Java™ Cryptography Architecture
Standard Algorithm Name Documentation
for Java Platform Standard Edition 7
- Standard Names
AlgorithmParameterGeneratorAlgorithmsAlgorithmParametersAlgorithmsCertificateFactoryTypesCertPathBuilderAlgorithms- CertPath Encodings
CertPathValidatorAlgorithmsCertStoreTypesCipher(Encryption)AlgorithmsConfigurationTypes- Exemption Mechanisms
- GSSAPI Mechanisms
KeyAgreementAlgorithmsKeyFactoryAlgorithmsKeyGeneratorAlgorithmsKeyManagerFactoryAlgorithmsKeyPairGeneratorAlgorithmsKeyStoreTypesMacAlgorithmsMessageDigestAlgorithmsPolicyTypesSaslClientMechanismsSaslServerMechanismsSecretKeyFactoryAlgorithmsSecureRandomNumberGeneration (RNG) Algorithms- Service Attributes
SignatureAlgorithmsSSLContextAlgorithmsTrustManagerFactoryAlgorithms- XML Signature(
XMLSignatureFactory/KeyInfoFactory/TransformService)Mechanisms - XML Signature Transform(
TransformService) Algorithms - JSSE Cipher Suite Names
- Additional JSSE Standard Names
- Algorithms
- Implementation Requirements
Note: TheSun ProviderDocumentation contains specific provider and algorithminformation.
The JDK Security API requires and uses a set of standard namesfor algorithms, certificate and keystore types. This specificationestablishes the following names as standard names.
In some cases naming conventions are given for forming namesthat are not explicitly listed, to facilitate name consistencyacross provider implementations. Items in angle brackets (such as<digest> and<encryption>)are placeholders to be replaced by a specific message digest,encryption algorithm, or other name.
Note:Standard names are not case-sensitive.
This document includes corresponding lists of standard namesrelevant to the following security subareas:
- Java PKIProgrammer's Guide
- JSSE ReferenceGuide
- For standard name specifications, SeeAlgorithms.
- CryptographyArchitecture
- Single Sign-on UsingKerberos in Java
- The Java SASL APIProgramming and Deployment Guide
- The XML Digital SignatureAPI Specification
AlgorithmParameterGeneratorAlgorithms
The algorithm names in this section can be specified whengenerating an instance ofAlgorithmParameterGenerator.
| Algorithm Name | Description |
|---|---|
| DiffieHellman | Parameters for use with the Diffie-Hellman algorithm. |
| DSA | Parameters for use with the Digital Signature Algorithm. |
AlgorithmParametersAlgorithms
The algorithm names in this section can be specified whengenerating an instance ofAlgorithmParameters.
| Algorithm Name | Description |
|---|---|
| AES | Parameters for use with the AES algorithm. |
| Blowfish | Parameters for use with the Blowfish algorithm. |
| DES | Parameters for use with the DES algorithm. |
| DESede | Parameters for use with the DESede algorithm. |
| DiffieHellman | Parameters for use with the DiffieHellman algorithm. |
| DSA | Parameters for use with the Digital Signature Algorithm. |
| OAEP | Parameters for use with the OAEP algorithm. |
| PBEWith<digest>And<encryption> | Parameters for use with thePBEWith<digest>And<encryption> algorithm. Examples:PBEWithMD5AndDES, andPBEWithHmacSHA256AndAES_128. |
| PBE | Parameters for use with the PBE algorithm.This name shouldnot be used, in preference to the more specific PBE-algorithm namespreviously listed. |
| RC2 | Parameters for use with the RC2 algorithm. |
CertificateFactory Types
The type in this section can be specified when generating aninstance ofCertificateFactory.
| Type | Description |
|---|---|
| X.509 | The certificate type defined in X.509, also available viaRFC 3280 |
CertPathBuilder Algorithms
The algorithm in this section can be specified when generatingan instance ofCertPathBuilder.
| Algorithm Name | Description |
|---|---|
| PKIX | The PKIX certification path validation algorithm as defined intheValidationAlgorithm service attribute.The output ofCertPathBuilder instances implementingthis algorithm is a certification path validated against the PKIXvalidation algorithm. |
CertPathEncodings
The following encodings may be passed to thegetEncoded method ofCertPath or thegenerateCertPath(InputStream inStream, Stringencoding) method ofCertificateFactory.
| Encoding | Description |
|---|---|
| PKCS7 | A PKCS#7 SignedData object, with the only significant fieldbeing certificates. In particular, the signature and the contentsare ignored. If no certificates are present, a zero-lengthCertPath is assumed. Warning: PKCS#7 does not maintainthe order of certificates in a certification path. This means thatif aCertPath is converted to PKCS#7 encoded bytes andthen converted back, the order of the certificates may change,potentially rendering theCertPath invalid. Usersshould be aware of this behavior. SeeRSA Security fordetails on PKCS7. |
| PkiPath | an ASN.1 DER encoded sequence of certificates, defined asfollows:PkiPath ::= SEQUENCE OF CertificateWithin the sequence, the order of certificates is such that thesubject of the first certificate is the issuer of the secondcertificate, and so on. Each certificate in PkiPathshall be unique. No certificate may appear more than once in avalue ofCertificate inPkiPath. ThePkiPath format is defined in defect report 279 againstX.509 (2000) and is incorporated into Technical Corrigendum 1 (DTC2) for the ITU-T Recommendation X.509 (2000). Seethe ITU website fordetails. |
CertPathValidatorAlgorithms
The algorithm in this section can be specified when generatingan instance ofCertPathValidator.
| Algorithm Name | Description |
|---|---|
| PKIX | The PKIX certification path validation algorithm as defined intheValidationAlgorithm serviceattribute. |
CertStoreTypes
The type in this section can be specified when generating aninstance ofCertStore.
| Type | Description |
|---|---|
| Collection | ACertStore implementation that retrievescertificates and CRLs from aCollection. This type ofCertStore is particularly useful in applications wherecertificates or CRLs are received in a bag or some sort ofattachment, such as with a signed email message or in an SSLnegotiation. |
| LDAP | ACertStore implementation that fetchescertificates and CRLs from an LDAP directory using the schemadefined in theLDAPSchema serviceattribute. |
Cipher (Encryption) Algorithms
Cipher Algorithm Names
The following names can be specified as thealgorithmcomponent in atransformation when requestingan instance ofCipher.
