, 1.2.840.113549.1.1.10 |
ISO9796-2-RM
(ISO 9796-2 recovered message) |
Algorithm parameters to may be get from an ISO 9796-2
Signature engine for retrieving
the recovered part of the messafe |
- |
MGF1 (MGF1
parameters) |
Algorithm parameters for the RSA PKCS#1v2.1 MGF1 mask generation function as used by the PSS signature and OAEP encryption scheme | mgf1, 1.2.840.113549.1.1.8 |
Key Stores
KeyStore keyStore = KeyStore.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
IAIKKeyStore
(IAIK key store) |
The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 Password-Based Cryptography Standard | KeyStore |
PKCS12 (PKCS#12
key store) |
The PKCS12 keystore uses the PKCS#12 (Personal Information Exchange Syntax) standard format to read and store keys and certificates. This allows key exchange with various other products like Microsoft Windows, Microsoft Internet Explorer, Microsoft Outlook, Firefox, Thunderbird and many more. | PKCS#12 |
Certificate Factories
X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
X.509 (X.509
certificate factory) |
Certifcate factory for generating X.509 certificates and CRLs (as specified in the RFC 3280) from their encodings | - |
Qualified (Qualified certificate factory) |
Certifcate factory for generating qualified certificates from their encodings according to the PKIX Qualified Certificate Profile | - |
X.509 AC (Attribute certificate factory) |
Certifcate factory for generating attribute certificates and attribute certificate revocation lists from their encodings according to the PKIX Attribute Certificate Profile for Authorization | X.509-AC, X509 AC, X509-AC, X509_AC, AC |
Mask Generation Functions
MaskGenerationAlgorithm mga = MaskGenerationAlgorithm.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
MGF1 |
(PKCS#1v2.1) mask generation function MGF1 as used by the PSS signature and OAEP encryption scheme. | mgf1, 1.2.840.113549.1.1.8 |
Secure Random Generators
SecureRandom random = SecureRandom.getInstance(<Standard Name> | <Alias>, "IAIK");or SecureRandom random = new <Class Name>(); |
||
| Standard Name | Class Name | Specification | - |
SHA1PRNG |
A SHA-1 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | - |
MD5Random
(not available via SecureRandom.getInstance()) |
A MD5 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | - |
RipeMd128Random
(not available via SecureRandom.getInstance()) |
A RIPEMD-128 hash-based secure random | - |
RipeMD160PRNG
|
A RIPEMD-160 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | RIPEMD160PRNG |
SHA256PRNG |
A SHA-256 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | - |
SHA384PRNG |
A SHA-384 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | - |
SHA512PRNG |
A SHA-512 hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | - |
WhirlpoolPRNG
|
A WHIRLPOOL hash-based secure random according to example E.5 of the AIS 20 (v2.0) document for Common Criteria from BSI. | WHIRLPOOLPRNG |
SHA1PRNG-FIPS186 |
A SHA-1 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. | SHA1PRNG-FIPS |
RipeMd160PRNG-FIPS186 |
A RIPEMD-160 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. | RipeMd160PRNG-FIPS |
SHA256PRNG-FIPS186 |
A SHA-256 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. | SHA256PRNG-FIPS |
SHA384PRNG-FIPS186 |
A SHA-384 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. | SHA384PRNG-FIPS |
SHA512PRNG-FIPS186 |
A SHA-512 hash-based secure random according to the general purpose version of the FIPS 186-2 random generator. | SHA512PRNG-FIPS |
SHA1PRNG-SP80090 |
A SHA-1 hash-based secure random according to NIST SP800-90 | - |
SHA224PRNG-SP80090 |
A SHA-224 hash-based secure random according to NIST SP800-90 | - |
SHA256PRNG-SP80090 |
A SHA-256 hash-based secure random according to SHA256PRNG-SP80090 | - |
SHA384PRNG-SP80090 |
A SHA-384 hash-based secure random according to NIST SP800-90 | - |
SHA512PRNG-SP80090 |
A SHA-512 hash-based secure random according to NIST SP800-90 | - |
HMacSHA1PRNG-SP80090 |
A HMac/SHA-1 hash-based secure random according to NIST SP800-90 | - |
HMacSHA224PRNG-SP80090 |
A HMac/SHA-224 hash-based secure random according to NIST SP800-90 | - |
HMacSHA256PRNG-SP80090 |
A HMac/SHA-256 hash-based secure random according to NIST SP800-90 | - |
HMacSHA384PRNG-NISTSP80090 |
A HMac/SHA-384 hash-based secure random according to NIST SP800-90 | HMacSHA384PRNG-SP80090 |
HMacSHA512PRNG-SP80090 |
A HMac/SHA-512 hash-based secure random according to NIST SP800-90 | - |
AES128PRNG-SP80090 |
An AES-128 hash-based secure random according to NIST SP800-90 | - |
AES192PRNG-SP80090 |
An AES-192 hash-based secure random according to NIST SP800-90 | - |
AES256PRNG-SP80090 |
An AES-256 hash-based secure random according to NIST SP800-90 | - |
DESedePRNG |
A triple DES based secure random according to ANSI X9.17. | 3DESPRNG, TripleDESPRNG |
| JCE implementations | ||
|---|---|---|
Ciphers1
Cipher cipher = Cipher.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
AES (Advanced
Encryption Standard AES) |
Block cipher with variable block length (this implementation uses 128 bit) and key length, designed by Joan Daemen and Vincent Rijmen, see http://www.nist.gov/aes/. | AES, AES128, AES-128, AES_128, AES192, AES-192, AES_192, AES256, AES-256, AES_256, Rijndael |
Blowfish (Blowfish) |
64-bit block cipher with variable length keys (up to 448 bits); developed by Bruce Schneier | - |
Camellia (Camellia) |
128 bit block cipher with 128-, 192- and 256-bit key sizes, developed by Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation, see http://www.ietf.org/rfc/rfc3713.txt. | Camellia128, Camellia-128, Camellia_128, Camellia192, Camellia-192, Camellia_192, Camellia256, Camellia-256, Camellia_256 |
CAST128 (Carlisle
Adams and Stafford Tavares) |
64 bit Feistel type block cipher with a key length of 40-128 bits | CAST, CAST5 |
ChaCha20 |
256bit-key-size stream cipher, specified by RFC 7539. | - |
ChaCha20Poly1305 |
AEAD algorithm, specified by RFC 8439 Based on the ChaCha20 stream cipher and Poly1305 message authentication algorithm. | ChaCha20-Poly1305, 1.2.840.113549.1.9.16.3.18 |
DES (Data Encryption
Standard) |
Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 | - |
DESede (Triple DES)
|
A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on two or three keys | 3DES |
ElGamal |
Public key encryption algorithm scheme over prime fields | ElGamal/ECB/PKCS1Padding, 1.3.14.7.2.1.1 |
GOST (Gosudarstvennyi
Standard) |
Russian 64 bit Feistel based block cipher with a key length of 256 bits; described in the goverment standard GOST 28147-89 | - |
IDEA (International Data
Encryption Algorithm) |
Symmetric 64-bit block encryption algorithm, patented by MediaCrypt; key length: 128 bits | - |
MARS (AES candidate) |
128 bit block cipher with a total of 32 rounds and accepts keys from 128 to 448 bits, specified by IBM in their paper MARS - a candidate cipher for AES available at http://www.research.ibm.com/security/mars.html. | - |
RC2 (Ron's Code 2;
Rivest Cipher 2) |
Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; described in RFC2268 | - |
ARCFOUR |
Variable-key-size stream cipher, specified by the IETF draft "A Stream Cipher Encryption Algorithm 'Arcfour'" (draft-kaukonen-cipher-arcfour-03.txt). It is believed to be compatible with RC4[TM] (described for example in Bruce Schneier's Applied Cryptography), a proprietary cipher of RSA Security Inc.. | RC4 |
RC5 (Ron's Code 5;
Rivest Cipher 5) |
Variable-key-size 64-Bit block cipher with variable number of rounds; developed by Ron Rivest for RSA Data Security, Inc. The RC5 [TM] algorithm is patented, for licensing conditions contact RSA DSI. | - |
RC6 (AES candidate) |
128 bit block cipher with 20 rounds aimed at the keysizes of 128, 192, and 256 bits, specified by Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin in their paper The RC6 [TM] Block Cipher available from the AES Web site at http://www.nist.gov/aes/. | - |
Rijndael (Advanced
Encryption Standard AES) |
Block cipher with variable block length (this implementation uses 128 bit) and key length, designed by Joan Daemen and Vincent Rijmen, see http://www.nist.gov/aes/. | AES, AES128, AES-128, AES_128, AES192, AES-192, AES_192, AES256, AES-256, AES_256 |
Rijndael-256
(Rijndael 256) |
Rijndael cipher implementation for block size of 256 bit | - |
RSA (Rivest Shamir
Adleman) |
