iaik.security.provider

Class IAIK

java.lang.Object

java.util.Dictionary<K,V>

java.util.Hashtable<java.lang.Object,java.lang.Object>

java.util.Properties

java.security.Provider

iaik.utils.ExtendedProvider

iaik.security.provider.IAIK

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable, java.util.Map<java.lang.Object,java.lang.Object>

public final class IAIK
extends ExtendedProvider

This class represents the master class of the IAIK Security Package Provider (SPP) for the Java Security API.

The provider architecture has been introduced by the Java Cryptographic Architecture (JCA) making it possible for different cryptographic implementations to operate on common interfaces (consult the Java Cryptography Architecture API Specification & Reference).

For generally accessing and using provider-specific algorithm implementations, engine classes and factory methods are used. Engine classes provide interfaces to the functioanlity of a type of cryptographic algorithm, and factory methods are used for obtaining some specific implementation. To get, for instance, an object of the MessageDigest engine class, use the corresponding getInstance factory method:

 MessageDigest md = MessageDigest.getInstance("AlgorithmName", "ProviderName");
 

Specifying a particular provider is optionally (for using the IAIK provider, specify "IAIK"). If no provider is stated, all actual providers are searched until one is found that implements the desired algorithm, e.g.:

 MessageDigest md5 = MessageDigest.getInstance("MD5");
 

If none of the installed providers supports the requested algorithm, a NoSuchAlgorithmException is thrown.

The term provider is an abbreviation for Cryptographic Package Provider and denotes a package or a set of packages supplying a concrete implementation of a subset of the cryptography aspects of the Java Security API (see JCA). A JCA provider may realize implementations of digital signature, message digest, and key pair generation algorithms. If the JCA API is extended by a Java Cryptography Extension (JCE) API for supporting encryption and key exchange, a provider additionaly may implement encryption and key exchange algorithms.

This class represents the master class of the IAIK security package provider. It extends the java.security.Provider class for registering the IAIK provider specific security implementations within the Java security architecture. The IAIK provider supports both, algorithm implemetations for JCA, and for the JCE extension. Since IAIK-JCE is full compatible to JCE 1.2.1 released by Sun, you will need JDK1.2 for using IAIK-JCE. If you want to use it with JDK1.1.x, you will also have to add jdk11x_update.jar to your CLASSPATH. jdk11x_update.jar is just an IAIK implementation of the required JDK 1.2 classes which are not available in JDK 1.1.x. jdk11x_update.jar is included in the IAIK-JCE distribution which may be downloaded at http://jcewww.iaik.tu-graz.ac.at/download.html. This IAIK provider master class automatically checks if the required JDK1.2 classes are included in your classpath and will trigger a RuntimeException if the check fails.

Note that depending on which IAIK JCE JAR file you are using not all algorithms may be available because of legal issues. In particular RSA, RC4, and IDEA are not included in the default distribution. If you want to use those algorithms as well you need to download the full version of the JAR file, see the download page, but make sure you have understood the related legal and patent issues.

The following table lists the names - case sensitive (!) - of several algorithms supported by the IAIK provider. The table is devided into two parts. The first part contains the JCA related implementations, and the second part lists the JCE algorithms. For each algorithm, the corresponding specification and all registered aliases are reported.