| Algorithm Name | Description |
|---|---|
| AES | Advanced Encryption Standard as specified by NIST inFIPS 197.Also known as the Rijndael algorithm by Joan Daemen and VincentRijmen, AES is a 128-bit block cipher supporting keys of 128, 192,and 256 bits. |
| AESWrap | The AES key wrapping algorithm as described inRFC 3394. |
| ARCFOUR | A stream cipher believed to be fully interoperable with the RC4cipher developed by Ron Rivest. For more information, see K.Kaukonen and R. Thayer, "A Stream Cipher Encryption Algorithm'Arcfour'", Internet Draft (expired),draft-kaukonen-cipher-arcfour-03.txt. |
| Blowfish | TheBlowfishblock cipher designed by Bruce Schneier. |
| CCM | Counter/CBC Mode, as defined inNIST Special Publication SP 800-38C. |
| DES | The Digital Encryption Standard as described inFIPS PUB46-3. |
| DESede | Triple DES Encryption (also known as DES-EDE, 3DES, orTriple-DES). Data is encrypted using the DES algorithm threeseparate times. It is first encrypted using the first subkey, thendecrypted with the second subkey, and encrypted with the thirdsubkey. |
| DESedeWrap | The DESede key wrapping algorithm as described inRFC 3217 . |
| ECIES | Elliptic Curve Integrated Encryption Scheme |
| GCM | Galois/Counter Mode, as defined inNIST Special Publication SP 800-38D. |
| PBEWith<digest>And<encryption>PBEWith<prf>And<encryption> | The password-based encryption algorithm found in (PKCS5), usingthe specified message digest (<digest>) or pseudo-randomfunction (<prf>) and encryption algorithm(<encryption>). Examples:
|
| RC2 | Variable-key-size encryption algorithms developed by Ron Rivestfor RSA Data Security, Inc. |
| RC4 | Variable-key-size encryption algorithms developed by Ron Rivestfor RSA Data Security, Inc. (See note prior for ARCFOUR.) |
| RC5 | Variable-key-size encryption algorithms developed by Ron Rivestfor RSA Data Security, Inc. |
| RSA | The RSA encryption algorithm as defined inPKCS #1 |
Cipher Algorithm Modes
The following names can be specified as themodecomponent in atransformation when requestingan instance ofCipher.
| Algorithm Name | Description |
|---|---|
| NONE | No mode. |
| CBC | Cipher Block Chaining Mode, as defined inFIPS PUB81. |
| CFB, CFBx | Cipher Feedback Mode, as defined inFIPS PUB81. Using modes such as CFB and OFB, block ciphers can encrypt data inunits smaller than the cipher's actual block size. When requestingsuch a mode, you may optionally specify the number of bits to beprocessed at a time by appending this number to the mode name asshown in the "DES/CFB8/NoPadding" and"DES/OFB32/PKCS5Padding" transformations. If no such numberis specified, a provider-specific default is used. (For example,the SunJCE provider uses a default of 64 bits for DES.) Thus, blockciphers can be turned into byte-oriented stream ciphers by using an8-bit mode such as CFB8 or OFB8. |
| CTR | A simplification of OFB, Counter mode updates the input blockas a counter. |
| CTS | Cipher Text Stealing, as described in Bruce Schneier's bookApplied Cryptography-Second Edition, John Wiley and Sons,1996. |
| ECB | Electronic Codebook Mode, as defined inFIPS PUB81 (generally this mode should not be used for multiple blocks of data). |
| OFB, OFBx | Output Feedback Mode, as defined inFIPS PUB81. Using modes such as CFB and OFB, block ciphers can encrypt data inunits smaller than the cipher's actual block size. When requestingsuch a mode, you may optionally specify the number of bits to beprocessed at a time by appending this number to the mode name asshown in the "DES/CFB8/NoPadding" and"DES/OFB32/PKCS5Padding" transformations. If no such numberis specified, a provider-specific default is used. (For example,the SunJCE provider uses a default of 64 bits for DES.) Thus, blockciphers can be turned into byte-oriented stream ciphers by using an8-bit mode such as CFB8 or OFB8. |
| PCBC | Propagating Cipher Block Chaining, as defined byKerberos V4. |
Cipher Algorithm Padding
The following names can be specified as thepaddingcomponent in atransformation when requestingan instance ofCipher.
| Algorithm Name | Description |
|---|---|
| NoPadding | No padding. |
| ISO10126Padding | This padding for block ciphers is described in5.2 BlockEncryption Algorithms in the W3C's "XML Encryption Syntax andProcessing" document. |
| OAEPPadding, OAEPWith<digest>And<mgf>Padding | Optimal Asymmetric Encryption Padding scheme defined in PKCS1,where <digest> should be replaced by the message digest and<mgf> by the mask generation function. Examples:OAEPWithMD5AndMGF1Padding andOAEPWithSHA-512AndMGF1Padding. If OAEPPadding is used,Cipher objectsare initialized with ajavax.crypto.spec.OAEPParameterSpec object to supplyvalues needed for OAEPPadding. |
| PKCS1Padding | The padding scheme described inPKCS #1, usedwith the RSA algorithm. |
| PKCS5Padding | The padding scheme described inRSA Laboratories,"PKCS #5: Password-Based Encryption Standard," version 1.5,November 1993. |
| SSL3Padding | The padding scheme defined in the SSL Protocol Version 3.0,November 18, 1996, section 5.2.3.2 (CBC block cipher): block-ciphered struct { opaque content[SSLCompressed.length]; opaque MAC[CipherSpec.hash_size]; uint8 padding[ GenericBlockCipher.padding_length]; uint8 padding_length; } GenericBlockCipher;The size of an instance of a GenericBlockCipher must be a multipleof the block cipher's block length.The padding length, which is always present, contributes to thepadding, which implies that if: sizeof(content) + sizeof(MAC) % block_length = 0,padding has to be (block_length - 1) bytes long, because of theexistence of padding_length.This makes the padding scheme similar (but not quite) toPKCS5Padding, where the padding length is encoded in the padding(and ranges from 1 to block_length). With the SSL scheme, thesizeof(padding) is encoded in the always present padding_length and therefore ranges from 0 toblock_length-1. |
Configuration Types
The type in this section can be specified when generating aninstance ofjavax.security.auth.login.Configuration.