Public key encryption algorithm, developed by Ron Rivest, Adi Shamir and Leonard Adleman; described in PKCS#1. See note about blinding. | RSA/ECB/PKCS1Padding |
Serpent (AES
candidate) |
128 bit block cipher with variable key length, designed R. Anderson, E. Biham, L. Knudsen, see http://www.nist.gov/aes/. | - |
Twofish (AES
candidate) |
128-bit Feistel-type block cipher that accepts a variable-length key up to 256 bits, developed by B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, see http://www.nist.gov/aes/. | - |
PbeWithMD5AndDES_CBC (password based "MD5 with DES-CBC" algorithm) |
Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS#5 | PBEWithMD5AndDES, 1.2.840.113549.1.5.3 |
PbeWithSHAAnd3_KeyTripleDES_CBC (password based "SHA with TripleDES-CBC"
algorithm) |
Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in "http://www.rsa.com/rsalabs/pkcs/" target="_blank">PKCS#12 | PBEWithSHA1And3_KeyTripleDES_CBC, PBEWithSHA1AndDESede, 1.2.840.113549.1.12.1.3 |
PbeWithSHAAnd40BitRC2_CBC (password based "SHA with 40BitRC2-CBC" algorithm)
|
Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12 | PBEWithSHA1AndRC2_40, 1.2.840.113549.1.12.1.6 |
AESWrapAES (AES
Key Wrap) |
AES key wrap algorithm as specified by RFC 3394 for wrapping AES content encryption keys with AES key encryption keys | AESWRAP, AES128WRAP, AES128WrapAES128, AESWrap_128, 2.16.840.1.101.3.4.1.5, AES192WRAP, AES192WrapAES192, AESWrap_192 2.16.840.1.101.3.4.1.25, AES256WRAP, AES256WrapAES256, AESWrap_256, 2.16.840.1.101.3.4.1.45 |
AESWrapWithPadding (AES
Key Wrap with Padding) |
AES key wrap with padding algorithm as specified by RFC 5649 for wrapping keys of any size with AES key encryption keys | AESWrapWithPadding, AES128WrapWithPadding, AESRFC5649Wrap, AES128RFC5649Wrap, AESRFC5649Wrap_128, 2.16.840.1.101.3.4.1.8, AES192WRAPWithPadding, AES192RFC5649Wrap, AESRFC5649Wrap_192, 2.16.840.1.101.3.4.1.28, AES256WRAPWithPadding, AES256RFC5649Wrap, AESRFC5649Wrap_256, 2.16.840.1.101.3.4.1.48 |
CamelliaWrapCamellia (Camellia Key Wrap) |
Camellia key wrap algorithm as specified by RFC 3657 for wrapping Camellia content encryption keys with Camellia key encryption keys | CamelliaWRAP, Camellia128WRAP, Camellia128WrapCamellia128, CamelliaWrap_128, 1.2.392.200011.61.1.1.3.2, Camellia192WRAP, Camellia192WrapCamellia192, CamelliaWrap_192, 1.2.392.200011.61.1.1.3.3, Camellia256WRAP, Camellia256WrapCamellia256, CamelliaWrap_256, 1.2.392.200011.61.1.1.3.4 |
PBES2 (Password Based Encryption Scheme 2) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 (using AES128-CBC as cipher algorithm and hMAC-SHA1 as PRF by default) | 1.2.840.113549.1.5.13 |
PBES2WithHmacSHA1AndAES (PBES2 with hMAC-SHA1 and AES128-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES128-CBC as cipher algorithm and hMAC-SHA1 as PRF | PBES2WithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES, PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES_128 |
PBES2WithHmacSHA1AndAES256 (PBES2 with hMAC-SHA1 and AES256-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES256-CBC as cipher algorithm and hMAC-SHA256 as PRF | PBES2WithHmacSHA1AndAES256, PBEWithHmacSHA1AndAES256, PBEWithHmacSHA1AndAES256, PBEWithHmacSHA1AndAES_256 |
PBES2WithHmacSHA224AndAES (PBES2 with hMAC-SHA224 and AES128-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES128-CBC as cipher algorithm and hMAC-SHA224 as PRF | PBES2WithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES, PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES_128 |
PBES2WithHmacSHA224AndAES256 (PBES2 with hMAC-SHA224 and AES256-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES256-CBC as cipher algorithm and hMAC-SHA256 as PRF | PBES2WithHmacSHA224AndAES256, PBEWithHmacSHA224AndAES256, PBEWithHmacSHA224AndAES256, PBEWithHmacSHA224AndAES_256 |
PBES2WithHmacSHA256AndAES (PBES2 with hMAC-SHA256 and AES128-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES128-CBC as cipher algorithm and hMAC-SHA256 as PRF | PBES2WithHmacSHA256AndAES128, PBES2WithHmacSHA256AndAES_128, PBEWithHmacSHA256AndAES, PBEWithHmacSHA256AndAES128, PBES2WithHmacSHA256AndAES_128, PBEWithHmacSHA256AndAES_128 |
PBES2WithHmacSHA256AndAES256 (PBES2 with hMAC-SHA256 and AES256-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES256-CBC as cipher algorithm and hMAC-SHA256 as PRF | PBES2WithHmacSHA256AndAES_256, PBEWithHmacSHA256AndAES256, PBEWithHmacSHA256AndAES_256 |
PBES2WithHmacSHA384AndAES (PBES2 with hMAC-SHA384 and AES128-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES128-CBC as cipher algorithm and hMAC-SHA384 as PRF | PBES2WithHmacSHA384AndAES128, PBES2WithHmacSHA384AndAES_128, PBEWithHmacSHA384AndAES, PBEWithHmacSHA384AndAES128, PBES2WithHmacSHA384AndAES_128, PBEWithHmacSHA384AndAES_128 |
PBES2WithHmacSHA384AndAES192 (PBES2 with hMAC-SHA384 and AES192-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES192-CBC as cipher algorithm and hMAC-SHA384 as PRF | PBES2WithHmacSHA384AndAES_192, PBEWithHmacSHA384AndAES192, PBEWithHmacSHA384AndAES_192 |
PBES2WithHmacSHA384AndAES256 (PBES2 with hMAC-SHA384 and AES256-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES256-CBC as cipher algorithm and hMAC-SHA384 as PRF | PBES2WithHmacSHA384AndAES_256, PBEWithHmacSHA384AndAES256, PBEWithHmacSHA384AndAES_256 |
PBES2WithHmacSHA512AndAES256 (PBES2 with hMAC-SHA512 and AES256-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using AES256-CBC as cipher algorithm and hMAC-SHA512 as PRF | PBES2WithHmacSHA512AndAES_256, PBEWithHmacSHA512AndAES256, PBEWithHmacSHA512AndAES_256 |
PBES2WithHmacSHA1AndDESede (PBES2 with hMAC-SHA1 and DESede-CBC) |
Password based key-encryption algorithm for encrypting a given message with the PBES2 password scheme according to PKCS#5v2.1 using DESede-CBC as cipher algorithm and hMAC-SHA1 as PRF | PBEWithHmacSHA1AndDESede, PBES2WithHmacSHA1AndTripleDES, PBEWithHmacSHA1AndTripleDES |
AESWrapAES (AES
Key Wrap) |
AES key wrap algorithm as specified by RFC 3394 for wrapping AES content encryption keys with AES key encryption keys | AESWRAP, AES128WRAP, AES128WrapAES128, AESWrap_128, 2.16.840.1.101.3.4.1.5, AES192WRAP, AES192WrapAES192, AESWrap_192, 2.16.840.1.101.3.4.1.25, AES256WRAP, AES256WrapAES256, AESWrap_256, 2.16.840.1.101.3.4.1.45 |
CamelliaWrapCamellia (Camellia Key Wrap) |
Camellia key wrap algorithm as specified by RFC 3657 for wrapping Camellia content encryption keys with Camellia key encryption keys | CamelliaWRAP, Camellia128WRAP, Camellia128WrapCamellia128, CamelliaWrap_128, 1.2.392.200011.61.1.1.3.2, Camellia192WRAP, Camellia192WrapCamellia192, CamelliaWrap_192, 1.2.392.200011.61.1.1.3.3, Camellia256WRAP, Camellia256WrapCamellia256, CamelliaWrap_256, 1.2.392.200011.61.1.1.3.4 |
CAST128WrapCAST128 (CAST128 Key Wrap) |
CAST128 key wrap algorithm as used by CMS for wrapping CAST128 content encryption keys with CAST128 key encryption keys | CAST5WrapCAST5, CASTWrapCAST, CASTWRAP, CAST128WRAP, CAST5WRAP, CAST128Wrap, CAST5Wrap, 1.2.840.113533.7.66.15 |
DESedeWrapDESede (Triple-DES Key Wrap) |
Triple-DES key wrap algorithm as used by CMS for wrapping TripleDES content encryption keys with TripleDES key encryption keys | 3DESWrap3DES, TripleDESWrapTripleDES, DESEDEWRAP, 1.2.840.113549.1.9.16.3.6 |
IDEAWrapIDEA
(IDEA Key Wrap) |
IDEA key wrap algorithm as used by CMS for wrapping IDEA content encryption keys with IDEA key encryption keys | IdeaWrapIdea, IDEAWRAP, IDEAWrap, 1.3.6.1.4.1.188.7.1.1.6 |
RC2WrapRC2 (RC2
Key Wrap) |
RC2 key wrap algorithm as used by CMS for wrapping RC2 content encryption keys with RC2 key encryption keys | RC2WRAP, RC2Wrap, 1.2.840.113549.1.9.16.3.7 |
3DESwrapHMAC
(3DES based HMAC Key Wrap) |
Key wrap algorithm as used by CMS for wrapping a HMAC key with a 3DES key encryption key according to RFC 3537 | HMACwith3DESwrap, HMACwithTripleDESwrap, HMACwithDESedewrap, 1.2.840.113549.1.9.16.3.11 |
AESwrapHMAC
(AES based HMAC Key Wrap) |
Key wrap algorithm as used by CMS for wrapping a HMAC key with an AES key encryption key according to RFC 3537 | HMACwithAESwrap, 1.2.840.113549.1.9.16.3.12 |
AESCBCCMac128
(AES-CBC-CMAC-128) |
AES-CBC-CMAC authenticated encryption algorithm for 128 bit AES keys as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac128, AESCMac-128, AESCMac_128, AESCBCCMac-128, AESCBCCMac_128, AES-CMAC-128, AES-CBC-CMAC-128, 0.4.0.127.0.7.1.3.1.1.2 |
AESCBCCMac192
(AES-CBC-CMAC-192) |