JCA implementations
Message Digest Algorithms MessageDigest md = MessageDigest.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
MD2 (Message Digest 2)	RSA Data Security, Inc.'s MD2 message digest algorithm, as specified in RFC 1319 for producing a 128-bit hash value	-
MD5 (Message Digest 5)	RSA Data Security, Inc.'s MD5 message digest algorithm, as specified in RFC 1321 for producing a 128-bit hash value	-
SHA-1 (Secure Hash Algorithm)	SHA-1 message digest algorithm as specified in FIPS PUB 180-1 for producing a 128-bit hash value	SHA, 1.3.14.3.2.18
Key Pair Generators KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DSA (DSA key pair generator)	Key pair generation method for the DSA algorithm as described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
Key Factories KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DSA (DSA key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for the DSA algorithm which is described in FIPS PUB 186	1.3.14.3.2.12, 1.2.840.10040.4.1
Key Stores KeyStore keyStore = KeyStore.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
IAIKKeyStore (IAIKKeyStore)	The IAIKKeyStore uses the password based key derivation function 2 from the PKCS#5 v2.0 Password-Based Cryptography Standard	KeyStore
Certificate Factories X509Certificate x509Certificate = CertificateFactory.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
X.509 (X.509 certificate factory)	Certifcate factory for generating X.509 certificates and CRLs (as specified in the RFC 3280) from their encodings	-
Qualified (Qualified certificate factory)	Certifcate factory for generating qualified certificates from their encodings according to the PKIX Qualified Certificate Profile	-