| Type | Description |
|---|---|
| JavaLoginConfig | The default Configuration implementation from the SUN provider,as described in theConfigFile classspecification. This type acceptsjava.security.URIParameter as avalidConfiguration.Parameter type. If this parameteris not specified, then the configuration information is loaded fromthe sources described in the ConfigFile class specification. Ifthis parameter is specified, the configuration information isloaded solely from the specified URI. |
Exemption Mechanisms
The following exemption mechanism names can be specified in thepermission policy file that accompanies an application considered"exempt" from cryptographic restrictions.
| Algorithm Name | Description |
|---|---|
| KeyEscrow | An encryption system with a backup decryption capability thatallows authorized persons (users, officers of an organization, andgovernment officials), under certain prescribed conditions, todecrypt ciphertext with the help of information supplied by one ormore trusted parties who hold special data recovery keys. |
| KeyRecovery | A method of obtaining the secret key used to lock encrypteddata. One use is as a means of providing fail-safe access to acorporation's own encrypted information in times of disaster. |
| KeyWeakening | A method in which a part of the key can be escrowed orrecovered. |
GSSAPI Mechanisms
The following mechanisms can be specified when using GSSAPI.Note that Object Identifiers (OIDs) are specified instead of namesto be consistent with the GSSAPI standard.
| Mechanism OID | Description |
|---|---|
| 1.2.840.113554.1.2.2 | The Kerberos v5 GSS-API mechanism defined inRFC 4121. |
| 1.3.6.1.5.5.2 | The Simple and Protected GSS-API Negotiation (SPNEGO) mechanismdefined inRFC4178. |
KeyAgreement Algorithms
The following algorithm names can be specified when requestingan instance ofKeyAgreement.
| Algorithm Name | Description |
|---|---|
| DiffieHellman | Diffie-Hellman Key Agreement as defined inPKCS #3:Diffie-Hellman Key-Agreement Standard, RSA Laboratories, version1.4, November 1993. |
| ECDH | Elliptic Curve Diffie-Hellman as defined in ANSI X9.63 and asdescribed inRFC3278: "Use of Elliptic Curve Cryptography (ECC) Algorithms inCryptographic Message Syntax (CMS)." |
| ECMQV | Elliptic Curve Menezes-Qu-Vanstone as defined in"Elliptic CurveCryptography" from www.secg.org. |
KeyFactoryAlgorithms
(Except as noted, these classes create keys for whichKey.getAlgorithm()returns the standard algorithm name.)
The algorithm names in this section can be specified whengenerating an instance ofKeyFactory.
| Algorithm Name | Description |
|---|---|
| DiffieHellman | Keys for the Diffie-Hellman KeyAgreement algorithm. Note: |
| DSA | Keys for the Digital Signature Algorithm. |
| RSA | Keys for the RSA algorithm (Signature/Cipher). |
| EC | Keys for the Elliptic Curve algorithm. |
KeyGenerator Algorithms
The following algorithm names can be specified when requestingan instance ofKeyGenerator.
| Algorithm Name | Description |
|---|---|
| AES | Key generator for use with the AES algorithm. |
| ARCFOUR | Key generator for use with the ARCFOUR (RC4) algorithm. |
| Blowfish | Key generator for use with the Blowfish algorithm. |
| DES | Key generator for use with the DES algorithm. |
| DESede | Key generator for use with the DESede (triple-DES)algorithm. |
| HmacMD5 | Key generator for use with the HmacMD5 algorithm. |
| HmacSHA1 HmacSHA256 HmacSHA384 HmacSHA512 | Keys generator for use with the various flavors of the HmacSHAalgorithms. |
| RC2 | Key generator for use with the RC2 algorithm. |
KeyManagerFactoryAlgorithms
The algorithm name in this section can be specified whengenerating an instance ofKeyManagerFactory.
| Algorithm Name | Description |
|---|---|
| PKIX | A factory forX509ExtendedKeyManagers that manageX.509 certificate-based key pairs for local side authenticationaccording to the rules defined by the IETF PKIX working group inRFC 3280 or itssuccessor. TheKeyManagerFactory must supportinitialization using the classjavax.net.ssl.KeyStoreBuilderParameters. |
KeyPairGeneratorAlgorithms
(Except as noted, these classes create keys for whichKey.getAlgorithm()returns the standard algorithm name.)
The algorithm names in this section can be specified whengenerating an instance ofKeyPairGenerator.
| Algorithm Name | Description |
|---|---|
| DiffieHellman | Generates keypairs for the Diffie-Hellman KeyAgreementalgorithm. Note: |
| DSA | Generates keypairs for the Digital Signature Algorithm. |
| RSA | Generates keypairs for the RSA algorithm(Signature/Cipher). |
| EC | Generates keypairs for the Elliptic Curve algorithm. |
KeyStore Types
The types in this section can be specified when generating aninstance ofKeyStore.
| Type | Description |
|---|---|
| jceks | Theproprietarykeystore implementation provided by the SunJCE provider. |
| jks | Theproprietarykeystore implementation provided by the SUN provider. |
| pkcs12 | The transfer syntax for personal identity information asdefined inPKCS #12. |
Mac Algorithms
The following algorithm names can be specified when requestingan instance ofMac.
| Algorithm Name | Description |
|---|---|
| HmacMD5 | The HMAC-MD5 keyed-hashing algorithm as defined inRFC 2104 "HMAC:Keyed-Hashing for Message Authentication" (February 1997). |
| HmacSHA1 HmacSHA256 HmacSHA384 HmacSHA512 | The HmacSHA* algorithms as defined inRFC 2104 "HMAC:Keyed-Hashing for Message Authentication" (February 1997) withSHA-* as the message digest algorithm. |
| PBEWith<mac> | Mac for use with thePKCS #5 v 2.0password-based message authentication standard, where <mac>is a Message Authentication Code algorithm name. Example:PBEWithHmacSHA1. |
MessageDigest Algorithms
The algorithm names in this section can be specified whengenerating an instance ofMessageDigest.