AES-CBC-CMAC authenticated encryption algorithm for 192 bit AES keys as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac192, AESCMac-192, AESCMac_192, AESCBCCMac-192, AESCBCCMac_192, AES-CMAC-192, AES-CBC-CMAC-192, 0.4.0.127.0.7.1.3.1.1.3 |
AESCBCCMac256
(AES-CBC-CMAC-256) |
AES-CBC-CMAC authenticated encryption algorithm for 256 bit AES keys as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac256, AESCMac-256, AESCMac_256, AESCBCCMac-256, AESCBCCMac_256, AES-CMAC-256, AES-CBC-CMAC-256, 0.4.0.127.0.7.1.3.1.1.4 |
Key Exchange Algorithms
KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
DH (Diffie Hellman
Key Agreement) |
DH key exchange protocol as described in PKCS#3 | DiffieHellman, Diffie-Hellman, 1.2.840.113549.1.3.1 |
ESDH (Ephemeral
Static Diffie Hellman Key Agreement) |
ESDH key exchange based algorithm for generating shared key materialas as described in RFC 2631 | ESDiffieHellman, 1.2.840.113549.1.9.16.3.5 |
Message Authentiaction Codes
MAC mac = MAC.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
HMAC/MD5 (HMAC with MD5)
|
Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm | HmacMD5, 1.3.6.1.5.5.8.1.1 |
HMAC/SHA1 (HMAC with SHA1)
|
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm | HmacSHA1, HMAC/SHA-1, HMAC/SHA, 1.3.6.1.5.5.8.1.2, 1.2.840.113549.2.7 |
HMAC/SHA224 (HMAC
with SHA224) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-224 as message digest algorithm | HmacSHA224, HMAC/SHA-224, 1.2.840.113549.2.8 |
HMAC/SHA256 (HMAC
with SHA256) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-256 as message digest algorithm | HmacSHA256, HMAC/SHA-256, 1.2.840.113549.2.9 |
HMAC/SHA384 (HMAC
with SHA384) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-384 as message digest algorithm | HmacSHA384, HMAC/SHA-384, 1.2.840.113549.2.10 |
HMAC/SHA512 (HMAC
with SHA512) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512 as message digest algorithm | HmacSHA512, HMAC/SHA-512, 1.2.840.113549.2.11 |
HMAC/SHA512-224 (HMAC
with SHA-512/224) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512/224 as message digest algorithm | HmacSHA512/224, HMAC/SHA-512-224 |
HMAC/SHA512-256 (HMAC
with SHA-512/256) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512/256 as message digest algorithm | HmacSHA512/256, HMAC/SHA-512-256 |
HMAC/SHA3-224 (HMAC
with SHA3-224) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-224 as message digest algorithm | HmacSHA3-224, HMAC/SHA3-224, 2.16.840.1.101.3.4.2.13 |
HMAC/SHA3-256 (HMAC
with SHA3-256) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-256 as message digest algorithm | HmacSHA3-256, HMAC/SHA3-256, 2.16.840.1.101.3.4.2.14 |
HMAC/SHA3-384 (HMAC
with SHA3-384) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-384 as message digest algorithm | HmacSHA3-384, HMAC/SHA3-384, 2.16.840.1.101.3.4.2.15 |
HMAC/SHA3-512 (HMAC
with SHA3-512) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-512 as message digest algorithm | HmacSHA3-512, HMAC/SHA3-512, 2.16.840.1.101.3.4.2.16 |
HMAC/RIPEMD128
(HMAC with RipeMd128) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd128 as message digest algorithm | HmacRipeMd128, HMAC/RIPEMD-128, HMAC/RipeMd128 |
HMAC/RIPEMD160
(HMAC with RipeMd160) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd160 as message digest algorithm | HmacRipeMd160, HMAC/RIPEMD-160, 1.3.6.1.5.5.8.1.4, HMAC/RipeMd160 |
HMAC/WHIRLPOOL
(HMAC with WHIRLPOOL) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using WHIRLPOOL as message digest algorithm | HmacWHIRLPOOL, HmacWhirlpool |
HMAC/GOST3411
(HMAC with GOST3411) |
Keyed-Hashing for Message Authentication as described in RFC 2104 using GOST3411 as message digest algorithm | HmacGOST, 1.2.643.2.2.10 |
CmacAES (CMAC with AES) |
Message Authentication as described in NISP SP 800-38B. using AES as block cipher algorithm | . It supports 128, 192 and 256 bit keys.CMAC/AES |
CmacDESede (CMAC with
Triple DES) |
Message Authentication as described in NISP SP 800-38B. using Triple DES (TDEA) as block cipher algorithm | . It supports two-key Triple DES (112 bit) and three-key Triple DES (168 bit).CMAC/DESede |
CBCMAC/AES |
CBC Message Authentication as described in ISO/IEC 9797-1. algorithm | . It supports 128, 192 and 256 bit keys.CBCmacAES |
CBCMAC/DESede |
CBC Message Authentication as described in ISO/IEC 9797-1. algorithm | .CBCmacDESede |
CBCMAC/DES |
CBC Message Authentication as described in ISO/IEC 9797-1. algorithm | .CBCmacDES |
Poly1305 |
Message authentication algorithm, specified by RFC 8439 | - |
Key Pair Generators
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
DH (Diffie
Hellman key pair generator) |
Key pair generation method for Diffie Hellman key exchange as described in PKCS#3 | DiffieHellman, Diffie-Hellman, 1.2.840.113549.1.3.1 |
ElGamal (ElGamal pair generator) |
Key pair generation method for ElGamal public key encryption scheme over prime fields | 1.3.14.7.2.1.1 |
ESDH (ESDH
Key Pair Generator) |
Key pair generator for Ephemeral Static Diffie Hellman key exchange as described in RFC 2631 | ESDiffieHellman |
RSA (RSA key
pair generator) |
Key pair generation method for the RSA encryption scheme as described in PKCS#1. The RSA modulus is generated according to IEEE P1363. | - |
RSA-FIPS-186-3 (RSA key pair generator) |
Key pair generation method for the RSA encryption scheme as described in PKCS#1. The RSA modulus is generated according to FIPS 186-3 | RSA-FIPS |
RSAES-OAEP (RSA-OAEP key pair generator) |
Key pair generator for generating RSAES-OAEP keys according to RFC 4055 to be used for the RSAES-OAEP encryption method as specified by PKCS#1v2.1 | RSA-OAEP, OAEP, 1.2.840.113549.1.1.7 |
RSAES-OAEP-FIPS-186-3 (RSA-OAEP key pair generator) |
Key pair generator for generating RSAES-OAEP keys according to RFC 4055 to be used for the RSAES-OAEP encryption method as specified by PKCS#1v2.1. The RSA modulus is generated according to FIPS 186-3 | RSA-OAEP-FIPS-186-3, RSA-OAEP-FIPS, OAEP-FIPS, OAEP-FIPS-186-3 |
Key Factories
KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
DH (Diffie Hellman
key factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3 | DiffieHellman, Diffie-Hellman, 1.2.840.113549.1.3.1 |
ElGamal (ElGamal
key factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for ElGamal encryption scheme over prime fields> | 1.3.14.7.2.1.1 |
ESDH (Ephemeral
Static Diffie Hellman key factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for Ephemeral Static Diffie Hellman key exchange which is described in RFC 2631 | ESDiffieHellman, 1.2.840.10046.2.1 |
RSA (RSA key
factory) |
Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1 | - |
RSAES-OAEP
(RSA-OAEP key factory) |
Key factory for converting RSAES-OAEP ( RFC 4055) keys into key specifications (and vice versa) to be used for the RSAES-OAEP encryption method as specified by PKCS#1v2.1 | RSA-OAEP, OAEP, 1.2.840.113549.1.1.7 |
Key Generators
keyGen = KeyGenerator.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
AES (AES key
generator) |
Key generation method for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES128, AES-128, AES_128, 2.16.840.1.101.3.4.1.2 |
AES192
(AES-192 key generator) |
Key generation method for creating 192bit keys for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES192, AES-192, AES_192, 2.16.840.1.101.3.4.1.22 |
AES256
(AES-256 key generator) |
Key generation method for creating 256bit keys for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES256, AES-256, AES_256, 2.16.840.1.101.3.4.1.42 |
Blowfish
(Blowfish key generator) |
Key generation method for the Blowfish 64-bit block cipher; developed by Bruce Schneier | - |
Camellia
(Camellia key generator) |
Key generation method for the Camellia block cipher. | Camellia128, Camellia-128, Camellia_128, 1.2.392.200011.61.1.1.1.2 |
Camellia192 (Camellia-192 key generator) |
Key generation method for creating 192bit keys for the Camellia block cipher. | Camellia192, Camellia-192, Camellia_192, 1.2.392.200011.61.1.1.1.3 |
Camellia256 (Camellia-256 key generator) |
Key generation method for creating 256bit keys for the Camellia block cipher. | Camellia256, Camellia-256, Camellia_256, 1.2.392.200011.61.1.1.1.4 |
ChaCha20 |
Key generation method for the ChaCha20 stream cipher as specified by RFC 7539 | .ChaCha20Poly1305, ChaCha20-Poly1305, 1.2.840.113549.1.9.16.3.18 |
CAST128
(CAST128 key generator) |
Key generation method for the CAST128 64 bit Feistel type block cipher | CAST, CAST5 |
DES (DES key
generator) |
Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 | - |
DESede
(Triple DES key generator) |
Key generation method for the TripleDES cipher | 3DES |
GOST (GOST
key generator) |
Key generation method for the GOST 64-bit block cipher. | - |
IDEA (IDEA
key generator) |
Key generation method for the IDEA cipher which is patented by MediaCrypt | - |
MARS (MARS
key generator) |
Key generation method for the MARS AES candidate block cipher. | - |
RC2 (RC2 key
generator) |
Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc. | - |
ARCFOUR
(ARCFOUR key generator) |
Key generation method for the ARCFOUR stream cipher. | RC4 |
RC5 (RC5 key
generator) |
Key generation method for the RC5 block cipher. | - |
RC6 (RC6 key
generator) |
Key generation method for the RC6 AES candidate block cipher. | - |
Rijndael
(Rijndael key generator) |
Key generation method for the Rijndael AES block cipher. | - |
Rijndael-256 (Rijndael key generator) |
Key generation method for the Rijndael block cipher with block size of 256 bits. | - |
Serpent
(Serpent key generator) |
Key generation method for the Serpent AES candidate block cipher. | - |
Twofish
(Twofish key generator) |
Key generation method for the Twofish AES candidate block cipher. | - |
PBKDF2 (password based key
derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA1 as PRF by default | 1.2.840.113549.1.5.12 |
PBKDF2WithHmacSHA1
(password based key derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA1 as PRF | |
PBKDF2WithHmacSHA224
(password based key derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA224 as PRF | |
PBKDF2WithHmacSHA256
(password based key derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA256 as PRF | |
PBKDF2WithHmacSHA384
(password based key derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA384 as PRF | |
PBKDF2WithHmacSHA512
(password based key derivation function 2) |
Key generation method for deriving secret keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.1 Password-Based Cryptography Standard) using hMAC-SHA512 as PRF | |
PKCS#12
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA-1 as hash function. | PKCS#12-SHA1, PKCS#12-SHA-1 |
PKCS#12-SHA224
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA-224 as hash function. | PKCS#12-SHA-224 |
PKCS#12-SHA256
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA-256 as hash function. | PKCS#12-SHA-256 |
PKCS#12-SHA384
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA-384 as hash function. | PKCS#12-SHA-384 |
PKCS#12-SHA512
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA-512 as hash function. | PKCS#12-SHA-512 |
PKCS#12-SHA512/224
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA512/224 as hash function. | PKCS#12-SHA-512/224 |
PKCS#12-SHA512/256
(PKCS#12 key generator) |
Key generation method for deriving PKCS#12 secret keys from password, salt and iteration count, using SHA512/256 as hash function. | PKCS#12-SHA-512/256 |
PKCS12-IV (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-1 as hash function. | PKCS12-IV-SHA1, PKCS12-IV-SHA-1 |
PKCS12-IV-SHA224 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-224 as hash function. | PKCS12-IV-SHA-224 |
PKCS12-IV-SHA256 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-256 as hash function. | PKCS12-IV-SHA-256/td> |
PKCS12-IV-SHA384 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-384 as hash function. | PKCS12-IV-SHA-384/td> |
PKCS12-IV-SHA512 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-512 as hash function. | PKCS12-IV-SHA-512/td> |
PKCS12-IV-SHA512/224 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-512/224 as hash function. | PKCS12-IV-SHA-512/224/td> |
PKCS12-IV-SHA512/256 (PKCS#12 Iv
generator) |
Key generation method for deriving PKCS#12 initialization vectors from password, salt and iteration count, using SHA-512/256 as hash function. | PKCS12-IV-SHA-512/256/td> |
PKCS12-MAC
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-1 as hash function. | PKCS12-MAC-SHA1, PKCS12-MAC-SHA-1 |
PKCS12-MAC-SHA224
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-224 as hash function. | PKCS12-MAC-SHA-224 |
PKCS12-MAC-SHA256
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-256 as hash function. | PKCS12-MAC-SHA-256 |
PKCS12-MAC-SHA384
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-384 as hash function. | PKCS12-MAC-SHA-384 |
PKCS12-MAC-SHA512
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-512 as hash function. | PKCS12-MAC-SHA-512 |
PKCS12-MAC-SHA512/224
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-512/224 as hash function. | PKCS12-MAC-SHA-512/224 |
PKCS12-MAC-SHA512/256
(PKCS#12 MAC-Key generator) |
Key generation method for deriving PKCS#12 MAC-keys from password, salt and an iteration count, using SHA-512/256 as hash function. | PKCS12-MAC-SHA-512/256 |
HMAC/MD5
(HMAC with MD5) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm | HmacMD5, 1.3.6.1.5.5.8.1.1 |
HMAC/SHA1
(HMAC with SHA) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm | HmacSHA1, HMAC/SHA-1, HMAC/SHA, 1.3.6.1.5.5.8.1.2, 1.2.840.113549.2.7 |
HMAC/SHA224 (HMAC with SHA224) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-224 as message digest algorithm | HmacSHA224, HMAC/SHA-224, 1.2.840.113549.2.8 |
HMAC/SHA256 (HMAC with SHA256) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-256 as message digest algorithm | HmacSHA256, HMAC/SHA-256, 1.2.840.113549.2.9 |
HMAC/SHA384 (HMAC with SHA384) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-384 as message digest algorithm | HmacSHA384, HMAC/SHA-384, 1.2.840.113549.2.10 |
HMAC/SHA512 (HMAC with SHA512) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512 as message digest algorithm | HmacSHA512, HMAC/SHA-512, 1.2.840.113549.2.11 |
HMAC/SHA512-224 (HMAC
with SHA-512/224) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512/224 as message digest algorithm | HmacSHA512/224, HMAC/SHA-512-224 |
HMAC/SHA512-256 (HMAC
with SHA-512/256) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-512/256 as message digest algorithm | HmacSHA512/256, HMAC/SHA-512-256 |
HMAC/SHA3-224 (HMAC
with SHA3-224) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-224 as message digest algorithm | HmacSHA3-224, HMAC/SHA3-224, 2.16.840.1.101.3.4.2.13 |
HMAC/SHA3-256 (HMAC
with SHA3-256) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-256 as message digest algorithm | HmacSHA3-256, HMAC/SHA3-256, 2.16.840.1.101.3.4.2.14 |
HMAC/SHA3-384 (HMAC
with SHA3-384) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-384 as message digest algorithm | HmacSHA3-384, HMAC/SHA3-384, 2.16.840.1.101.3.4.2.15 |
HMAC/SHA3-512 (HMAC
with SHA3-512) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA3-512 as message digest algorithm | HmacSHA3-512, HMAC/SHA3-512, 2.16.840.1.101.3.4.2.16 |
HMAC/RIPEMD128 (HMAC with RipeMd128) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd128 as message digest algorithm | HmacRipeMd128, HMAC/RIPEMD-128, HMAC/RipeMd128 |
HMAC/RIPEMD160 (HMAC with RipeMd160) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using RipeMd160 as message digest algorithm | HmacRipeMd160, HMAC/RIPEMD-160, 1.3.6.1.5.5.8.1.4, HMAC/RipeMd160 |
HMAC/WHIRLPOOL (HMAC with WHIRLPOOL) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using WHIRLPOOL as message digest algorithm | HmacWHIRLPOOL, HmacWhirlpool |
HMAC/GOST3411 (HMAC with GOST3411) |
Key generator for the Keyed-Hashing for Message Authentication as described in RFC 2104 using GOST3411 as message digest algorithm | HmacGOST, 1.2.643.2.2.10 |
AESWrapAES
(AES Key Wrap) |
Key generator for generating AES 128 bit key encryption keys for wrapping content encryption keys with 128 bit AES key encryption keys as specified by RFC 3394, or wrapping keys of arbitrary size as specified by RFC 5649 | AESWRAP, AES128WRAP, AES128WrapAES128, AESWrap_128, 2.16.840.1.101.3.4.1.5, AESWrapWithPadding, AES128WrapWithPadding, AESRFC5649Wrap, AES128RFC5649Wrap, AESRFC5649Wrap_128, 2.16.840.1.101.3.4.1.8 |
AES192WrapAES192 (AES Key Wrap) |
Key generator for generating AES 192 bit key encryption keys for wrapping content encryption keys with 192 bit AES key encryption keys as specified by RFC 3394, or wrapping keys of arbitrary size as specified by RFC 5649 | AES192WRAP, AES192WrapAES192, AESWrap_192, 2.16.840.1.101.3.4.1.25, AES192WRAPWithPadding, AES192RFC5649Wrap, AESRFC5649Wrap_192, 2.16.840.1.101.3.4.1.28 |
AES256WrapAES256 (AES Key Wrap) |
