Java ™ Cryptography Architecture
Sun Providers Documentation

for JavaTM Platform Standard Edition 6


Introduction
The SunPKCS11 Provider
The SUN Provider
The SunRsaSign Provider
The SunJSSE Provider
The SunJCE Provider
The SunJGSS Provider
The SunSASL Provider
The XMLDSig Provider
The SunPCSC Provider
The SunMSCAPI Provider


Note: The Standard Names Documentation contains more information about the standard names used in this document.


Introduction

The Java platform defines a set of APIs spanning major security areas, including cryptography, public key infrastructure, authentication, secure communication, and access control. These APIs allow developers to easily integrate security mechanisms into their application code. The Java Cryptography Architecture (JCA) and its Provider Architecture is a core concept of the Java Development Kit (JDK). It is assumed readers have an solid understanding of this architecture.

This document describes the technical details of the providers shipped as part of Sun's Java Environment.


Reminder: Cryptographic implementations in the Sun JDK are distributed through several different providers ("Sun", "SunJSSE", "SunJCE", "SunRsaSign") for both historical reasons and by the types of services provided. General purpose applications SHOULD NOT request cryptographic services from specific providers. That is:

    getInstance("...", "SunJCE");  // not recommended
	vs.
    getInstance("...");            // recommended

Otherwise, applications are tied to specific providers which may not be available on other Java implementations. They also might not be able to take advantage of available optimized providers (for example, hardware accelerators via PKCS11 or native OS implementations such as Microsoft's MSCAPI) that have a higher preference order than the specific requested provider.


The SunPKCS11 Provider

The Cryptographic Token Interface Standard ( PKCS#11) provides native programming interfaces to cryptographic mechanisms, such as hardware cryptographic accelerators and Smart Cards. When properly configured, the SunPKCS11 provider enables applications to use the standard JCA/JCE APIs to access native PKCS#11 libraries. The SunPKCS11 provider itself does not contain cryptographic functionality, it is simply a conduit between the Java environment and the native PKCS11 providers. The Java PKCS#11 Reference Guide has a much more detailed treatment of this provider.

The SUN Provider

JDK 1.1 introduced the Provider architecture. The first JDK provider was named SUN, and contained two types of cryptographic services (MessageDigests and Signatures). In later releases, other mechanisms were added (SecureRandom number generators, KeyPairGenerators, KeyFactorys, etc.).

United States export regulations in effect at the time placed significant restrictions on the type of cryptographic functionality that could be made available internationally in the JDK. For this reason, the SUN provider has historically contained cryptographic engines that did not directly encrypt or decrypt data.

The following algorithms are available in the SUN provider:

Engine Algorithm Name(s)
AlgorithmParameterGenerator DSA
AlgorithmParameters DSA
CertificateFactory X.509
CertPathBuilder PKIX
CertPathValidator PKIX
CertStore Collection
LDAP
Configuration JavaLoginConfig
KeyFactory DSA
KeyPairGenerator DSA
KeyStore JKS
MessageDigest MD2
MD5
SHA-1
SHA-256
SHA-384
SHA-512
Policy JavaPolicy
SecureRandom SHA1PRNG
Signature NONEwithDSA
SHA1withDSA

Keysize Restrictions

The SUN provider uses the following default keysizes (in bits) and enforce the following restrictions:

KeyPairGenerator

Alg. Name Default Keysize Restrictions/Comments
DSA 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).

AlgorithmParameterGenerator

Alg. Name Default Keysize Restrictions/Comments
DSA 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).

CertificateFactory/CertPathBuilder/ CertPathValidator/CertStore implementations

Additional details on the SUN provider implementations for CertificateFactory, CertPathBuilder, CertPathValidator and CertStore are documented in Appendix B of the PKI Programmer's Guide.

The SunRsaSign Provider

The SunRsaSign provider was introduced in JDK 1.3 as an enhanced replacement for the RSA signatures in the SunJSSE provider.

The following algorithms are available in the SunRsaSign provider:

Engine Algorithm Name(s)
KeyFactory RSA
KeyPairGenerator RSA
Signature MD2withRSA
MD5withRSA
SHA1withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA

Keysize Restrictions

The SunRsaSign provider uses the following default keysizes (in bits) and enforce the following restrictions:

KeyPairGenerator

Alg. Name Default Keysize Restrictions/Comments
RSA 1024 Keysize must range between 512 and 65536 bits, the former of which is unnecessarily large.