| Algorithm Name | Description |
|---|---|
| MD2 | The MD2 message digest algorithm as defined inRFC 1319. |
| MD5 | The MD5 message digest algorithm as defined inRFC 1321. |
| SHA-1 SHA-256 SHA-384 SHA-512 | Hash algorithms defined in theFIPS PUB180-2. SHA-256 is a 256-bit hash function intended to provide 128 bits ofsecurity against collision attacks, while SHA-512 is a 512-bit hashfunction intended to provide 256 bits of security. A 384-bit hashmay be obtained by truncating the SHA-512 output. |
Policy Types
The type in this section can be specified when generating aninstance ofPolicy.
| Type | Description |
|---|---|
| JavaPolicy | The default Policy implementation from the SUN provider, asdescribed in thePolicyFile guide.This type acceptsjava.security.URIParameter as avalidPolicy.Parameter type. If this parameter is notspecified, then the policy information is loaded from the sourcesdescribed in theDefaultPolicy File Locations section of the PolicyFile guide. If thisparameter is specified, the policy information is loaded solelyfrom the specified URI. |
SaslClientMechanisms
The mechanisms in this section can be specified when generatingan instance ofSaslClient.
| Mechanism | Description |
|---|---|
| CRAM-MD5 | SeeRFC 2195.This mechanism supports a hashed username/password authenticationscheme. |
| DIGEST-MD5 | SeeRFC 2831.This mechanism defines how HTTP Digest Authentication can be usedas a SASL mechanism. |
| EXTERNAL | SeeRFC 2222.This mechanism obtains authentication information from an externalchannel (such as TLS or IPsec). |
| GSSAPI | SeeRFC 2222.This mechanism uses the GSSAPI for obtaining authenticationinformation. It supports Kerberos v5 authentication. |
| PLAIN | SeeRFC 2595.This mechanism supports cleartext user name/passwordauthentication. |
SaslServerMechanisms
The mechanisms in this section can be specified when generatingan instance ofSaslServer.
| Mechanism | Description |
|---|---|
| CRAM-MD5 | SeeRFC 2195.This mechanism supports a hashed user name/password authenticationscheme. |
| DIGEST-MD5 | SeeRFC 2831.This mechanism defines how HTTP Digest Authentication can be usedas a SASL mechanism. |
| GSSAPI | SeeRFC 2222.This mechanism uses the GSSAPI for obtaining authenticationinformation. It supports Kerberos v5 authentication. |
SecretKeyFactory Algorithms
The following algorithm names can be specified when requestingan instance ofSecretKeyFactory.
| Algorithm Name | Description |
|---|---|
| AES | Constructs secret keys for use with the AES algorithm. |
| ARCFOUR | Constructs secret keys for use with the ARCFOUR algorithm. |
| DES | Constructs secrets keys for use with the DES algorithm. |
| DESede | Constructs secrets keys for use with the DESede (Triple-DES)algorithm. |
| PBEWith<digest>And<encryption> PBEWith<prf>And<encryption> | Secret-key factory for use with PKCS5 password-basedencryption, where <digest> is a message digest, <prf>is a pseudo-random function, and <encryption> is anencryption algorithm. Examples:
|
| PBKDF2WithHmacSHA1 | Constructs secret keys using the Password-Based Key DerivationFunction function found inPKCS #5v2.0. |
SecureRandom Number Generation (RNG)Algorithms
The algorithm name in this section can be specified whengenerating an instance ofSecureRandom.
| Algorithm Name | Description |
|---|---|
| SHA1PRNG | The name of the pseudo-random number generation (PRNG)algorithm supplied by the SUN provider. This algorithm uses SHA-1as the foundation of the PRNG. It computes the SHA-1 hash over atrue-random seed value concatenated with a 64-bit counter which isincremented by 1 for each operation. From the 160-bit SHA-1 output,only 64 bits are used. |
Service Attributes
A cryptographic service is always associated with a particularalgorithm or type. For example, a digital signature service isalways associated with a particular algorithm (for example, DSA),and aCertificateFactory service is always associatedwith a particular certificate type (for example, X.509).
The attributes in this section are for cryptographic services.The service attributes can be used as filters for selectingproviders.
Both the attribute name and value are case-insensitive.
| Attribute | Description |
|---|---|
| KeySize | The maximum key size that the provider supports for thecryptographic service. |
| ImplementedIn | Whether the implementation for the cryptographic service isdone by software or hardware. The value of this attribute is"software" or "hardware". |
| ValidationAlgorithm | The name of the specification that defines the certificationpath validation algorithm that an implementation ofCertPathBuilder orCertPathValidatorsupports. RFCs should be specified as "RFC#" (ex: "RFC3280") andInternet Drafts as the name of the draft (ex:"draft-ietf-pkix-rfc2560bis-01.txt"). Values for this attributethat are specified as selection criteria to theSecurity.getProviders method will be compared usingtheString.equalsIgnoreCase method. All PKIXimplementations ofCertPathBuilder andCertPathValidator should provide a value for thisattribute. |
| LDAPSchema | The name of the specification that defines the LDAP schema thatan implementation of an LDAPCertStore uses toretrieve certificates and CRLs. The format and semantics of thisattribute is the same as described for the ValidationAlgorithmattribute. All LDAP implementations ofCertStoreshould provide a value for this attribute. |
For example:
map.put("KeyPairGenerator.DSA", "sun.security.provider.DSAKeyPairGenerator"); map.put("KeyPairGenerator.DSA KeySize", "1024"); map.put("KeyPairGenerator.DSA ImplementedIn", "Software");Signature Algorithms
The algorithm names in this section can be specified whengenerating an instance ofSignature.