Key generator for generating AES 256 bit key encryption keys for wrapping content encryption keys with 256 bit AES key encryption keys as specified by RFC 3394, or wrapping keys of arbitrary size as specified by RFC 5649 | AES256WRAP, AES256WrapAES256, AESWrap_256, 2.16.840.1.101.3.4.1.45, AES256WRAPWithPadding, AES256RFC5649Wrap, AESRFC5649Wrap_256, 2.16.840.1.101.3.4.1.48 |
CamelliaWrapCamellia (Camellia Key Wrap) |
Key generator for generating Camellia 128 bit key encryption keys for wrapping content encryption keys with 128 bit Camellia key encryption keys as specified by RFC 3657 | CamelliaWRAP, Camellia128WRAP, Camellia128WrapCamellia128, CamelliaWrap_128, 1.2.392.200011.61.1.1.3.2 |
Camellia192WrapCamellia192 (Camellia Key Wrap) |
Key generator for generating Camellia 192 bit key encryption keys for wrapping content encryption keys with 192 bit Camellia key encryption keys as specified by RFC 3657 | Camellia192WRAP, Camellia192WrapCamellia192, CamelliaWrap_192, 1.2.392.200011.61.1.1.3.2 |
Camellia256WrapCamellia256 (Camellia Key Wrap) |
Key generator for generating Camellia 256 bit key encryption keys for wrapping content encryption keys with 256 bit Camellia key encryption keys as specified by RFC 3657 | Camellia256WRAP, Camellia256WrapCamellia256, CamelliaWrap_256, 1.2.392.200011.61.1.1.3.2 |
CAST128WrapCAST128 (CAST128 Key Wrap) |
Key generator for generating CAST128 key encryption keys as used by CMS for wrapping CAST128 content encryption keys with CAST128 key encryption keys | CAST5WrapCAST5, CASTWrapCAST, CASTWRAP, CAST128WRAP, CAST5WRAP, CAST128Wrap, CAST5Wrap, 1.2.840.113533.7.66.15 |
DESedeWrapDESede (Triple-DES Key Wrap) |
Key generator for generating 3DES key encryption keys as used by CMS for wrapping TripleDES content encryption keys with TripleDES key encryption keys | 3DESWrap3DES, TripleDESWrapTripleDES, DESEDEWRAP, 1.2.840.113549.1.9.16.3.6 |
IDEAWrapIDEA
(IDEA Key Wrap) |
Key generator for generating IDEA key encryption keys used by CMS for wrapping IDEA content encryption keys with IDEA key encryption keys | IdeaWrapIdea, IDEAWRAP, IDEAWrap, 1.3.6.1.4.1.188.7.1.1.6 |
RC2WrapRC2
(RC2 Key Wrap) |
Key generator for generating RC2 key encryption keys as used by CMS for wrapping RC2 content encryption keys with RC2 key encryption keys | RC2WRAP, RC2Wrap, 1.2.840.113549.1.9.16.3.7 |
3DESwrapHMAC (3DES based HMAC Key Wrap) |
Key generator for generating 3DES key encryption keys as used by CMS for wrapping a HMAC key with a 3DES key encryption keys | HMACwith3DESwrap, HMACwithTripleDESwrap, HMACwithDESedewrap, 1.2.840.113549.1.9.16.3.11 |
AESwrapHMAC
(AES based HMAC Key Wrap) |
Key generator for generating AES key encryption keys as used by CMS for wrapping a HMAC key with an AES key encryption key according to RFC 3537 | HMACwithAESwrap, 1.2.840.113549.1.9.16.3.12 |
AESCBCCMac128
(AES-CBC-CMAC-128) |
Key generator for generating (128*2)bit keys for the AES-CBC-CMAC-128 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac128, AESCMac-128, AESCMac_128, AESCBCCMac-128, AESCBCCMac_128, AES-CMAC-128, AES-CBC-CMAC-128, 0.4.0.127.0.7.1.3.1.1.2 |
AESCBCCMac192
(AES-CBC-CMAC-192) |
Key generator for generating (192*2)bit keys for the AES-CBC-CMAC-192 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac192, AESCMac-192, AESCMac_192, AESCBCCMac-192, AESCBCCMac_192, AES-CMAC-192, AES-CBC-CMAC-192, 0.4.0.127.0.7.1.3.1.1.3 |
AESCBCCMac256
(AES-CBC-CMAC-256) |
Key generator for generating (256*2)bit keys for the AES-CBC-CMAC-256 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac256, AESCMac-256, AESCMac_256, AESCBCCMac-256, AESCBCCMac_256, AES-CMAC-256, AES-CBC-CMAC-256, 0.4.0.127.0.7.1.3.1.1.4 |
Poly1305 |
Key generation method for the Poly1305 autheticator as specified by RFC 8439 | .- |
KDF1
Key Derivation Function KDF1 |
Key Derivation Function (KDF) 1 as specified by ISO/IEC 18033-2 for deriving keying material of desired length from a shared secret and additional, optional information. | 1.0.18033.2.5.1 |
KDF2
Key Derivation Function KDF2 |
Key Derivation Function (KDF) 2 as specified by ANS X9.44 for deriving keying material of desired length from a shared secret and additional, optional information. | 1.3.133.16.840.9.44.1.1 |
KDF3
Key Derivation Function KDF3 |
Key Derivation Function (KDF) 3 as specified by ANS X9.44 for deriving keying material of desired length from a shared secret and additional, optional information. | 1.3.133.16.840.9.44.1.2 |
HKDFwithSHA1
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using SHA-1 as hash function |
Key generation method for deriving cryptographically strong secret keys from some initial keying material; specified by RFC 5869 | HKDFwithSHA-1, HKDF/SHA1, HKDF/SHA-1 |
HKDFwithSHA224
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using SHA-224 as hash function |
Key generation method for deriving cryptographically strong secret keys from some initial keying material; specified by RFC 5869 | HKDFwithSHA-224, HKDF/SHA224, HKDF/SHA-224 |
HKDFwithSHA256
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using SHA-256 as hash function |
Key generation method for deriving cryptographically strong secret keys from some initial keying material; specified by RFC 5869 | HKDFwithSHA-256, HKDF/SHA256, HKDF/SHA-256, 1.2.840.113549.1.9.16.3.28 |
HKDFwithSHA384
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using SHA-384 as hash function |
Key generation method for deriving cryptographically strong secret keys from some initial keying material; specified by RFC 5869 | HKDFwithSHA-384, HKDF/SHA384, HKDF/SHA-384, 1.2.840.113549.1.9.16.3.29 |
HKDFwithSHA512
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using SHA-512 as hash function |
Key generation method for deriving cryptographically strong secret keys from some initial keying material; specified by RFC 5869 | HKDFwithSHA-512, HKDF/SHA512, HKDF/SHA-512, 1.2.840.113549.1.9.16.3.30 |
Secret Key Factories
SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
AES (AES
Key Factory) |
Key Factory for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES128, AES-128, AES_128, 2.16.840.1.101.3.4.1.2 |
AES192
(AES-192 Key Factory) |
Key Factory for creating 192bit keys for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES192, AES-192, AES_192, 2.16.840.1.101.3.4.1.22 |
AES256
(AES-256 Key Factory) |
Key Factory for creating 256bit keys for the Advanced Encryption Standard (AES, Rijndael) block cipher. | AES256, AES-256, AES_256, 2.16.840.1.101.3.4.1.42 |
Blowfish
(Blowfish Key Factory) |
Secret Key Factory for the Blowfish block cipher | - |
Camellia
(Camellia Key Factory) |
Secret Key Factory for the Camellia block cipher with block size of 128 bits. | Camellia128, Camellia-128, Camellia_128, 1.2.392.200011.61.1.1.1.2 |
Camellia192
(Camellia-192 Key Factory) |
Key Factory for creating 192bit keys for the Camellia block cipher. | Camellia192, Camellia-192, Camellia_192, 1.2.392.200011.61.1.1.1.3 |
Camellia256
(Camellia-256 Key Factory) |
Key Factory for creating 256bit keys for the Camellia block cipher. | Camellia256, Camellia-256, Camellia_256, 1.2.392.200011.61.1.1.1.4 |
CAST128
(CAST128 Key Factory) |
Secret Key Factory for the CAST128 block cipher | CAST5, CAST |
ChaCha20 |
Secret Key Factory for the ChaCha20 stream cipher as specified by RFC 7539 | .ChaCha20Poly1305, ChaCha20-Poly1305, 1.2.840.113549.1.9.16.3.18 |
DES (DES
Key Factory) |
Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 | - |
DESede
(DESede Key Factory) |
Secret Key Factory for the DESede (3DES) algorithm | 3DES |
GOST (GOST
Key Factory) |
Secret Key Factory for the GOST block cipher | - |
IDEA (IDEA
Key Factory) |
Secret Key Factory for the IDEA block cipher | - |
MARS (MARS
Key Factory) |
Secret Key Factory for the MARS AES candidate block cipher | - |
RC2 (RC2
Key Factory) |
Secret Key Factory for the RC2 block cipher | - |
ARCFOUR
(ARCFOUR Key Factory) |
Secret Key Factory for the ARCFOUR stream cipher | - |
RC5 (RC5
Key Factory) |
Secret Key Factory for the RC5 block cipher | - |
RC6 (RC6
Key Factory) |
Secret Key Factory for the RC6 AES candidate block cipher | - |
Serpent
(Serpent Key Factory) |
Secret Key Factory for the Serpent AES candidate block cipher | - |
Rijndael
(Rijndael Key Factory) |
Key Factory for the Rijndael AES block cipher. | - |
Rijndael-256 (Rijndael Key Factory) |
Secret Key Factory for the Rijndael block cipher with block size of 256 bits. | |