The SunJSSE Provider

The Java Secure Socket Extension (JSSE) was originally released as a separate "Optional Package" (also briefly known as a "Standard Extension"), and was available for JDK 1.2.x and 1.3.x. The SunJSSE provider was introduced as part of this release.

In earlier JDK releases, there were no RSA signature providers available in the JDK, therefore SunJSSE had to provide its own RSA implementation in order to use commonly available RSA-based certificates. JDK 5 introduced the SunRsaSign provider, which provides all the functionality (and more) of the SunJSSE provider. Applications targeted at JDK 5.0 and higher should request instances of the SunRsaSign provider instead. For backwards-compatibility, the RSA algorithms are still available through this provider, but are actually implemented in the SunRsaSign provider.

The following algorithms are available in the SunJSSE provider:

Engine Algorithm Name(s)
KeyFactory RSA
KeyManagerFactory SunX509
KeyPairGenerator RSA
KeyStore PKCS12
Signature MD2withRSA
MD5withRSA
SHA1withRSA
SSLContext SSLv3
TLSv1
TrustManagerFactory PKIX

The SunJSSE also supports the following protocol parameters:

Protocol
SSLv3
TLSv1
SSLv2Hello

SunJSSE supports a large number of ciphersuites. The table below shows the ciphersuites supported by SunJSSE in their default preference order and the release in which they were introduced.

Cipher Suite Supported In Releases
<1.4.2 1.4.2 J2SE 5 Java SE 6
SSL_RSA_WITH_RC4_128_MD5 X X X X
SSL_RSA_WITH_RC4_128_SHA X X X X
TLS_RSA_WITH_AES_128_CBC_SHA  X X X
TLS_RSA_WITH_AES_256_CBC_SHA  X X X
TLS_ECDH_ECDSA_WITH_RC4_128_SHA    X
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    X
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    X
TLS_ECDH_RSA_WITH_RC4_128_SHA    X
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA    X
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA    X
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA    X
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    X
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    X
TLS_ECDHE_RSA_WITH_RC4_128_SHA    X
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA    X
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA    X
TLS_DHE_RSA_WITH_AES_128_CBC_SHA  X X X
TLS_DHE_RSA_WITH_AES_256_CBC_SHA  X X X
TLS_DHE_DSS_WITH_AES_128_CBC_SHA  X X X
TLS_DHE_DSS_WITH_AES_256_CBC_SHA  X X X
SSL_RSA_WITH_3DES_EDE_CBC_SHA X X X X
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    X
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA    X
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    X
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    X
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA  X X X
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA X X X X
SSL_RSA_WITH_DES_CBC_SHA X X X X
SSL_DHE_RSA_WITH_DES_CBC_SHA  X X X
SSL_DHE_DSS_WITH_DES_CBC_SHA X X X X
SSL_RSA_EXPORT_WITH_RC4_40_MD5 X X X X
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA  X X X
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  X X X
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA X X X X
SSL_RSA_WITH_NULL_MD5 X X X X
SSL_RSA_WITH_NULL_SHA X X X X
TLS_ECDH_ECDSA_WITH_NULL_SHA    X
TLS_ECDH_RSA_WITH_NULL_SHA    X
TLS_ECDHE_ECDSA_WITH_NULL_SHA    X
TLS_ECDHE_RSA_WITH_NULL_SHA    X
SSL_DH_anon_WITH_RC4_128_MD5 X X X X
TLS_DH_anon_WITH_AES_128_CBC_SHA  X X X
TLS_DH_anon_WITH_AES_256_CBC_SHA  X X X
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA X X X X
SSL_DH_anon_WITH_DES_CBC_SHA X X X X
TLS_ECDH_anon_WITH_RC4_128_SHA    X
TLS_ECDH_anon_WITH_AES_128_CBC_SHA    X
TLS_ECDH_anon_WITH_AES_256_CBC_SHA    X
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    X
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 X X X X
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA X X X X
TLS_ECDH_anon_WITH_NULL_SHA    X
TLS_KRB5_WITH_RC4_128_SHA   X X
TLS_KRB5_WITH_RC4_128_MD5   X X
TLS_KRB5_WITH_3DES_EDE_CBC_SHA   X X
TLS_KRB5_WITH_3DES_EDE_CBC_MD5   X X
TLS_KRB5_WITH_DES_CBC_SHA   X X
TLS_KRB5_WITH_DES_CBC_MD5   X X
TLS_KRB5_EXPORT_WITH_RC4_40_SHA   X X
TLS_KRB5_EXPORT_WITH_RC4_40_MD5   X X
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA   X X
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5   X X

Ciphersuites that use AES_256 requires installation of the JCE Unlimited Strength Jurisdiction Policy Files. See Java SE Download Page.