| Algorithm Name | Description |
|---|---|
| NONEwithRSA | The RSA signature algorithm, which does not use a digestingalgorithm (for example, MD5/SHA1) before performing the RSAoperation. For more information about the RSA Signature algorithms,seePKCS#1. |
| MD2withRSA MD5withRSA | The MD2/MD5 with RSA Encryption signature algorithm, which usesthe MD2/MD5 digest algorithm and RSA to create and verify RSAdigital signatures as defined inPKCS #1. |
| SHA1withRSA SHA256withRSA SHA384withRSA SHA512withRSA | The signature algorithm with SHA-* and the RSA encryptionalgorithm as defined in the OSI Interoperability Workshop, usingthe padding conventions described inPKCS #1. |
| NONEwithDSA | The Digital Signature Algorithm as defined inFIPS PUB186-2. The data must be exactly 20 bytes in length. Thisalgorithm is also known as rawDSA. |
| SHA1withDSA | The DSA with SHA-1 signature algorithm, which uses the SHA-1digest algorithm and DSA to create and verify DSA digitalsignatures as defined inFIPS PUB186. |
| NONEwithECDSA SHA1withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA (ECDSA) | The ECDSA signature algorithms as defined in ANSIX9.62. Note:"ECDSA" is an ambiguous name for the "SHA1withECDSA"algorithm and should not be used. The formal name "SHA1withECDSA"should be used instead. |
| <digest>with<encryption> | Use this to form a name for a signature algorithm with aparticular message digest (such as MD2 or MD5) and algorithm (suchas RSA or DSA), just as was done for the explicitly definedstandard names in this section (MD2withRSA, and so on). For the new signature schemes defined inPKCS #1 v 2.0,for which the <digest>with<encryption> form isinsufficient,<digest>with<encryption>and<mgf> can beused to form a name. Here, <mgf> should be replaced by a maskgeneration function such as MGF1. Example:MD5withRSAandMGF1. |
SSLContextAlgorithms
The algorithm names in this section can be specified whengenerating an instance ofSSLContext.
| Algorithm Name | Description |
|---|---|
| SSL | Supports some version of SSL; may support other versions |
| SSLv2 | Supports SSL version 2 or later; may support otherversions |
| SSLv3 | Supports SSL version 3; may support other versions |
| TLS | Supports some version of TLS; may support other versions |
| TLSv1 | SupportsRFC2246: TLS version 1.0 ; may support other versions |
| TLSv1.1 | SupportsRFC4346: TLS version 1.1 ; may support other versions |
| TLSv1.2 | SupportsRFC5246: TLS version 1.2 ; may support other versions |
TrustManagerFactoryAlgorithms
The algorithm name in this section can be specified whengenerating an instance ofTrustManagerFactory.
| Algorithm Name | Description |
|---|---|
| PKIX | A factory forX509ExtendedTrustManager objectsthat validate certificate chains according to the rules defined bythe IETF PKIX working group inRFC 3280 or itssuccessor. TheTrustManagerFactory must supportinitialization using the classjavax.net.ssl.CertPathTrustManagerParameters. |
XML Signature(XMLSignatureFactory/KeyInfoFactory/TransformService)Mechanisms
The mechanism in this section can be specified when generatingan instance ofXMLSignatureFactory,KeyInfoFactory, orTransformService. Themechanism identifies the XML processing mechanism that animplementation uses internally to parse and generate XML signatureand KeyInfo structures. Also, note that eachTransformService instance supports a specifictransform algorithm in addition to a mechanism. The standard namesfor the transform algorithms are defined in the next section.
| Mechanism | Description |
|---|---|
| DOM | The Document Object Model. SeeDOMMechanism Requirements for additional requirements for DOMimplementations. |
XML Signature Transform (TransformService)Algorithms
The algorithms in this section can be specified when generatingan instance ofTransformService. Note that URIs arespecified instead of names to be consistent with the XML Signaturestandard. API constants have been defined for each of these URIs,and these are listed in parentheses after each URI in the tablethat follows.
| Algorithm URI | Description |
|---|---|
http://www.w3.org/TR/2001/REC-xml-c14n-20010315(CanonicalizationMethod.INCLUSIVE) | TheCanonical XML(without comments) canonicalization algorithm. |
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS) | TheCanonicalXML with comments canonicalization algorithm. |
http://www.w3.org/2001/10/xml-exc-c14n#(CanonicalizationMethod.EXCLUSIVE) | TheExclusiveCanonical XML (without comments) canonicalizationalgorithm. |
http://www.w3.org/2001/10/xml-exc-c14n#WithComments(CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS) | TheExclusiveCanonical XML with comments canonicalization algorithm. |
http://www.w3.org/2000/09/xmldsig#base64(Transform.BASE64) | TheBase64transform algorithm. |
http://www.w3.org/2000/09/xmldsig#enveloped-signature(Transform.ENVELOPED) | TheEnvelopedSignature transform algorithm. |
http://www.w3.org/TR/1999/REC-xpath-19991116(Transform.XPATH) | TheXPath transformalgorithm. |
http://www.w3.org/2002/06/xmldsig-filter2(Transform.XPATH2) | TheXPathFilter 2 transform algorithm. |
http://www.w3.org/TR/1999/REC-xslt-19991116(Transform.XSLT) | TheXSLT transformalgorithm. |
JSSE Cipher SuiteNames
The following list contains the standard JSSE cipher suitenames. Over time, various groups have added additional ciphersuites to the SSL/TLS namespace. Some JSSE cipher suite names weredefined before TLSv1.0 was finalized, and were therefore given theSSL_ prefix. The names mentioned in the TLS RFCsprefixed withTLS_ are functionally equivalent to theJSSE cipher suites prefixed withSSL_.