Twofish
(Twofish Key Factory) |
Secret Key Factory for the Twofish AES candidate block cipher | - |
AESCBCCMac128
(AES-CBC-CMAC-128) |
Secret Key Factory for the AES-CBC-CMAC-128 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac128, AESCMac-128, AESCMac_128, AESCBCCMac-128, AESCBCCMac_128, AES-CMAC-128, AES-CBC-CMAC-128, 0.4.0.127.0.7.1.3.1.1.2 |
AESCBCCMac192
(AES-CBC-CMAC-192) |
Secret Key Factory for the AES-CBC-CMAC-192 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac192, AESCMac-192, AESCMac_192, AESCBCCMac-192, AESCBCCMac_192, AES-CMAC-192, AES-CBC-CMAC-192, 0.4.0.127.0.7.1.3.1.1.3 |
AESCBCCMac256
(AES-CBC-CMAC-256) |
Secret Key Factory for the AES-CBC-CMAC-256 authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | AESCMac, AESCBCCMac, AESCMac256, AESCMac-256, AESCMac_256, AESCBCCMac-256, AESCBCCMac_256, AES-CMAC-256, AES-CBC-CMAC-256, 0.4.0.127.0.7.1.3.1.1.4 |
Poly1305 |
Secret Key Factory for the Poly1305 authenticator as specified by RFC 8439 | .- |
PBE (Password Based
Encryption Key Factory) |
Password Based Encryption according to PKCS#5 | PKCS#5, PKCS5, PbeWithMD5AndDES_CBC, PBEWithMD5AndDES, PbeWithMD5AndDES_CBC, 1.2.840.113549.1.5.3, PBES2, 1.2.840.113549.1.5.13, PBES2WithHmacSHA1AndAES, PBES2WithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES, PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES_128, PBES2WithHmacSHA1AndAES256, PBES2WithHmacSHA1AndAES_256, PBEWithHmacSHA1AndAES256, PBEWithHmacSHA1AndAES_256, PBES2WithHmacSHA224AndAES, PBES2WithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES, PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES_128, PBES2WithHmacSHA224AndAES256, PBES2WithHmacSHA224AndAES_256, PBEWithHmacSHA224AndAES256, PBEWithHmacSHA224AndAES_256, PBES2WithHmacSHA256AndAES, PBES2WithHmacSHA256AndAES128, PBES2WithHmacSHA256AndAES_128, PBEWithHmacSHA256AndAES, PBEWithHmacSHA256AndAES128, PBEWithHmacSHA256AndAES_128, PBES2WithHmacSHA256AndAES256, PBES2WithHmacSHA256AndAES_256, PBEWithHmacSHA256AndAES256, PBEWithHmacSHA256AndAES_256, PBES2WithHmacSHA384AndAES, PBES2WithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES, PBEWithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES_128, PBES2WithHmacSHA384AndAES192, PBES2WithHmacSHA384AndAES_192, PBEWithHmacSHA384AndAES192, PBEWithHmacSHA384AndAES_192, PBES2WithHmacSHA384AndAES256, PBES2WithHmacSHA384AndAES_256, PBEWithHmacSHA384AndAES256, PBEWithHmacSHA384AndAES_256, PBES2WithHmacSHA512AndAES, PBES2WithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES, PBEWithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES_128, PBES2WithHmacSHA512AndAES256, PBES2WithHmacSHA512AndAES_256, PBEWithHmacSHA512AndAES256, PBEWithHmacSHA512AndAES_256, PBES2WithHmacSHA1AndDESede, PBEWithHmacSHA1AndDESede, PBES2WithHmacSHA1AndTripleDES, PBEWithHmacSHA1AndTripleDES |
PKCS#12 (Password
Based Encryption Key Factory) |
Password Based Encryption according to PKCS#12 | PKCS12, PbeWithSHAAnd3_KeyTripleDES_CBC, PBEWithSHA1And3_KeyTripleDES_CBC, PBEWithSHA1AndDESede, 1.2.840.113549.1.12.1.3, PbeWithSHAAnd40BitRC2_CBC, PBEWithSHA1AndRC2_40, 1.2.840.113549.1.12.1.6, |
Algorithm Parameter Generators
AlgorithmParameterGenerator paramGen =
AlgorithmParameterGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
|
||
| Standard Name | Specification | Aliases |
DH (Diffie
Hellman parameter generator) |
Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange according to RFC 2631. | DiffieHellman, Diffie-Hellman, 1.2.840.113549.1.3.1 | ElGamal (ElGamal
parameter generator) |
Generator for creating parameters (prime modulus, base generator,...) to be used for the ElGamal encryption scheme over prime fields/td> | 1.3.14.7.2.1.1 |
ESDH
(Ephemeral Static Diffie Hellman parameter generator) |
Generator for creating parameters for the Ephemeral Static Diffie Hellman key exchange according to RFC 2631. | ESDiffieHellman |
PBE (PBE
parameter generator) |
Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS#5 / PKCS#12 | - |
Algorithm Parameters
AlgorithmParameters params =
AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");
|
||
| Standard Name | Specification | Aliases |
RSAES-OAEP (RSA
OAEP parameters) |
Algorithm parameters for the RSA PKCS#1v2.1 OAEP encryption scheme | RSA-OAEP, RSAOaep, OAEP, 1.2.840.113549.1.1.7, RSA/ECB/OAEP |
DH (Diffie Hellman
parameters) |
Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3 | DiffieHellman, Diffie-Hellman, 1.2.840.113549.1.3.1 |
ElGamal (ElGamal
parameters) |
Algorithm parameters (prime modulus, base generator, length of the private value) representation for ElGamal encryption scheme over prime fields | 1.3.14.7.2.1.1 |
ESDH (Ephemeral
Static Diffie Hellman parameters) |
Algorithm parameters for Ephmeral Static Diffie Hellman key exchange according to RFC 2631 | ESDiffieHellman |
ESDHKEK
(Ephemeral Static Diffie Hellman key encryption key (KEK) parameters) |
Algorithm parameters (OtherInfo) representation for generation of shared key material based on the Ephmeral Static Diffie Hellman key exchange according to RFC 2631 | DiffieHellman |
AES (AES
parameters) |
Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) | Rijndael, AES128, AES-128, AES_128, AES192, AES-192, AES_192, AES256, AES-256, AES_256, 2.16.840.1.101.3.4.1.2, 2.16.840.1.101.3.4.1.22, 2.16.840.1.101.3.4.1.42, AES/CBC/PKCS5Padding, AES128/CBC/PKCS5Padding, AES-128/CBC/PKCS5Padding, AES_128/CBC/PKCS5Padding, AES192/CBC/PKCS5Padding, AES-192/CBC/PKCS5Padding, AES_192/CBC/PKCS5Padding, AES256/CBC/PKCS5Padding, AES-256/CBC/PKCS5Padding, AES_256/CBC/PKCS5Padding |
Blowfish
(Blowfish parameters) |
Algorithm parameters (initialization vector) representation for the Blowfish cipher | - |
Camellia
(Camellia parameters) |
Algorithm parameters (initialization vector) representation for the Camellia block cipher with block size of 128 bits. | Camellia128, Camellia-128, Camellia_256, Camellia192, Camellia-192, Camellia_192, Camellia256, Camellia-256, Camellia_256, 1.2.392.200011.61.1.1.1.2, 1.2.392.200011.61.1.1.1.3, 1.2.392.200011.61.1.1.1.4, Camellia/CBC/PKCS5Padding, Camellia128/CBC/PKCS5Padding, Camellia-128/CBC/PKCS5Padding, Camellia_128/CBC/PKCS5Padding, Camellia192/CBC/PKCS5Padding, Camellia-192/CBC/PKCS5Padding, Camellia_192/CBC/PKCS5Padding, Camellia256/CBC/PKCS5Padding, Camellia-256/CBC/PKCS5Padding, Camellia_256/CBC/PKCS5Padding |
CAST128
(CAST128 parameters) |
Algorithm parameters (initialization vector) representation for the CAST128 cipher | CAST5, CAST, CAST5/CBC/PKCS5Padding, CAST128/CBC/PKCS5Padding, CAST/CBC/PKCS5Padding |
DES (DES
parameters) |
Algorithm parameters (initialization vector) representation for the DES cipher | DES/CBC/PKCS5Padding |
DESede (DESede
parameters) |
Algorithm parameters (initialization vector) representation for the DESede cipher | 3DES, 3DES/CBC/PKCS5Padding, DESede/CBC/PKCS5Padding, TripleDES/CBC/PKCS5Padding |
GOST (GOST
parameters) |
Algorithm parameters (initialization vector) representation for the GOST cipher | - |
IDEA (IDEA
parameters) |
Algorithm parameters (initialization vector) representation for the IDEA cipher | IDEA/CBC/PKCS5Padding |
IV (IV
parameters) |
Initialization vector | - |
MARS (MARS
parameters) |
Algorithm parameters (initialization vector) representation for the MARS cipher | - |
RC2 (RC2
parameters) |
Algorithm parameters representation for the RC2 cipher | RC2/CBC/PKCS5Padding |
RC5 (RC5
parameters) |
Algorithm parameters (initialization vector) representation for the RC5 cipher | RC5/CBC/PKCS5Padding |
RC6 (RC6
parameters) |
Algorithm parameters (initialization vector) representation for the RC6 cipher | - |
Rijndael
(Rijndael parameters) |
Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) | AES, AES128, AES-128, AES192, AES-192, AES_192, AES256, AES-256, AES_256, 2.16.840.1.101.3.4.1.2, 2.16.840.1.101.3.4.1.22, 2.16.840.1.101.3.4.1.42, AES/CBC/PKCS5Padding, AES128/CBC/PKCS5Padding, AES-128/CBC/PKCS5Padding, AES_128/CBC/PKCS5Padding, AES192/CBC/PKCS5Padding, AES-192/CBC/PKCS5Padding, AES_192/CBC/PKCS5Padding, AES256/CBC/PKCS5Padding, AES-256/CBC/PKCS5Padding, AES_256/CBC/PKCS5Padding |
Rijndael-256
(Rijndael parameters) |
Algorithm parameters (initialization vector) representation for the Rijndael block cipher with block size of 256 bits. | |
Serpent (Serpent
parameters) |
Algorithm parameters (initialization vector) representation for the Serpent cipher | - |
