Appendix B. Standard Names—Java Cryptographic Services

Standard names are used as string literals to identify cryptographic algorithms and types in J2SE SDK Security APIs. These names are fully specified in the reference guides of the following APIs:

  1. Java Cryptography Architecture (JCA)

  2. Java Cryptography Extension (JCE)

  3. Java Certification Path API

These names are summarized here for quick reference. Keep the following in mind regarding these cryptographic services and names:

  • There are Java classes corresponding to each service with the same name.

  • Standard names are case insensitive. For example, PkiPath and PKIPATH refer to the same standard name.

  • A provider may define multiple aliases for the same name. For example DiffieHellman and DH may refer to the same algorithm name.

  • Not all algorithms specified are implemented in bundled providers. Example: RSA Cipher. You can get a list of all implemented algorithms and types, and their aliases, by running JSTK command: "crypttool listp –csinfo".

Table B-1 contains standard names for algorithms used by given cryptographic services.

Table B-1. Standard names for cryptographic algorithms
Cryptographic ServicesStandard NamesComment
MessageDigestMD2Defined in RFC 1319
 MD5Defined in RFC 1321
 SHA-1Defined in NIST FIPS 180-1
 SHA-256, SHA-384, SHA-512Defined in NIST FIPS 180-2
KeyPairGenerator,

KeyFactory,

AlgorithmParameterGenerator

AlgorithmParameters
DSADigital Signature algorithm defined in FIPS PUB 186
 RSARSA encryption algorithm defined in PKCS #1
 DiffieHellmanDefined in PKCS #3
AlgorithmParametersBlowfish, DES, DESede, PBE 
KeyGeneratorAES, Blowfish, DES, DESede, HmacMD5, HmacSHA1 
SecretKeyFactory
AES, DES, DESede, PBEWithdgstAndenc,
PBEWithprfAndenc
								

 
KeyAgreementDiffieHellman 
MacHmacMD5Defined in RFC 2104
 HmacSHA1Defined in RFC 2104
 PBEWithmacDefined in PKCS #5. mac is MAC algorithm.
SignatureMD2withRSADefined in PKCS #1
 MD5withRSADefined in PKCS #1
 SHA1withDSADefined in FIPS PUB 186
 SHA1withRSADefined in PKCS #1
 DgstWithencConvention for creating new names from digest and encryption algorithms.
 dgstWithencAndmgfConvention for names with Mask Generation Function.
SecureRandom (Random No. Generation)SHA1PRNGName of algorithm used by SUN provider.
CipherAESAdvanced Encryption Standard selected by NIST.
 BlowfishSymmetric encryption algorithm devised by Bruce Scheneir.
 DESDefined in FIPS PUB 46-2
 DESedeTriple DES
 
PBEWithdgstAndenc,
PBEWithprfAndenc
								

Convention to derive cipher algorithm name for Password Based Encryption
 RC2, RC4, RC5Encryption algorithms developed by Ron Rivest for RSA Data Security.
 RSADefined in PKCS #1
CertPathValidator, CertPathBuilderPKIXActual algorithm is as per the value of service attribute ValidationAlgorithm

Cipher service can take either an algorithm name or a transformation string of form “algorithm/mode/padding” as an input. Table B-2 lists the valid mode and padding values. Note that not all combinations of algorithm, mode and padding give valid transformation strings.

Table B-2. Standard names for Cipher transformation components
Transformation componentsValuesComment
ModeNONENo Mode.
 CBCCipher Block Chaining Mode.[1]
 CFBCipher Feedback Mode. [1]
 ECBElectronic Codebook Mode. [1]
 OFBOutput Feedback Mode. [1]
 PCBCPropagating Cipher Block Chaining Mode. Defined by Kerberos V4.
PaddingNoPadding 
 OAEPWithdgstAndmgfPaddingOptimal Asymmetric Encryption Padding scheme defined in PKCS #1, where dgst should be replaced by the message digest and mgf by the mask generation function. Example: OAEPWithMD5AndMGF1Padding
 PKCS5PaddingPadding scheme defined in PKCS #5.
 SSL3PaddingPadding scheme defined in SSL v3.

[1] Defined in FIPS PUB 81

Besides algorithms and Cipher transformation components, J2SE Security APIs use types for certain cryptographic services. These types are shown in Table B-3.

Table B-3. Standard names for service types
ServiceTypesComment
KeyStoreJKSProprietary implementation by SUN provider.
 JCEKSProprietary implementation by SunJCE provider.
 PKCS12Defined by PKCS #12
CertificateX.509Certificate type defined in X.509 standard.
CertStore CertPathLDAPLDAP schema defined by the value of service attribute LDAPSchema.
 CollectionCertificates and CRLs available in a Java Collection object.
CertPath encodingPKCS7Defined by PKCS #7.
 PkiPathASN.1 SEQUENCE OF Certificate.

Refer to the appropriate references for more information on the algorithms and types mentioned in these tables.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.19.217