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA |
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 |
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA |
TLS_DH_anon_WITH_AES_128_CBC_SHA |
TLS_DH_anon_WITH_AES_128_CBC_SHA256 |
TLS_DH_anon_WITH_AES_128_GCM_SHA256 |
TLS_DH_anon_WITH_AES_256_CBC_SHA |
TLS_DH_anon_WITH_AES_256_CBC_SHA256 |
TLS_DH_anon_WITH_AES_256_GCM_SHA384 |
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA |
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA |
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_DH_anon_WITH_DES_CBC_SHA |
SSL_DH_anon_WITH_RC4_128_MD5 |
TLS_DH_anon_WITH_SEED_CBC_SHA |
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA |
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_DH_DSS_WITH_AES_128_CBC_SHA |
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 |
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 |
TLS_DH_DSS_WITH_AES_256_CBC_SHA |
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 |
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 |
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA |
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA |
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_DH_DSS_WITH_DES_CBC_SHA |
TLS_DH_DSS_WITH_SEED_CBC_SHA |
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA |
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DH_RSA_WITH_AES_128_CBC_SHA |
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 |
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 |
TLS_DH_RSA_WITH_AES_256_CBC_SHA |
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 |
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA |
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA |
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_DH_RSA_WITH_DES_CBC_SHA |
TLS_DH_RSA_WITH_SEED_CBC_SHA |
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA |
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA |
SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA |
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_DHE_DSS_WITH_DES_CBC_SHA |
SSL_DHE_DSS_WITH_RC4_128_SHA |
TLS_DHE_DSS_WITH_SEED_CBC_SHA |
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_PSK_WITH_AES_128_CBC_SHA |
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
TLS_DHE_PSK_WITH_AES_256_CBC_SHA |
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
TLS_DHE_PSK_WITH_NULL_SHA |
TLS_DHE_PSK_WITH_NULL_SHA256 |
TLS_DHE_PSK_WITH_NULL_SHA384 |
TLS_DHE_PSK_WITH_RC4_128_SHA |
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA |
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_DHE_RSA_WITH_DES_CBC_SHA |
TLS_DHE_RSA_WITH_SEED_CBC_SHA |
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA |
TLS_ECDH_anon_WITH_AES_128_CBC_SHA |
TLS_ECDH_anon_WITH_AES_256_CBC_SHA |
TLS_ECDH_anon_WITH_NULL_SHA |
TLS_ECDH_anon_WITH_RC4_128_SHA |
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDH_ECDSA_WITH_NULL_SHA |
TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDH_RSA_WITH_NULL_SHA |
TLS_ECDH_RSA_WITH_RC4_128_SHA |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA |
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA |
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_PSK_WITH_NULL_SHA |
TLS_ECDHE_PSK_WITH_NULL_SHA256 |
TLS_ECDHE_PSK_WITH_NULL_SHA384 |
TLS_ECDHE_PSK_WITH_RC4_128_SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_RSA_WITH_NULL_SHA |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
TLS_EMPTY_RENEGOTIATION_INFO_SCSV* |
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA |
SSL_FORTEZZA_DMS_WITH_NULL_SHA |
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 |
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA |
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 |
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA |
TLS_KRB5_EXPORT_WITH_RC4_40_MD5 |
TLS_KRB5_EXPORT_WITH_RC4_40_SHA |
TLS_KRB5_WITH_3DES_EDE_CBC_MD5 |
TLS_KRB5_WITH_3DES_EDE_CBC_SHA |
TLS_KRB5_WITH_DES_CBC_MD5 |
TLS_KRB5_WITH_DES_CBC_SHA |
TLS_KRB5_WITH_IDEA_CBC_MD5 |
TLS_KRB5_WITH_IDEA_CBC_SHA |
TLS_KRB5_WITH_RC4_128_MD5 |
TLS_KRB5_WITH_RC4_128_SHA |
TLS_PSK_WITH_3DES_EDE_CBC_SHA |
TLS_PSK_WITH_AES_128_CBC_SHA |
TLS_PSK_WITH_AES_128_CBC_SHA256 |
TLS_PSK_WITH_AES_128_GCM_SHA256 |
TLS_PSK_WITH_AES_256_CBC_SHA |
TLS_PSK_WITH_AES_256_CBC_SHA384 |
TLS_PSK_WITH_AES_256_GCM_SHA384 |
TLS_PSK_WITH_NULL_SHA |
TLS_PSK_WITH_NULL_SHA256 |
TLS_PSK_WITH_NULL_SHA384 |
TLS_PSK_WITH_RC4_128_SHA |
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA |
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
SSL_RSA_EXPORT_WITH_RC4_40_MD5 |
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA |
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA |
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA |
SSL_RSA_FIPS_WITH_DES_CBC_SHA |
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_PSK_WITH_AES_128_CBC_SHA |
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 |
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 |
TLS_RSA_PSK_WITH_AES_256_CBC_SHA |
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 |
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 |
TLS_RSA_PSK_WITH_NULL_SHA |
TLS_RSA_PSK_WITH_NULL_SHA256 |
TLS_RSA_PSK_WITH_NULL_SHA384 |
TLS_RSA_PSK_WITH_RC4_128_SHA |
SSL_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
SSL_RSA_WITH_DES_CBC_SHA |
SSL_RSA_WITH_IDEA_CBC_SHA |
SSL_RSA_WITH_NULL_MD5 |
SSL_RSA_WITH_NULL_SHA |
TLS_RSA_WITH_NULL_SHA256 |
SSL_RSA_WITH_RC4_128_MD5 |
SSL_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_SEED_CBC_SHA |
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA |
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA |
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA |
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA |
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA |
TLS_SRP_SHA_WITH_AES_128_CBC_SHA |
TLS_SRP_SHA_WITH_AES_256_CBC_SHA |
*TLS_EMPTY_RENEGOTIATION_INFO_SCSV is a newpseudo-cipher suite to support RFC 5746. Read theTransportLayer Security (TLS) Renegotiation Issue section of the JSEEReference Guide for more information.
Additional JSSE StandardNames
ThekeyType parameter passed to thechooseClientAlias,chooseServerAlias,getClientAliases, andgetServerAliasesmethods ofX509KeyManager specifies the public keytypes. Each row of the table that follows lists the standard namethat should be used forkeyType, given the specifiedcertificate type.
| Name | Certificate Type |
|---|---|
| RSA | RSA |
| DSA | DSA |
| DH_RSA | Diffie-Hellman with RSA signature |
| DH_DSA | Diffie-Hellman with DSA signature |
| EC | Elliptic Curve |
| EC_EC | Elliptic Curve with ECDSA signature |
| EC_RSA | Elliptic Curve with RSA signature |
Theprotocols parameter passed to thesetEnabledProtocols method ofSSLSocketspecifies the protocol versions to be enabled for use on theconnection. The table that follows lists the standard names thatcan be passed tosetEnabledProtocols or that may bereturned by theSSLSocket getSupportedProtocols andgetEnabledProtocols methods.
