Appendix B. Standard Names—Java Cryptographic Services
Standard names are used as string literals to identify cryptographic algorithms and types in J2SE SDK Security APIs. These names are fully specified in the reference guides of the following APIs:
Java Cryptography Architecture (JCA)
Java Cryptography Extension (JCE)
Java Certification Path API
These names are summarized here for quick reference. Keep the following in mind regarding these cryptographic services and names:
There are Java classes corresponding to each service with the same name.
Standard names are case insensitive. For example, PkiPath and PKIPATH refer to the same standard name.
A provider may define multiple aliases for the same name. For example DiffieHellman and DH may refer to the same algorithm name.
Not all algorithms specified are implemented in bundled providers. Example: RSA Cipher. You can get a list of all implemented algorithms and types, and their aliases, by running JSTK command: "crypttool listp –csinfo".
Table B-1 contains standard names for algorithms used by given cryptographic services.
| Cryptographic Services | Standard Names | Comment |
|---|---|---|
| MessageDigest | MD2 | Defined in RFC 1319 |
| MD5 | Defined in RFC 1321 | |
| SHA-1 | Defined in NIST FIPS 180-1 | |
| SHA-256, SHA-384, SHA-512 | Defined in NIST FIPS 180-2 | |
| KeyPairGenerator,
KeyFactory, AlgorithmParameterGenerator AlgorithmParameters | DSA | Digital Signature algorithm defined in FIPS PUB 186 |
| RSA | RSA encryption algorithm defined in PKCS #1 | |
| DiffieHellman | Defined in PKCS #3 | |
| AlgorithmParameters | Blowfish, DES, DESede, PBE | |
| KeyGenerator | AES, Blowfish, DES, DESede, HmacMD5, HmacSHA1 | |
| SecretKeyFactory |
AES, DES, DESede, PBEWithdgstAndenc, PBEWithprfAndenc | |
| KeyAgreement | DiffieHellman | |
| Mac | HmacMD5 | Defined in RFC 2104 |
| HmacSHA1 | Defined in RFC 2104 | |
| PBEWithmac | Defined in PKCS #5. mac is MAC algorithm. | |
| Signature | MD2withRSA | Defined in PKCS #1 |
| MD5withRSA | Defined in PKCS #1 | |
| SHA1withDSA | Defined in FIPS PUB 186 | |
| SHA1withRSA | Defined in PKCS #1 | |
| DgstWithenc | Convention for creating new names from digest and encryption algorithms. | |
| dgstWithencAndmgf | Convention for names with Mask Generation Function. | |
| SecureRandom (Random No. Generation) | SHA1PRNG | Name of algorithm used by SUN provider. |
| Cipher | AES | Advanced Encryption Standard selected by NIST. |
| Blowfish | Symmetric encryption algorithm devised by Bruce Scheneir. | |
| DES | Defined in FIPS PUB 46-2 | |
| DESede | Triple DES | |
PBEWithdgstAndenc, PBEWithprfAndenc | Convention to derive cipher algorithm name for Password Based Encryption | |
| RC2, RC4, RC5 | Encryption algorithms developed by Ron Rivest for RSA Data Security. | |
| RSA | Defined in PKCS #1 | |
| CertPathValidator, CertPathBuilder | PKIX | Actual algorithm is as per the value of service attribute ValidationAlgorithm |
Cipher service can take either an algorithm name or a transformation string of form “algorithm/mode/padding” as an input. Table B-2 lists the valid mode and padding values. Note that not all combinations of algorithm, mode and padding give valid transformation strings.
| Transformation components | Values | Comment |
|---|---|---|
| Mode | NONE | No Mode. |
| CBC | Cipher Block Chaining Mode.[1] | |
| CFB | Cipher Feedback Mode. [1] | |
| ECB | Electronic Codebook Mode. [1] | |
| OFB | Output Feedback Mode. [1] | |
| PCBC | Propagating Cipher Block Chaining Mode. Defined by Kerberos V4. | |
| Padding | NoPadding | |
| OAEPWithdgstAndmgfPadding | Optimal Asymmetric Encryption Padding scheme defined in PKCS #1, where dgst should be replaced by the message digest and mgf by the mask generation function. Example: OAEPWithMD5AndMGF1Padding | |
| PKCS5Padding | Padding scheme defined in PKCS #5. | |
| SSL3Padding | Padding scheme defined in SSL v3. |
[1] Defined in FIPS PUB 81
Besides algorithms and Cipher transformation components, J2SE Security APIs use types for certain cryptographic services. These types are shown in Table B-3.
| Service | Types | Comment |
|---|---|---|
| KeyStore | JKS | Proprietary implementation by SUN provider. |
| JCEKS | Proprietary implementation by SunJCE provider. | |
| PKCS12 | Defined by PKCS #12 | |
| Certificate | X.509 | Certificate type defined in X.509 standard. |
| CertStore CertPath | LDAP | LDAP schema defined by the value of service attribute LDAPSchema. |
| Collection | Certificates and CRLs available in a Java Collection object. | |
| CertPath encoding | PKCS7 | Defined by PKCS #7. |
| PkiPath | ASN.1 SEQUENCE OF Certificate. |
Refer to the appropriate references for more information on the algorithms and types mentioned in these tables.