Entrust/Toolkit for Java: Class IAIK

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.security.provider
Class IAIK

java.lang.Object
  |
  +--java.util.Dictionary
        |
        +--java.util.Hashtable
              |
              +--java.util.Properties
                    |
                    +--java.security.Provider
                          |
                          +--iaik.utils.ExtendedProvider
                                |
                                +--iaik.security.provider.IAIK

public final class IAIK
extends ExtendedProvider

This class represents the master class of the IAIK Security Package Provider (SPP) for the Java Security API.

The provider architecture has been introduced by the Java Cryptographic Architecture (JCA) making it possible for different cryptographic implementations to operate on common interfaces (consult the Java Cryptography Architecture API Specification & Reference).

For generally accessing and using provider-specific algorithm implementations, engine classes and factory methods are used. Engine classes provide interfaces to the functioanlity of a type of cryptographic algorithm, and factory methods are used for obtaining some specific implementation. To get, for instance, an object of the MessageDigest engine class, use the corresponding getInstance factory method:

 MessageDigest md = MessageDigest.getInstance("AlgorithmName", "ProviderName");

Specifying a particular provider is optionally (for using the IAIK provider, specify "IAIK"). If no provider is stated, all actual providers are searched until one is found that implements the desired algorithm, e.g.:

 MessageDigest md5 = MessageDigest.getInstance("MD5");

If none of the installed providers supports the requested algorithm, a NoSuchAlgorithmException is thrown.

The term provider is an abbreviation for Cryptographic Package Provider and denotes a package or a set of packages supplying a concrete implementation of a subset of the cryptography aspects of the Java Security API (see JCA). A JCA provider may realize implementations of digital signature, message digest, and key pair generation algorithms. If the JCA API is extended by a Java Cryptography Extension (JCE) API for supporting encryption and key exchange, a provider additionaly may implement encryption and key exchange algorithms.

This class represents the master class of the IAIK security package provider. It extends the java.security.Provider class for registering the IAIK provider specific security implementations within the Java security architecture. The IAIK provider supports both, algorithm implemetations for JCA, and for the JCE extension. Since IAIK-JCE is full compatible to JCE 1.2 final released by Sun, you will need JDK1.2 for using IAIK-JCE. If you want to use it with JDK1.1.x, you will also have to add jdk11x_update.jar to your CLASSPATH. jdk11x_update.jar is just an IAIK implementation of the required JDK 1.2 classes which are not available in JDK 1.1.x. jdk11x_update.jar is included in the IAIK-JCE distribution which may be downloaded at http://jcewww.iaik.tu-graz.ac.at/download.html. This IAIK provider master class automatically checks if the required JDK1.2 classes are included in your classpath and will trigger a RuntimeException if the check fails.

Note that depending on which IAIK JCE JAR file you are using not all algorithms may be available because of legal issues. In particular RSA, RC4, and IDEA are not included in the default distribution. If you want to use those algorithms as well you need to download the full version of the JAR file, see the download page, but make sure you have understood the related legal and patent issues.

The following table lists the names - case sensitive (!) - of several algorithms supported by the IAIK provider. The table is devided into two parts. The first part contains the JCA related implementations, and the second part lists the JCE algorithms. For each algorithm, the corresponding specification and all registered aliases are reported.

JCA implementations

Message Digest Algorithms
MessageDigest md = MessageDigest.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

Md2 (Message Digest 2) RSA Data Security, Inc.愀 MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value -

Md5 (Message Digest 5) RSA Data Security, Inc.愀 MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value -

SHA-1 (Secure Hash Algorithm) SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 128-bit hash value SHA

RipeMd128 (RACE Integrity Primitives Evaluation Message Digest 128) 128-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3. -

RipeMd160 (RACE Integrity Primitives Evaluation Message Digest 160) 160-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) ; specified in ISO/IEC 10118-3. -

Digital Signature Algorithms
Signature sig = Signature.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RawDSA (Raw Digital Signature Algorithm) "Raw" (input has to be already hashed with SHA-1) DSA signature algorithm as specified in FIPS PUB 186 -