Ciphersuites that use Elliptic Curve Cryptography (ECDSA, ECDH, ECDHE, ECDH_anon) require that a JCE crypto provider with the following properties be installed:

The SunJCE Provider

As described briefly in The SUN Provider, US export regulations at the time restricted the type of cryptographic functionality that could be made available in the JDK. A separate API and reference implementation was developed that allowed applications to encrypt/decrypt data. The Java Cryptographic Extension (JCE) was released as a separate "Optional Package" (also briefly known as a "Standard Extension"), and was available for JDK 1.2.x and 1.3.x. During the development of JDK 1.4, regulations were relaxed enough that JCE (and SunJSSE) could be bundled as part of the JDK.

The following algorithms are available in the SunJCE provider:

Engine Algorithm Name(s)
AlgorithmParameterGenerator DiffieHellman
AlgorithmParameters AES
Blowfish
DES
DESede
DiffieHellman
OAEP
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
RC2
Cipher
Alg. Name Modes Paddings
AES ECB, CBC, PCBC, CTR, CTS, CFB, CFB8..CFB128, OFB, OFB8..OFB128 NOPADDING, PKCS5PADDING, ISO10126PADDING
AESWrap ECB NOPADDING
ARCFOUR ECB NOPADDING
Blowfish, DES, DESede, RC2 ECB, CBC, PCBC, CTR, CTS, CFB, CFB8..CFB64, OFB, OFB8..OFB64 NOPADDING, PKCS5PADDING, ISO10126PADDING
DESedeWrap CBC NOPADDING
PBEWithMD5AndDES, PBEWithMD5AndTripleDES1 PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40 CBC PKCS5Padding
RSA ECB NOPADDING, PKCS1PADDING, OAEPWITHMD5ANDMGF1PADDING, OAEPWITHSHA1ANDMGF1PADDING, OAEPWITHSHA-1ANDMGF1PADDING, OAEPWITHSHA-256ANDMGF1PADDING, OAEPWITHSHA-384ANDMGF1PADDING, OAEPWITHSHA-512ANDMGF1PADDING

Footnote 1: PBEWithMD5AndTripleDES is a proprietary algorithm that has not been standardized.

KeyAgreement DiffieHellman
KeyFactory DiffieHellman
KeyGenerator AES
ARCFOUR
Blowfish
DES
DESede
HmacMD5
HmacSHA1
HmacSHA256
HmacSHA384
HmacSHA512
RC2
KeyPairGenerator DiffieHellman
KeyStore JCEKS
Mac HmacMD5
HmacSHA1
HmacSHA256
HmacSHA384
HmacSHA512
SecretKeyFactory DES
DESede
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
PBKDF2WithHmacSHA1

Keysize Restrictions

The SunJCE provider uses the following default keysizes (in bits) and enforce the following restrictions:

KeyGenerator

Alg. Name Default Keysize Restrictions/Comments
AES 128 Keysize must be equal to 128, 192, or 256.
ARCFOUR (RC4) 128 Keysize must range between 40 and 1024 (inclusive).
Blowfish 128 Keysize must be a multiple of 8, ranging from 32 to 448 (inclusive).
DES 56 Keysize must be equal to 56.
DESede (Triple DES) 168 Keysize must be equal to 112 or 168.

A keysize of 112 will generate a Triple DES key with 2 intermediate keys, and a keysize of 168 will generate a Triple DES key with 3 intermediate keys.

Due to the "Meet-In-The-Middle" problem, even though 112 or 168 bits of key material are used, the effective keysize is 80 or 112 bits respectively.

HmacMD5 512 No keysize restriction.
HmacSHA1 512 No keysize restriction.
HmacSHA256 256 No keysize restriction.
HmacSHA384 384 No keysize restriction.
HmacSHA512 512 No keysize restriction.
RC2 128 Keysize must range between 40 and 1024 (inclusive).

NOTE: The various Password-Based Encryption (PBE) algorithms use various algorithms to generate key data, and ultimately depends on the targeted Cipher algorithm. For example, "PBEWithMD5AndDES" will always generate 56-bit keys.