Twofish (Twofish
parameters) |
Algorithm parameters (initialization vector) representation for the Twofish cipher | - |
PBKDF2 (PBKDF2
parameters) |
Algorithm parameters (salt, iteration count, PRF, derived key length) representation for the PBDF2 key derivation function specified in PKCS#5v2.1 | 1.2.840.113549.1.5.12 |
PBE (PBE
parameters) |
Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS#5 / PKCS#12 | PbeWithMD5AndDES_CBC, PBEWithMD5AndDES, 1.2.840.113549.1.5.3, PbeWithSHAAnd3_KeyTripleDES_CBC, PBEWithSHA1And3_KeyTripleDES_CBC, PBEWithSHA1AndDESede, 1.2.840.113549.1.12.1.3, PbeWithSHAAnd40BitRC2_CBC, PBEWithSHA1AndRC2_40, 1.2.840.113549.1.12.1.6 |
PBES2 (PBES2
parameters) |
Algorithm parameters (KDF (with salt, iteration count, PRF, derived key length) and encryption scheme) representation for password based encryption according to PKCS#5v2.1 PBES2 scheme | 1.2.840.113549.1.5.13, PBES2WithHmacSHA1AndAES, PBES2WithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES, PBEWithHmacSHA1AndAES128, PBEWithHmacSHA1AndAES_128, PBES2WithHmacSHA1AndAES256, PBES2WithHmacSHA1AndAES_256, PBEWithHmacSHA1AndAES256, PBEWithHmacSHA1AndAES_256, PBES2WithHmacSHA224AndAES, PBES2WithHmacSHA224AndAES128, PBES2WithHmacSHA224AndAES_128, PBEWithHmacSHA224AndAES, PBEWithHmacSHA224AndAES128, PBEWithHmacSHA224AndAES_128, PBES2WithHmacSHA224AndAES256, PBES2WithHmacSHA224AndAES_256, PBEWithHmacSHA224AndAES256, PBEWithHmacSHA224AndAES_256, PBES2WithHmacSHA256AndAES, PBES2WithHmacSHA256AndAES128, PBES2WithHmacSHA256AndAES_128, PBEWithHmacSHA256AndAES, PBEWithHmacSHA256AndAES128, PBEWithHmacSHA256AndAES_128, PBES2WithHmacSHA256AndAES256, PBES2WithHmacSHA256AndAES_256, PBEWithHmacSHA256AndAES256, PBEWithHmacSHA256AndAES_256, PBES2WithHmacSHA384AndAES, PBES2WithHmacSHA384AndAES128, PBES2WithHmacSHA384AndAES_128, PBEWithHmacSHA384AndAES, PBEWithHmacSHA384AndAES128, PBEWithHmacSHA384AndAES_128, PBES2WithHmacSHA384AndAES192, PBES2WithHmacSHA384AndAES_192, PBEWithHmacSHA384AndAES192, PBEWithHmacSHA384AndAES_192, PBES2WithHmacSHA512AndAES256, PBES2WithHmacSHA384AndAES256, PBES2WithHmacSHA384AndAES_256, PBEWithHmacSHA384AndAES256, PBEWithHmacSHA384AndAES_256, PBES2WithHmacSHA512AndAES, PBES2WithHmacSHA512AndAES128, PBES2WithHmacSHA512AndAES_128, PBEWithHmacSHA512AndAES, PBEWithHmacSHA512AndAES128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA512AndAES256, PBES2WithHmacSHA512AndAES_256, PBEWithHmacSHA512AndAES_256, PBES2WithHmacSHA1AndDESede, PBEWithHmacSHA1AndDESede, PBES2WithHmacSHA1AndTripleDES, PBEWithHmacSHA1AndTripleDES |
CAST128Wrap (CAST128 key wrap parameters) |
Algorithm parameters (key length) representation for the CAST128 Key Wrap algorithm as used by CMS. | CAST128KeyWrap, CAST128WrapCAST128, CAST128Wrap, CASTWrap, CASTKeyWrap, CASTWrapCAST, CAST5Wrap, CAST5KeyWrap, CAST5WrapCAST5 |
RC2Wrap
(RC2 key wrap parameters) |
Algorithm parameters (RC2ParameterVersion) representation for the RC2 Key Wrap algorithm as used by CMS. | RC2KeyWrap, RC2WrapRC2, RC2WRAP, RC2Wrap |
CCM (Counter
with CBC-MAC mode parameters) |
Algorithm parameters (associated data, nonce and macLength) for the CCM block cipher mode as specified in RFC 3610, NIST Special Publication 800-38C and RFC 5084. | CCM, AES/CCM/NoPadding, AES128/CCM/NoPadding, AES192/CCM/NoPadding, AES256/CCM/NoPadding, AES-128/CCM/NoPadding, AES_128/CCM/NoPadding, AES-192/CCM/NoPadding, AES_192/CCM/NoPadding, AES-256/CCM/NoPadding, AES_256/CCM/NoPadding |
CCMCMS
(Counter with CBC-MAC mode parameters) |
Algorithm parameters (associated data, nonce and mac value) for the CCM block cipher mode as specified in RFC 3610, NIST Special Publication 800-38C and RFC 5084 when used with CMS "http://www.ietf.org/rfc/rfc3610.txt?number=5084" target="_blank">RFC 5084. | CCMCMS, AES/CCMCMS/NoPadding, AES128/CCMCMS/NoPadding, AES192/CCMCMS/NoPadding, AES256/CCMCMS/NoPadding, AES-128/CCMCMS/NoPadding, AES_128/CCMCMS/NoPadding, AES-192/CCMCMS/NoPadding, AES_192/CCMCMS/NoPadding, AES-256/CCMCMS/NoPadding, AES_256/CCMCMS/NoPadding |
GCM
(Galois/Counter mode parameters) |
Algorithm parameters (associated data, nonce, macLength and macBlock) for the GCM block cipher mode as specified in NIST Special Publication 800-38D and RFC 5084. | GCM, AES/GCM/NoPadding, AES128/GCM/NoPadding, AES192/GCM/NoPadding, AES256/GCM/NoPadding, AES-128/GCM/NoPadding, AES_128/GCM/NoPadding, AES-192/GCM/NoPadding, AES_192/GCM/NoPadding, AES-256/GCM/NoPadding, AES_256/GCM/NoPadding |
CBCCMac (CBC-CMAC
parameters) |
Algorithm parameters for the AES-CBC-CMAC authenticated encryption algorithm as defined by the BSI Technical Guideline TR-03109-1 | CBC-CMAC, AESCMac, AESCBCCMac, AESCMac128, AESCBCCMac128, AESCMac_128, AESCBCCMac_128, AES-CMAC, AES-CBC-CMAC, AES-CMAC-128, AES-CBC-CMAC-128, 0.4.0.127.0.7.1.3.1.1.2, AESCBCCMac192, AESCBCCMac_192, AESCMac192, AESCMac_192, AES-CMAC-192, AES-CBC-CMAC-192, 0.4.0.127.0.7.1.3.1.1.3, AESCMac256, AESCMac_256, AESCBCCMac256, AESCBCCMac_256, AES-CMAC-256, AES-CBC-CMAC-256, 0.4.0.127.0.7.1.3.1.1.4 |
ChaCha20Poly1305 (ChaCha20Poly1305
parameters) |
Algorithm parameters for the ChaCha20Poly1305 authenticated encryption algorithm as defined by RFC 8439, RFC 8103 | ChaCha20-Poly1305, 1.2.840.113549.1.9.16.3.18 |
KDF1
(KDF1 parameters) |
Algorithm parameters for the Key Derivation Function (KDF) 1 as specified by ISO/IEC 18033-2. | 1.0.18033.2.5.1 |
KDF2
(KDF2 parameters) |
Algorithm parameters for Key Derivation Function (KDF) 2 as specified by ANS X9.44. | 1.3.133.16.840.9.44.1.1 |
KDF3
(KDF3 parameters) |
Algorithm parameters for Key Derivation Function (KDF) 3 as specified by ANS X9.44. | 1.3.133.16.840.9.44.1.2 |
RsaKem |
Algorithm parameters for the RSA-KEM Key Encapsulation Mechanism as specified by RFC 5990 and or ISO/IEC 18033-2. | 1.0.18033.2.2.4 |
Key Encapsulation Mechanisms
KeyEncapsulationMechanism kem = KeyEncapsulationMechanism.getInstance(<Standard Name> | <Alias>, "IAIK"); |
||
| Standard Name | Specification | Aliases |
RsaKem |
RSA-KEM Key Encapsulation Mechanism as specified by RFC 5990/a> and or ISO/IEC 18033-2. | 1.0.18033.2.2.4 |
General Usage:
Cipher cipher = Cipher.getInstance("Cipher/Operation Mode/Padding Scheme");
for instance:
Cipher des = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "IAIK");
| Cipher Modes (default: ECB) | |
| Name | Specification |
| ECB (Electronic Code Book) | "DES MODES OF OPERATION", NIST FIPS PUB 81 |
| CBC (Cipher Block Chaining) | "DES MODES OF OPERATION", NIST FIPS PUB 81 |
| PCBC (Propagated Cipher Block Chaining) | defined by Kerberos |
| CFB (Cipher FeedBack) | "DES MODES OF OPERATION", NIST FIPS PUB 81 |
| OFB (Output FeedBack) | "DES MODES OF OPERATION", NIST FIPS PUB 81 |
| CTR (Counter Mode Encryption) | "AES MODES OF OPERATION", NIST: Recommendation for Block Cipher Modes of Operation |
| CTS (Ciphertext Stealing) | "Bruce Schneier, "Applied Cryptography"" |
| CCM (Counter with CBC-MAC) | specified in RFC 3610 and NIST Special Publication 800-38C |
| GCM (Galois/Counter Mode) | specified in NIST Special Publication 800-38D |
| 0 (only for RSA ciphers) | block type 00 for RSA PKCS#1v1.5 encryption, private key operations, as specified by PKCS#1 |
| 1 (only for RSA ciphers) | block type 01 for RSA PKCS#1v1.5 encryption, private key operations, as specified by PKCS#1 |
| 2 (only for RSA ciphers) | block type 02 for RSA PKCS#1v1.5 encryption, public key operations, as specified by PKCS#1 |
| SSL (only for RSA ciphers) | PKCS#1v1.5 RSA encryption (PKCS#1) as used by IBMJSSE |
| Padding Schemes (default: NoPadding) | |
| Name | Specification |
| NoPadding | Uses no padding scheme. If no padding is used the input must be a multiple of the block size unless cipher mode is CFB, OFB, CTR, CTS, CCM or GCM. |
| PKCS5Padding (PKCS#5 Padding), PKCS7Padding | padding scheme as described in specified by PKCS#5 |
| SSL3Padding | padding scheme as described in the Secure Sockets Layer (SSL v3) specification |
| ISO78164Padding | padding scheme as described in the ISO 7816-4 Standard (Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Interindustry commands for interchange) |
| ISO10126-2 | padding scheme as described in the ISO 10126-2 Standard; used by http://www.w3.org/TR/xmlenc-core/ |
| PKCS1Padding (only for RSA ciphers) | padding scheme as specified by PKCS#1 v1.5 |
| OAEP (only for RSA ciphers) | A padding scheme as specified by PKCS#1 v2.1 and P1363.