DSA (Digital Signature Algorithm) DSS (DSA with SHA-1) signature algorithm as specified in FIPS PUB 186 SHA/DSA, SHA-1/DSA, DSS, SHAwithDSA, SHA1withDSA, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.3.14.3.2.29, 1.2.840.10040.4.3

SSL/RSA (SSL with RSA encryption) RSA based signature algorithm using the SHA and MD5 hash algorithms for message digest computation as specified by the Secure Sockets Layer (SSL v3.0) protocol; in accordance to PKCS#1 -

MD2/RSA (MD2 with RSA encryption) RSA based signature algorithm using the MD2 algorithm for message digest computation as specified in PKCS#1 1.2.840.113549.1.1.2

MD5/RSA (MD5 with RSA encryption) RSA based signature algorithm using the MD5 algorithm for message digest computation as specified in PKCS#1 MD5WithRSA, 1.2.840.113549.1.1.4

SHA/RSA (SHA with RSA encryption) RSA based signature algorithm using the Secure Hash Algorithm (SHA) for message digest computation; in accordance to PKCS#1 SHA-1/RSA, 1.3.14.3.2.29, 1.2.840.113549.1.1.5

ECDSA (Elliptic Curve Digital Signature Algorithm) A variant of NIST's Digital Signature Algorithm (DSA) using elliptic curve cryptography; focused by the ANSI X9.62 draft standard -

Key Pair Generators
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RSA (RSA key pair generator) Key pair generation method for RSA encryption as described in PKCS#1 -

DSA (DSA key pair generator) Key pair generation method for the DSA algorithm as described in FIPS PUB 186 1.3.14.3.2.12, 1.2.840.10040.4.1

DH (Diffie Hellman key pair generator) Key pair generation method for Diffie Hellman key exchange as described in PKCS#3 DiffieHellman

ECDSA (Elliptic Curve Digital Signature Algorithm key pair generator) Key pair generation method for for the ECDSA digital signature algorithm which is focused by the ANSI X9.62 draft standard -

Key Factories
KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

RSA (RSA key factory) Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1 -

DSA (DSA key factory) Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186 1.3.14.3.2.12, 1.2.840.10040.4.1

DH (Diffie Hellman key factory) Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3 DiffieHellman

Key Stores
KeyStore keyStore = KeyStore.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

IAIKKeyStore (IAIKKeyStore) The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 second draft, December 10, 1998 KeyStore

Algorithm Parameter Generators
AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman parameter generator) Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange which is described in PKCS#3 DiffieHellman

PBE (PBE parameter generator) Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS#5 / PKCS#12 -

Algorithm Parameters
AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman parameters) Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3 DiffieHellman

PBE (PBE parameters) Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS#5 / PKCS#12 -

Certificate Factories
X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

X.509 (X.509 certificate factory) Certifcate factory for generating X.509 certificates and CRLs (as specified in the PKIX internet draft draft-ietf-pkix-ipki-part1-9.txt) from their encodings -