| Name | Protocol |
|---|---|
| SSLv2 | SSL version 2 protocol |
| SSLv3 | SSL version 3 protocol |
| TLSv1 | TLS version 1.0 protocol (defined inRFC 2246) |
| TLSv1.1 | TLS version 1.1 protocol (defined inRFC 4346) |
| TLSv1.2 | TLS version 1.2 protocol (defined inRFC 5246) |
| SSLv2Hello | Currently, the SSLv3, TLSv1, and TLSv1.1 protocols allow you tosend SSLv3, TLSv1, and TLSv1.1 hellos encapsulated in an SSLv2format hello. For more details on the reasons for allowing thiscompatibility in these protocols, see Appendix E in the appropriateRFCs (previously listed). Note that some SSL/TLS servers do not support the v2 hello formatand require that client hellos conform to the SSLv3 or TLSv1 clienthello formats. The SSLv2Hello option controls the SSLv2 encapsulation. IfSSLv2Hello is disabled on the client, then all outgoing messageswill conform to the SSLv3/TLSv1 client hello format. If SSLv2Hellois disabled on the server, then all incoming messages must conformto the SSLv3/TLSv1 client hello format. |
TheauthType parameter passed to thecheckClientTrusted andcheckServerTrustedmethods ofX509TrustManager indicates theauthentication type. The table that follows specifies what standardnames should be used for the client or server certificatechains.
| Client or Server Certificate Chain | Authentication Type Standard Name |
|---|---|
| Client | Determined by the actual certificate used. For instance, ifRSAPublicKey is used, theauthType should be"RSA". |
| Server | The key exchange algorithm portion of the cipher suitesrepresented as a String, such as "RSA" or "DHE_DSS". Note: For someexportable cipher suites, the key exchange algorithm is determinedat runtime during the handshake. For instance, forTLS_RSA_EXPORT_WITH_RC4_40_MD5, theauthType should be"RSA_EXPORT" when an ephemeral RSA key is used for the keyexchange, and "RSA" when the key from the server certificate isused. Or it can take the value "UNKNOWN". |
The Java SE 7 release supports endpoint identificationalgorithms for TLS 1.2. The algorithm name can be passed to thesetEndpointIdentificationAlgorithm() method ofjavax.net.ssl.SSLParameters. The following table showsthe currently recognized names.
| Endpoint Identification Algorithm Name | Specification |
|---|---|
| HTTPS | http://www.ietf.org/rfc/rfc2818.txt |
| LDAPS | http://www.ietf.org/rfc/rfc2830.txt |
This section specifies details concerning some of the algorithmsdefined in this document. Any provider supplying an implementationof the listed algorithms must comply with the specifications inthis section.
To add a new algorithm not specified here, you should firstsurvey other people or companies supplying provider packages to seeif they have already added that algorithm, and, if so, use thedefinitions they published, if available. Otherwise, you shouldcreate and make available a template, similar to those found inthis section, with the specifications for the algorithm youprovide.
SpecificationTemplate
The following table shows the fields of the algorithmspecifications.
| Field | Description |
|---|---|
| Name | The name by which the algorithm is known. This isthe name passed to thegetInstance method (whenrequesting the algorithm), and returned by thegetAlgorithm method to determine the name of anexisting algorithm object. These methods are in the relevant engineclasses:Signature,MessageDigest,KeyPairGenerator, andAlgorithmParameterGenerator. |
| Type | The type of algorithm:Signature,MessageDigest,KeyPairGenerator, orParameterGenerator. |
| Description | General notes about the algorithm, including anystandards implemented by the algorithm, applicable patents, and soon. |
KeyPair Algorithm(optional) | The keypair algorithm for this algorithm. |
| Keysize (optional) | For a keyed algorithm or key generation algorithm:the valid keysizes. |
Size (optional) | For an algorithm parameter generation algorithm:the valid "sizes" for algorithm parameter generation. |
Parameter Defaults (optional) | For a key generation algorithm: the defaultparameter values. |
| For aSignature algorithm, the formatof the signature, that is, the input and output of the verify andsign methods, respectively. |
AlgorithmSpecifications
SHA-1 Message Digest Algorithm
| Field | Description | |
|---|---|---|
| Name | SHA-1 | |
| Type | MessageDigest | |
| Description | The message digest algorithm as defined inNIST's FIPS180-2. The output of this algorithm is a 160-bit digest. |
MD2 Message Digest Algorithm
| Field | Description | |
|---|---|---|
| Name | MD2 | |
| Type | MessageDigest | |
| Description | The message digest algorithm as defined inRFC 1319. The output ofthis algorithm is a 128-bit (16 byte) digest. |
MD5 Message Digest Algorithm
| Field | Description | |
|---|---|---|
| Name | MD5 | |
| Type | MessageDigest | |
| Description | The message digest algorithm as defined inRFC 1321. The output ofthis algorithm is a 128-bit (16 byte) digest. |
The Digital Signature Algorithm
| Field | Description | |
|---|---|---|
| Name | SHA1withDSA | |
| Type | Signature | |
| Description | This algorithm is the signature algorithm describedinNISTFIPS 186, using DSA with the SHA-1 message digestalgorithm. | |
KeyPair Algorithm | DSA | |
| Signature Format | ASN.1 sequence of two INTEGER values:r ands, in that order:SEQUENCE ::= { r INTEGER, s INTEGER } |
RSA-based Signature Algorithms, with MD2, MD5 or SHA-1
| Field | Description | |
|---|---|---|
| Names | MD2withRSA, MD5withRSA and SHA1withRSA | |
| Type | Signature | |
| Description | These are the signature algorithms that use theMD2, MD5, and SHA-1 message digest algorithms (respectively) withRSA encryption. | |
KeyPair Algorithm | RSA | |
| Signature Format | DER-encoded PKCS1 block as defined inRSA Laboratories,PKCS #1. The data encrypted is the digest of the datasigned. |
DSA KeyPair Generation Algorithm
| Field | Description | |
|---|---|---|
| Name | DSA | |
| Type | KeyPairGenerator | |