If just OAEP is used as padding name, the hash algorithm is
SHA-1 and the mask generation function is MFG1 as specified in PKCS#1. To use
a different hash algorithm, the naming scheme is OAEPWith
<digest>And<mgf>Padding; e.g.
OAEPWithSHA1AndMGF1Padding. This is as specified in the JCE
specification. |
RSACipher class, which implements
the core RSA operation. In this class, blinding can be switched on and off.
Per default blinding is switched on. Practical performance measures showed
that blinding decreases the performance not that much. A few percent are
typical if public exponents are used which improve the performance; e.g.
65537 (decimal). In practice, such exponents are almost always used.
| Modifier and Type | Field and Description |
|---|---|
static double |
version
Version number is currently 6.0.
|
| Constructor and Description |
|---|
IAIK()
This is the default constructor which registers the implemented algorithms
to the Java Security API.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
addAsJDK14Provider()
Deprecated.
use method
IAIK.addAsProvider |
static void |
addAsJDK14Provider(boolean printStatusInfo)
Deprecated.
use method
IAIK.addAsProvider |
static void |
addAsProvider()
Static method which installs the SecurityProvider IAIK.
|
static void |
addAsProvider(boolean printStatusInfo)
Static method which installs the IAIK provider as first provider
and prints some system properties if desired.
|
static boolean |
getBufferMoreAEADCipherDataThanNecessary()
Gets whether the IAIK AEAD Cipher engines/modes ChaCha20Poly1305,
GCM and CCM shall buffer more than necessary cipher data during
update() calls during decryption. |
static boolean |
getCheckPKCS5PaddingBytes()
Asks whether PKCS#5 padding bytes shall be checked if having the same
value.
|
static boolean |
getCopyCipherData()
Gets whether to internally copy cipher data when Cipher
encryption/decryption uses the same array for input/output.
|
static IAIK |
getInstance()
Returns an instance of this class.
|
static java.security.MessageDigest |
getMd5()
Deprecated.
|
static boolean |
getUseOldMd5()
Deprecated.
|
static java.lang.String |
getVersionInfo()
Gets an info string with name and version og the IAIK provider.
|
static boolean |
isNativeAESAddonAvailable()
Method to look, if the class
iaik.security.provider.NativeAESAddon is in the classpath. |
static void |
setBufferMoreAEADCipherDataThanNecessary(boolean bufferCipherData)
Decides whether the IAIK AEAD Cipher engines/modes ChaCha20Poly1305,
GCM and CCM shall buffer more than necessary cipher data during
update() calls during decryption. |
static void |
setCheckPKCS5PaddingBytes(boolean checkPKCS5PaddingBytes)
Turns PKCS#5 padding byte value check on or off.
|
static void |
setCopyCipherData(boolean copyCipherData)
Decides whether to internally copy cipher data when Cipher
encryption/decryption uses the same array for input/output.
|
static void |
setNativeAESAddonEnabled(boolean enable)
This method can manually set whether or not the iaik_jce_native_aes.jar should be
used.
|
static void |
setUseOldMd5(boolean useOldMd5)
Deprecated.
|
isAvailable, puta, putc, putcclear, elements, entrySet, get, getInfo, getName, getProperty, getService, getServices, getVersion, keys, keySet, load, put, putAll, putService, remove, removeService, toString, valuesgetProperty, list, list, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNamespublic IAIK()
public static java.lang.String getVersionInfo()
public static void addAsProvider()
public static IAIK getInstance()
public static void addAsProvider(boolean printStatusInfo)
printStatusInfo - prints some status information and system propertiespublic static void addAsJDK14Provider(boolean printStatusInfo)
IAIK.addAsProviderIAIK.addAsProviderprintStatusInfo - whether to print some status information and system propertiespublic static void addAsJDK14Provider()
IAIK.addAsProviderIAIK.addAsProviderpublic static void setUseOldMd5(boolean useOldMd5)
true only if
MD5 crashes or hangs on your VM. This flag will only affect IAIK instances
created after this call is made.
The current default is to use the new version.
public static boolean getUseOldMd5()
true if the old MD5 implementation is used,
false if the new MD5 implementation is used (default)public static java.security.MessageDigest getMd5()
public static void setCheckPKCS5PaddingBytes(boolean checkPKCS5PaddingBytes)
PKCS#5 padding requires that all padding bytes have the same value. However, some application erroneously may use random padding values. By the default, the IAIK provider checks PKCS#5 padding bytes for the same value as required by the specification. You may use this method for switching off the PKCS#5 padding check, if required.
checkPKCS5PaddingBytes - whether to check PKCS#5 padding bytes for the same value or not to
checkpublic static boolean getCheckPKCS5PaddingBytes()
PKCS#5 padding requires that all padding bytes have the same value.
However, some application erroneously may use random padding values. By the
default, the IAIK provider checks PKCS#5 padding bytes for the same value
as required by the specification. You may use method
setCheckPKCS5PaddingBytes for
switching off the PKCS#5 padding check, if required.
true if PKCS#5 padding bytes shall be checked
(default), falseif they shall be not checkedpublic static void setBufferMoreAEADCipherDataThanNecessary(boolean bufferCipherData)
update() calls during decryption.
Usually cipher data may be buffered only if the given output buffer
is too small or more cipher data is required for completing a
block decryption operation.
When using a javax.crypto.CipherInputStream
for decrypting cipher data the final Cipher.doFinal may
not be done before closing the CipherInputStream.
javax.crypto.CipherInputStream catches (and does not throw) any Exception
that may be thrown when calling Cipher.doFinal. This
may cause an AEADBadTagException to be caught (and not thrown) inside
CipherInputStream.close() meaning that an invalid mac value may not be
detected when decrypting a cipher text using GCM, CCM or ChaCha20Poly1305.
For that reason it might be preferable to enforce that javax.crypto.CipherInputStream
calls Cipher.doFinal already during the last read() call where
an AEADBadTagException may be thrown. When ensuring to read all cipher
data from the CipherInputStream (until -1), the final Cipher.doFinal() will
be call will be done during the last read() call and an AEADBadTagException will
be thrown if the verification of the final mac value does fail. However, when,
for instance, only reading as many data bytes as expected (because knowing the
number of plain text bytes in advance) the final mac tag (if appended to the
cipher text) will not be read before closing the CipherInputStream:
int dataSize = ...;
byte[] recoveredPlainText = new byte[dataSize];
int off = 0;
int r = 0;
do {
r = cis.read(recoveredPlainText, off, dataSize - off);
if (r > 0) {
off += r;
}
} while (r >= 0 && off != dataSize);
cis.close();
This means that all data may be successfully decrypted to recoveredPlainText
but the final mac tag will only be read when closing the CipherInputStream. If the
mac is invalid cis.close() will not throw an Exception and the integrity
violation of the cipher data may not be detected.
setBufferMoreAEADCipherDataThanNecessaryupdate calls during decryption. This
may ensure that the final mac tag is read during the last CipherInputStream.read()
call throwing an Exception if the mac value is invalid:
IAIK.setBufferMoreAEADCipherDataThanNecessary(true);Note that by default
setBufferMoreAEADCipherDataThanNecessary is
set to false for performance and interoperability
(some applications may read until no more bytes are returned and
therefore may stop reading when update() does return 0)
reasons (and because the problem may be avoided by other means (see below)).
Note also that when setting it to true even more care has to taken
to not stop decrypting cipher date if a Cipher.update() call does
not return any decrypted data (0 bytes) since it may only require more cipher
input data for continuing decryption.
iaik.utils.CipherInputStream
which does not catch (and not throw) an AEADBadTagException within its close
method.bufferCipherData - whether the IAIK AEAD Cipher engines/modes ChaCha20Poly1305,
GCM and CCM shall buffer more than necessary cipher data during
update() calls during decryption (default: false).public static boolean getBufferMoreAEADCipherDataThanNecessary()
update() calls during decryption.update() calls during decryption (default: false).setBufferMoreAEADCipherDataThanNecessary(boolean)public static void setCopyCipherData(boolean copyCipherData)
Copying cipher data may be required when the result of encryption/decryption operations overrides data that is still required for some further encryption/decryption step. However, copying data may also slow down the performance and also may be already done by the calling application. For that reason data is not copied internally by default.
copyCipherData - whether to internally copy cipher data if Cipher
encryption/decryption uses the same array for input/output;
default: false (data is not copied)public static boolean getCopyCipherData()
Copying cipher data may be required when the result of encryption/decryption operations overrides data that is still required for some further encryption/decryption step. However, copying data may also slow down the performance and also may be already done by the calling application. For that reason data is not copied internally by default.
true if cipher data shall be copied if Cipher
encryption/decryption uses the same array for input/output;
false (default) if notpublic static boolean isNativeAESAddonAvailable()
iaik.security.provider.NativeAESAddon is in the classpath. (It
is then assumed that iaik_jce_native_aes.jar is included in the classpath.)true, if iaik_jce_native_aes.jar is included in the
classpath.public static void setNativeAESAddonEnabled(boolean enable)
enable is
set to true. No classloader will be used to
look for the respective implementations.enable - boolean to set manually, if the jar file containing
the speed-ups is present. Disables the classloader.