JCA implementations
Message Digest Algorithms MessageDigest md = MessageDigest.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`Md2` (Message Digest 2)	RSA Data Security, Inc.愀 MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value	-
`Md5` (Message Digest 5)	RSA Data Security, Inc.愀 MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value	-
`SHA-1` (Secure Hash Algorithm)	SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 128-bit hash value	SHA
`RipeMd128` (RACE Integrity Primitives Evaluation Message Digest 128)	128-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992); specified in ISO/IEC 10118-3.	-
`RipeMd160` (RACE Integrity Primitives Evaluation Message Digest 160)	160-bit hash value producing message digest algorithm; developed in the framework of the EU project RIPE (RACE Integrity Primitives Evaluation, 1988-1992) ; specified in ISO/IEC 10118-3.	-
Digital Signature Algorithms Signature sig = Signature.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RawDSA` (Raw Digital Signature Algorithm)	"Raw" (input has to be already hashed with SHA-1) DSA signature algorithm as specified in FIPS PUB 186	-
`DSA` (Digital Signature Algorithm)	DSS (DSA with SHA-1) signature algorithm as specified in FIPS PUB 186	SHA/DSA, SHA-1/DSA, DSS, SHAwithDSA, SHA1withDSA, 1.3.14.3.2.13, 1.3.14.3.2.27, 1.3.14.3.2.29, 1.2.840.10040.4.3
`SSL/RSA` (SSL with RSA encryption)	RSA based signature algorithm using the SHA and MD5 hash algorithms for message digest computation as specified by the Secure Sockets Layer (SSL v3.0) protocol; in accordance to PKCS#1	-
`MD2/RSA` (MD2 with RSA encryption)	RSA based signature algorithm using the MD2 algorithm for message digest computation as specified in PKCS#1	1.2.840.113549.1.1.2
`MD5/RSA` (MD5 with RSA encryption)	RSA based signature algorithm using the MD5 algorithm for message digest computation as specified in PKCS#1	MD5WithRSA, 1.2.840.113549.1.1.4
`SHA/RSA` (SHA with RSA encryption)	RSA based signature algorithm using the Secure Hash Algorithm (SHA) for message digest computation; in accordance to PKCS#1	SHA-1/RSA, 1.3.14.3.2.29, 1.2.840.113549.1.1.5
`ECDSA` (Elliptic Curve Digital Signature Algorithm)	A variant of NIST's Digital Signature Algorithm (DSA) using elliptic curve cryptography; focused by the ANSI X9.62 draft standard	-
Key Pair Generators KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RSA` (RSA key pair generator)	Key pair generation method for RSA encryption as described in PKCS#1	-
`DSA` (DSA key pair generator)	Key pair generation method for the DSA algorithm as described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
`DH` (Diffie Hellman key pair generator)	Key pair generation method for Diffie Hellman key exchange as described in PKCS#3	DiffieHellman
`ECDSA` (Elliptic Curve Digital Signature Algorithm key pair generator)	Key pair generation method for for the ECDSA digital signature algorithm which is focused by the ANSI X9.62 draft standard	-
Key Factories KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`RSA` (RSA key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for RSA encryption which is described in PKCS#1	-
`DSA` (DSA key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
`DH` (Diffie Hellman key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
Key Stores KeyStore keyStore = KeyStore.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`IAIKKeyStore` (IAIKKeyStore)	The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 second draft, December 10, 1998	KeyStore
Algorithm Parameter Generators AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman parameter generator)	Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
`PBE` (PBE parameter generator)	Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS#5 / PKCS#12	-
Algorithm Parameters AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman parameters)	Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
`PBE` (PBE parameters)	Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS#5 / PKCS#12	-
Certificate Factories X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`X.509` (X.509 certificate factory)	Certifcate factory for generating X.509 certificates and CRLs (as specified in the PKIX internet draft draft-ietf-pkix-ipki-part1-9.txt) from their encodings	-

JCE implementations

Ciphers*
Cipher cipher = Cipher.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DES (Data Encryption Standard) Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (Triple DES) A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on two or three keys 3DES

IDEA (International Data Encryption Algorithm) Symmetric 64-bit block encryption algorithm, patented by Ascom Systec Ltd. -

Blowfish (Blowfish) 64-bit block cipher with variable length keys (up to 448 bits); developed by Bruce Schneier -

GOST (Gosudarstvennyi Standard) Russian 64 bit Feistel based block cipher with a key length of 256 bits; described in the goverment standard GOST 28147-89 -

CAST128 (Carlisle Adams and Stafford Tavares) 64 bit Feistel type block cipher with a key length of 40-128 bits CAST, CAST5

RC2 (Ron愀 Code 2; Rivest Cipher 2) Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; the IAIK-JCE implementation is based on code which has been posted to the sci.crypt News Group -

RC4 (Ron愀 Code 4; Rivest Cipher 4) Variable-key-size 64-Bit stream cipher; developed by Ron Rivest for RSA Data Security, Inc.; the IAIK-JCE implementation is based on code which has been posted to the sci.crypt News Group -

RC5 (Ron愀 Code 5; Rivest Cipher 5) Variable-key-size 64-Bit block cipher with variable number of rounds; developed by Ron Rivest for RSA Data Security, Inc. The algorithm is patented, for licensing conditions contact RSA DSI. -

RSA (Rivest Shamir Adleman) Public key encryption algorithm, developed by Ron Rivest, Adi Shamir and Leonard Adleman; described in PKCS#1 -

PbeWithMD5AndDES_CBC (password based "MD5 with DES-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS#5 PBEWithMD5AndDES