KeyPairGenerator

Alg. Name Default Keysize Restrictions/Comments
Diffie-Hellman (DH) 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).

AlgorithmParameterGenerator

Alg. Name Default Keysize Restrictions/Comments
Diffie-Hellman (DH) 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
DSA 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).

The SunJGSS Provider

The following algorithms are available in the SunJGSS provider:

OID Name
1.2.840.113554.1.2.2 Kerberos v5
1.3.6.1.5.5.2 SPNEGO

The SunSASL Provider

The following algorithms are available in the SunSASL provider:

Engine Algorithm Name(s)
SaslClient CRAM-MD5
DIGEST-MD5
EXTERNAL
GSSAPI
PLAIN
SaslServer CRAM-MD5
DIGEST-MD5
GSSAPI

The XMLDSig Provider

The following algorithms are available in the XMLDSig provider:

Engine Algorithm Name(s)
KeyInfoFactory DOM
TransformService http://www.w3.org/TR/2001/REC-xml-c14n-20010315 - (CanonicalizationMethod.INCLUSIVE)
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments - (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS)
http://www.w3.org/2001/10/xml-exc-c14n# - (CanonicalizationMethod.EXCLUSIVE)
http://www.w3.org/2001/10/xml-exc-c14n#WithComments - (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS)
http://www.w3.org/2000/09/xmldsig#base64 - (Transform.BASE64)
http://www.w3.org/2000/09/xmldsig#enveloped-signature - (Transform.ENVELOPED)
http://www.w3.org/TR/1999/REC-xpath-19991116 - (Transform.XPATH)
http://www.w3.org/2002/06/xmldsig-filter2 - (Transform.XPATH2)
http://www.w3.org/TR/1999/REC-xslt-19991116 - (Transform.XSLT)
XMLSignatureFactory DOM

The SunPCSC Provider

The SunPCSC provider enables applications to use the Java Smart Card I/O API to interact with the PC/SC Smart Card stack of the underlying operating system. On some operating systems, it may be necessary to enable and configure the PC/SC stack before it is usable. Consult your operating system documentation for details.

On Solaris and Linux platforms, SunPCSC accesses the PC/SC stack via the libpcsclite.so library. It looks for this library in the directories /usr/$LIBISA and /usr/local/$LIBISA, where $LIBISA is expanded to lib on 32-bit platforms, lib/64 on 64-bit Solaris platforms, and lib64 on 64-bit Linux platforms. The system property sun.security.smartcardio.library may also be set to the full filename of an alternate libpcsclite.so implementation. On Windows platforms, SunPCSC always calls into winscard.dll and no Java-level configuration is necessary or possible.

If PC/SC is available on the host platform, the SunPCSC implementation can be obtained via TerminalFactory.getDefault() and TerminalFactory.getInstance("PC/SC"). If PC/SC is not available or not correctly configured, a getInstance() call will fail with a NoSuchAlgorithmException and getDefault() will return a JRE built-in implementation that does not support any terminals.

The following algorithms are available in the SunPCSC provider:

Engine Algorithm Name(s)
TerminalFactory PC/SC

The SunMSCAPI Provider

The SunMSCAPI provider enables applications to use the standard JCA/JCE APIs to access the native cryptographic libraries, certificates stores and key containers on the Microsoft Windows platform. The SunMSCAPI provider itself does not contain cryptographic functionality, it is simply a conduit between the Java environment and the native cryptographic services on Windows.

The following algorithms are available in the SunMSCAPI provider:

Engine Algorithm Name(s)
Cipher RSA RSA/ECB/PKCS1Padding only
KeyPairGenerator RSA
KeyStore Windows-MY

The keystore type that identifies the native Microsoft Windows MY keystore. It contains the user's personal certificates and associated private keys.

Windows-ROOT

The keystore type that identifies the native Microsoft Windows ROOT keystore. It contains the certificates of Root certificate authorities and other self-signed trusted certificates.

SecureRandom Windows-PRNG

The name of the native pseudo-random number generation (PRNG) algorithm.

Signature MD2withRSA
MD5withRSA
SHA1withRSA

Keysize Restrictions

The SunMSCAPI provider uses the following default keysizes (in bits) and enforce the following restrictions:

KeyGenerator

Alg. Name Default Keysize Restrictions/Comments
RSA 1024 Keysize ranges from 384 bits to 16,384 bits (depending on the underlying Microsoft Windows cryptographic service provider).