| Description | This algorithm is the key pairgeneration algorithm describedNIST FIPS 186for DSA. | |
| Keysize | The length, in bits, of the modulusp. This must range from 512 to 1024, and must be amultiple of 64. The default keysize is 1024. | |
| ParameterDefaults | The following default parameter values are used for keysizes of512, 768, and 1024 bits: 512-bit Key ParametersSEED = b869c82b 35d70e1b 1ff91b28 e37a62ec dc34409bcounter = 123p = fca682ce 8e12caba 26efccf7 110e526d b078b05e decbcd1e b4a208f3 ae1617ae 01f35b91 a47e6df6 3413c5e1 2ed0899b cd132acd 50d99151 bdc43ee7 37592e17q = 962eddcc 369cba8e bb260ee6 b6a126d9 346e38c5g = 678471b2 7a9cf44e e91a49c5 147db1a9 aaf244f0 5a434d64 86931d2d 14271b9e 35030b71 fd73da17 9069b32e 2935630e 1c206235 4d0da20a 6c416e50 be794ca4 768-bit key parametersSEED = 77d0f8c4 dad15eb8 c4f2f8d6 726cefd9 6d5bb399counter = 263p = e9e64259 9d355f37 c97ffd35 67120b8e 25c9cd43 e927b3a9 670fbec5 d8901419 22d2c3b3 ad248009 3799869d 1e846aab 49fab0ad 26d2ce6a 22219d47 0bce7d77 7d4a21fb e9c270b5 7f607002 f3cef839 3694cf45 ee3688c1 1a8c56ab 127a3dafq = 9cdbd84c 9f1ac2f3 8d0f80f4 2ab952e7 338bf511g = 30470ad5 a005fb14 ce2d9dcd 87e38bc7 d1b1c5fa cbaecbe9 5f190aa7 a31d23c4 dbbcbe06 17454440 1a5b2c02 0965d8c2 bd2171d3 66844577 1f74ba08 4d2029d8 3c1c1585 47f3a9f1 a2715be2 3d51ae4d 3e5a1f6a 7064f316 933a346d 3f529252 1024-bit key parametersSEED = 8d515589 4229d5e6 89ee01e6 018a237e 2cae64cdcounter = 92p = fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669 455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7 6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb 83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7q = 9760508f 15230bcc b292b982 a2eb840b f0581cf5g = f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267 5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1 3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a |
RSA KeyPair Generation Algorithm
| Field | Description | |
|---|---|---|
| Names | RSA | |
| Type | KeyPairGenerator | |
| Description | This algorithm is the key pair generation algorithmdescribed inPKCS #1. | |
| Strength | Any integer that is a multiple of 8, greater thanor equal to 512. |
DSA Parameter Generation Algorithm
| Field | Description | |
|---|---|---|
| Names | DSA | |
| Type | ParameterGenerator | |
| Description | This algorithm is the parameter generationalgorithm described inNIST FIPS 186for DSA. | |
| Strength | The length, in bits, of the modulusp.This must range from 512 to 1024, and must be a multiple of 64. Thedefault size is 1024. |
This section defines the security algorithm requirements forJava SE 7 implementations. These requirements are intended toimprove the interoperability of Java SE 7 implementations andapplications that use these algorithms.
Note that the requirements in this section arenot ameasure of the strength or security of the algorithm. For example,recent advances in cryptanalysis have found weaknesses in thestrength of the MD5 MessageDigest algorithm. It is yourresponsibility to determine whether the algorithm meets thesecurity requirements of your application.
Every implementation of the Java SE 7 platform must support thespecified algorithms in the table that follows. These requirementsdo not apply to 3rd party providers. Consult the releasedocumentation for your implementation to see if any otheralgorithms are supported.
| Class | Algorithm Name(s) |
|---|---|
AlgorithmParameterGeneratorImplementations must support the key sizes in parentheses. | DiffieHellman (1024) DSA (1024) |
AlgorithmParameters | AES DES DESede DiffieHellman DSA |
CertificateFactory | X.509 |
CertPath Encodings | PKCS7 PkiPath |
CertPathBuilder | PKIX |
CertPathValidator | PKIX |
CertStore | Collection |
CipherThe algorithms are specified astransformations. Implementationsmust support the key sizes in parentheses. | AES/CBC/NoPadding (128) AES/CBC/PKCS5Padding (128) AES/ECB/NoPadding (128) AES/ECB/PKCS5Padding (128) DES/CBC/NoPadding (56) DES/CBC/PKCS5Padding (56) DES/ECB/NoPadding (56) DES/ECB/PKCS5Padding (56) DESede/CBC/NoPadding (168) DESede/CBC/PKCS5Padding (168) DESede/ECB/NoPadding (168) DESede/ECB/PKCS5Padding (168) RSA/ECB/PKCS1Padding (1024, 2048) RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048) RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048) |
Configuration[1] | |
KeyAgreement | DiffieHellman |
KeyFactory | DiffieHellman DSA RSA |
KeyGeneratorImplementations must support the key sizes in parentheses. | AES (128) DES (56) DESede (168) HmacSHA1 HmacSHA256 |
KeyPairGeneratorImplementations must support the key sizes in parentheses. | DiffieHellman (1024) DSA (1024) RSA (1024, 2048) |
KeyStore | PKCS12 |
Mac | HmacMD5 HmacSHA1 HmacSHA256 |
MessageDigest | MD5 SHA-1 SHA-256 |
Policy[1] | |
SecretKeyFactory | DES DESede |
SecureRandom[1] | |
Signature | SHA1withDSA SHA1withRSA SHA256withRSA |
SSLContext | TLSv1[2] |
[1] No specificConfigurationtype,Policy type orSecureRandomalgorithm is required; however, an implementation-specific defaultmust be provided.
[2] A TLSv1 implementation must support thecipher suite SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA as defined inRFC 2246 and thespecial signaling cipher suite TLS_EMPTY_RENEGOTIATION_INFO_SCSVfor safe renegotiation as defined inRFC 5746.
XML Signature Algorithms
Every implementation of the Java SE 7 platform must support thespecified XML Signature algorithms in the table that follows. Theserequirements do not apply to 3rd party providers. Consult therelease documentation for your implementation to see if any otheralgorithms are supported.
| Class | Algorithm Name(s) |
|---|---|
TransformService | http://www.w3.org/2001/10/xml-exc-c14n#(CanonicalizationMethod.EXCLUSIVE)http://www.w3.org/TR/2001/REC-xml-c14n-20010315( CanonicalizationMethod.INCLUSIVE)http://www.w3.org/2000/09/xmldsig#base64( Transform.BASE64)http://www.w3.org/2000/09/xmldsig#enveloped-signature( Transform.ENVELOPED) |
XMLSignatureFactory | DOM |