PbeWithSHAAnd3_KeyTripleDES_CBC (password based "SHA with TripleDES-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12 -

PbeWithSHAAnd40BitRC2_CBC (password based "SHA with 40BitRC2-CBC" algorithm) Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12 -

Secret Key Factories
SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DES (DES Key Factory) Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (DES Key Factory) Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

PBE (Password Based Encryption Key Factory) Password Based Encryption according to PKCS#5 PKCS#5

PKCS#12 (Password Based Encryption Key Factory) Password Based Encryption according to PKCS#12 -

Key Exchange Algorithms
KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DH (Diffie Hellman Key Agreement) DH key exchange protocol as described in PKCS#3 DiffieHellman

Message Authentiaction Codes
MAC mac = MAC.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

HMAC/MD5 (HMAC with MD5) Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm HmacMD5

HMAC/SHA (HMAC with SHA) Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm HmacSHA1

Key Generators
KeyGenerator keyGen = KeyGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");

Standard Name Specification Aliases

DES (DES key generator) Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2 -

DESede (Triple DES key generator) Key generation method for the TripleDES cipher 3DES

IDEA (IDEA key generator) Key generation method for the IDEA cipher which is patented by Ascom Systec Ltd. -

Blowfish (Blowfish key generator) Key generation method for the Blowfish 64-bit block cipher; developed by Bruce Schneier -

GOST (GOST key generator) Key generation method for the GOST 64-bit block cipher. -

CAST128 (CAST128 key generator) Key generation method for the CAST128 64 bit Feistel type block cipher CAST, CAST5

RC2 (RC2 key generator) Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc. -

RC4 (RC4 key generator) Key generation method for the RC4 stream cipher which has developed by Ron Rivest for RSA Data Security, Inc. -

RC5 (RC5 key generator) Key generation method for the RC5 block cipher. -

PKCS#12 (PKCS#12 key generator) Key generation method for for deriving PKCS#12 secret keys from password, salt and iteration count. count -

PKCS12-IV (PKCS#12 Iv generator) Key generation method for for deriving PKCS#12 initialization vectors from password, salt and iteration count. count -

PKCS12-MAC (PKCS#12 MAC-Key generator) Key generation method for for deriving PKCS#12 MAC-keys from password, salt and an iteration count. count -

PBKDF2 (password based key derivation function 2) Key generation method for for deriving PKCS#5-2 keys from password, salt and an iteration count; specified by the PKCS#5-Version-2.0-second draft, December 1998) -

JCE implementations
Ciphers* Cipher cipher = Cipher.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DES` (Data Encryption Standard)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (Triple DES)	A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on two or three keys	3DES
`IDEA` (International Data Encryption Algorithm)	Symmetric 64-bit block encryption algorithm, patented by Ascom Systec Ltd.	-
`Blowfish` (Blowfish)	64-bit block cipher with variable length keys (up to 448 bits); developed by Bruce Schneier	-
`GOST` (Gosudarstvennyi Standard)	Russian 64 bit Feistel based block cipher with a key length of 256 bits; described in the goverment standard GOST 28147-89	-
`CAST128` (Carlisle Adams and Stafford Tavares)	64 bit Feistel type block cipher with a key length of 40-128 bits	CAST, CAST5
`RC2` (Ron愀 Code 2; Rivest Cipher 2)	Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; the IAIK-JCE implementation is based on code which has been posted to the sci.crypt News Group	-
`RC4` (Ron愀 Code 4; Rivest Cipher 4)	Variable-key-size 64-Bit stream cipher; developed by Ron Rivest for RSA Data Security, Inc.; the IAIK-JCE implementation is based on code which has been posted to the sci.crypt News Group	-
`RC5` (Ron愀 Code 5; Rivest Cipher 5)	Variable-key-size 64-Bit block cipher with variable number of rounds; developed by Ron Rivest for RSA Data Security, Inc. The algorithm is patented, for licensing conditions contact RSA DSI.	-
`RSA` (Rivest Shamir Adleman)	Public key encryption algorithm, developed by Ron Rivest, Adi Shamir and Leonard Adleman; described in PKCS#1	-
`PbeWithMD5AndDES_CBC` (password based "MD5 with DES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS#5	PBEWithMD5AndDES
`PbeWithSHAAnd3_KeyTripleDES_CBC` (password based "SHA with TripleDES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
`PbeWithSHAAnd40BitRC2_CBC` (password based "SHA with 40BitRC2-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
Secret Key Factories SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DES` (DES Key Factory)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (DES Key Factory)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`PBE` (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS#5	PKCS#5
`PKCS#12` (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS#12	-
Key Exchange Algorithms KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DH` (Diffie Hellman Key Agreement)	DH key exchange protocol as described in PKCS#3	DiffieHellman
Message Authentiaction Codes MAC mac = MAC.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`HMAC/MD5` (HMAC with MD5)	Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm	HmacMD5
`HMAC/SHA` (HMAC with SHA)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm	HmacSHA1
Key Generators KeyGenerator keyGen = KeyGenerator.getInstance(<Standard Name> \| <Alias>, "IAIK");
Standard Name	Specification	Aliases
`DES` (DES key generator)	Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
`DESede` (Triple DES key generator)	Key generation method for the TripleDES cipher	3DES
`IDEA` (IDEA key generator)	Key generation method for the IDEA cipher which is patented by Ascom Systec Ltd.	-
`Blowfish` (Blowfish key generator)	Key generation method for the Blowfish 64-bit block cipher; developed by Bruce Schneier	-
`GOST` (GOST key generator)	Key generation method for the GOST 64-bit block cipher.	-
`CAST128` (CAST128 key generator)	Key generation method for the CAST128 64 bit Feistel type block cipher	CAST, CAST5
`RC2` (RC2 key generator)	Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc.	-
`RC4` (RC4 key generator)	Key generation method for the RC4 stream cipher which has developed by Ron Rivest for RSA Data Security, Inc.	-
`RC5` (RC5 key generator)	Key generation method for the RC5 block cipher.	-
`PKCS#12` (PKCS#12 key generator)	Key generation method for for deriving PKCS#12 secret keys from password, salt and iteration count. count	-
`PKCS12-IV` (PKCS#12 Iv generator)	Key generation method for for deriving PKCS#12 initialization vectors from password, salt and iteration count. count	-
`PKCS12-MAC` (PKCS#12 MAC-Key generator)	Key generation method for for deriving PKCS#12 MAC-keys from password, salt and an iteration count. count	-
`PBKDF2` (password based key derivation function 2)	Key generation method for for deriving PKCS#5-2 keys from password, salt and an iteration count; specified by the PKCS#5-Version-2.0-second draft, December 1998)	-

*) The IAIK provider supports the following cipher modes and padding schemes:

General Usage:

   Cipher cipher = Cipher.getInstance("Cipher/Operation Mode/Padding Scheme");

for instance:

 Cipher des = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
 

 Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding", "IAIK");

Cipher Modes (default: ECB)

Name Specification

ECB (Electronic Code Book) "DES MODES OF OPERATION", NIST FIPS PUB 81

CBC (Cipher Block Chaining) "DES MODES OF OPERATION", NIST FIPS PUB 81

PCBC (Propagated Cipher Block Chaining) defined by Kerberos

CFB (Cipher FeedBack) "DES MODES OF OPERATION", NIST FIPS PUB 81

OFB (Output FeedBack) "DES MODES OF OPERATION", NIST FIPS PUB 81

0 (only for RSA ciphers) block type 00 for RSA encryption, as specified by PKCS#1

1 (only for RSA ciphers) block type 01 for RSA encryption, as specified by PKCS#1

2 (only for RSA ciphers) block type 02 for RSA encryption, as specified by PKCS#1

Padding Schemes (default: NoPadding)

Name Specification

PKCS5Padding (PKCS#5 Padding) padding scheme as described in specified by PKCS#5

SSL3Padding padding scheme as described in the Secure Sockets Layer SSL v3.0 specification

PKCS1Padding (only for RSA ciphers) padding scheme as specified by PKCS#1

Additionally, the IAIK provider supports a great variety of ASN.1 data structures and X.509 certificate (CRL) extensions.

See Also:: Serialized Form

Field Summary

static double version
          Version number of the IAIK JCE.

Fields inherited from class java.util.Properties

defaults

Constructor Summary

IAIK()
          This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Summary

static void addAsProvider()
          Static method which installs the SecurityProvider IAIK.

static void addAsProvider(boolean printStatusInfo)
          Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.

static MessageDigest getMd5()
          Return a new implementation of the Md5 message digest.

static boolean getUseOldMd5()
          Check whether the old or the new implementation of the Md5 algorithm is active.

static void setUseOldMd5(boolean useOldMd5)
          Set whether to use the old or the new implementation of the Md5 algorithm.

Methods inherited from class iaik.utils.ExtendedProvider

isAvailable, puta, putc, putc

Methods inherited from class java.security.Provider

clear, entrySet, getInfo, getName, getVersion, keySet, load, put, putAll, remove, toString, values

Methods inherited from class java.util.Properties

getProperty, getProperty, list, list, propertyNames, save, setProperty, store

Methods inherited from class java.util.Hashtable

clone, contains, containsKey, containsValue, elements, equals, get, hashCode, isEmpty, keys, rehash, size

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

version

public static final double version

Version number of the IAIK JCE. Currently 2.591 for 2.6beta1.

Constructor Detail

IAIK

public IAIK()

This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Detail

addAsProvider

public static void addAsProvider()

Static method which installs the SecurityProvider IAIK.

addAsProvider

public static void addAsProvider(boolean printStatusInfo)

Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.

Parameters:: printStatusInfo - prints some status information and system properties

setUseOldMd5

public static void setUseOldMd5(boolean useOldMd5)

Set whether to use the old or the new implementation of the Md5 algorithm. The new implementation is about twice as fast, but crashes on some older JIT compilers. Therefore, set this to true only if Md5 crashes or hangs on your VM. This flag will only affect IAIK instances created after this call is made.

The current default is to use the OLD version to be compatible with all systems.

getUseOldMd5

public static boolean getUseOldMd5()

Check whether the old or the new implementation of the Md5 algorithm is active.

getMd5

public static MessageDigest getMd5()

Return a new implementation of the Md5 message digest. It will be either the new or the old implementation depending on the setting of the useOldMd5 flag. Applications should not use this method, it is for internal library use only, use MessageDigest.getInstance() instead.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Cipher Modes (default: ECB)
Name	Specification
ECB (Electronic Code Book)	"DES MODES OF OPERATION", NIST FIPS PUB 81
CBC (Cipher Block Chaining)	"DES MODES OF OPERATION", NIST FIPS PUB 81
PCBC (Propagated Cipher Block Chaining)	defined by Kerberos
CFB (Cipher FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
OFB (Output FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
0 (only for RSA ciphers)	block type 00 for RSA encryption, as specified by PKCS#1
1 (only for RSA ciphers)	block type 01 for RSA encryption, as specified by PKCS#1
2 (only for RSA ciphers)	block type 02 for RSA encryption, as specified by PKCS#1
Padding Schemes (default: NoPadding)
Name	Specification
PKCS5Padding (PKCS#5 Padding)	padding scheme as described in specified by PKCS#5
SSL3Padding	padding scheme as described in the Secure Sockets Layer SSL v3.0 specification
PKCS1Padding (only for RSA ciphers)	padding scheme as specified by PKCS#1

Field Summary
`static double`	`version` Version number of the IAIK JCE.

Constructor Summary
`IAIK()` This is the default constructor which registers the implemented algorithms to the Java Security API.

Method Summary
`static void`	`addAsProvider()` Static method which installs the SecurityProvider IAIK.
`static void`	`addAsProvider(boolean printStatusInfo)` Static method which installs the SecurityProvider IAIK and prints some system properties if desiered.
`static MessageDigest`	`getMd5()` Return a new implementation of the Md5 message digest.
`static boolean`	`getUseOldMd5()` Check whether the old or the new implementation of the Md5 algorithm is active.
`static void`	`setUseOldMd5(boolean useOldMd5)` Set whether to use the old or the new implementation of the Md5 algorithm.

iaik.security.provider Class IAIK

version

IAIK

addAsProvider

addAsProvider

setUseOldMd5

getUseOldMd5

getMd5

iaik.security.provider
Class IAIK