JCE implementations
Ciphers* Cipher cipher = Cipher.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DES (Data Encryption Standard)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
DESede (Triple DES)	A variant of the Data Encryption Standard (DES) using an encrypting-decrypting-encrypting (EDE) scheme based on three keys	3DES
IDEA (International Data Encryption Algorithm)	Symmetric 64-bit block encryption algorithm, patented by Ascom Systec Ltd.	-
CAST128 (Carlisle Adams and Stafford Tavares)	64 bit Feistel type block cipher with a key length of 40-128 bits	CAST, CAST5
RC2 (Ron's Code 2; Rivest Cipher 2)	Variable-key-size 64-Bit block cipher; developed by Ron Rivest for RSA Data Security, Inc.; described in RFC2268	-
RC4 (Ron's Code 4; Rivest Cipher 4)	Variable-key-size 64-Bit stream cipher; developed by Ron Rivest for RSA Data Security, Inc.; the IAIK-JCE implementation is based on code which has been posted to the sci.crypt News Group	-
PbeWithMD5AndDES_CBC (password based "MD5 with DES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the DES algorithm in CBC mode using a secret key which is derived from a password with the MD5 message-digest algorithm; specified in PKCS #5: Password-Based Cryptography Specification Version 2.0 (RFC 2898)	PBEWithMD5AndDES
PbeWithSHAAnd3_KeyTripleDES_CBC (password based "SHA with TripleDES-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message (octet string) with the TripleDES algorithm in CBC mode using a secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
PbeWithSHAAnd40BitRC2_CBC (password based "SHA with 40BitRC2-CBC" algorithm)	Password based key-encryption algorithm for encrypting a given message with the RC2 algorithm in CBC mode using a 40Bit secret key which is derived from a password with the SHA hash algorithm as described in PKCS#12	-
Rijndael (Advanced Encryption Standard AES)	Block cipher with variable block length (this implementation uses 128 bit) and key length, designed by Joan Daemen and Vincent Rijmen, see http://www.nist.gov/aes/.	AES
Rijndael-256 (Advanced Encryption Standard AES)	Rijndael cipher implementation for block size of 256 bit.	AES
Key Exchange Algorithms KeyAgreement keyAgr = KeyAgreement.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DH (Diffie Hellman Key Agreement)	DH key exchange protocol as described in PKCS#3	DiffieHellman
Message Authentiaction Codes MAC mac = MAC.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
HMAC/MD5 (HMAC with MD5)	Keyed-Hashing for Message Authentication as described in RFC 2104 using MD5 as message digest algorithm	HmacMD5
HMAC/SHA (HMAC with SHA)	Keyed-Hashing for Message Authentication as described in RFC 2104 using SHA-1 as message digest algorithm	HmacSHA1
Key Pair Generators KeyPairGenerator keyGen = KeyPairGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DH (Diffie Hellman key pair generator)	Key pair generation method for Diffie Hellman key exchange as described in PKCS#3	DiffieHellman
Key Factories KeyFactory keyFac = KeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DH (Diffie Hellman key factory)	Key factory for converting keys into key specifications (and vice versa) to be used for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
Key Generators KeyGenerator keyGen = KeyGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
AES (AES key generator)	Key generation method for the Advanced Encryption Standard (AES, Rijndael) block cipher.	-
DES (DES key generator)	Key generation method for the DES cipher which is defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
DESede (Triple DES key generator)	Key generation method for the TripleDES cipher	3DES
IDEA (IDEA key generator)	Key generation method for the IDEA cipher which is patented by Ascom Systec Ltd.	-
CAST128 (CAST128 key generator)	Key generation method for the CAST128 64 bit Feistel type block cipher	CAST, CAST5
RC2 (RC2 key generator)	Key generation method for the RC2 cipher which has been developed by Ron Rivest for RSA Data Security, Inc.	-
RC4 (RC4 key generator)	Key generation method for the RC4 stream cipher which has developed by Ron Rivest for RSA Data Security, Inc.	-
Rijndael (Rijndael key generator)	Key generation method for the Rijndael AES block cipher.	-
Rijndael-256 (Rijndael key generator)	Key generation method for the Rijndael AES block cipher with block size of 256 bits.	-
PKCS#12 (PKCS#12 key generator)	Key generation method for for deriving PKCS#12 secret keys from password, salt and iteration count. count	-
PKCS12-IV (PKCS#12 Iv generator)	Key generation method for for deriving PKCS#12 initialization vectors from password, salt and iteration count. count	-
PKCS12-MAC (PKCS#12 MAC-Key generator)	Key generation method for for deriving PKCS#12 MAC-keys from password, salt and an iteration count. count	-
PBKDF2 (password based key derivation function 2)	Key generation method for for deriving PKCS#5-2 keys from password, salt and an iteration count; specified by the PKCS#5 Version 2.0 Password-Based Cryptography Standard)	-
Secret Key Factories SecretKeyFactory skf = SecretKeyFactory.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DES (DES Key Factory)	Symmetric 64-bit block encryption algorithm as defined by NIST in FIPS PUB 46-1 and FIPS PUB 46-2	-
DESede (DESede Key Factory)	Secret Key Factory for the DESede (3DES) algorithm	3DES
IDEA (IDEA Key Factory)	Secret Key Factory for the IDEA block cipher	-
CAST128 (CAST128 Key Factory)	Secret Key Factory for the CAST128 block cipher	CAST5, CAST
RC2 (RC2 Key Factory)	Secret Key Factory for the RC2 block cipher	-
RC4 (RC4 Key Factory)	Secret Key Factory for the RC4 stream cipher	-
Serpent (Serpent Key Factory)	Secret Key Factory for the Serpent AES candidate block cipher	-
Rijndael (Rijndael Key Factory)	Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher	AES
Rijndael-256 (Rijndael Key Factory)	Secret Key Factory for the Advanced Encryption Standard (AES) Rijndael block cipher with block size of 256 bits.	AES
PBE (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS #5: Password-Based Cryptography Specification Version 2.0 (RFC 2898)	PKCS#5
PKCS#12 (Password Based Encryption Key Factory)	Password Based Encryption according to PKCS#12	-
Algorithm Parameter Generators AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DH (Diffie Hellman parameter generator)	Generator for creating parameters (prime modulus, base generator, length of the private value) to be used for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
PBE (PBE parameter generator)	Generator for creating parameters (salt and iteration count) to be used for password based encryption according to PKCS #5: Password-Based Cryptography Specification Version 2.0 (RFC 2898) / PKCS#12	-
Algorithm Parameters AlgorithmParameters params = AlgorithmParameters.getInstance(<Standard Name> | <Alias>, "IAIK");
Standard Name	Specification	Aliases
DH (Diffie Hellman parameters)	Algorithm parameters (prime modulus, base generator, length of the private value) representation for Diffie Hellman key exchange which is described in PKCS#3	DiffieHellman
PBE (PBE parameters)	Algorithm parameters (salt and iteration count) representation for password based encryption according to PKCS #5: Password-Based Cryptography Specification Version 2.0 (RFC 2898) / PKCS#12	-
DES (DES parameters)	Algorithm parameters (initialization vector) representation for the DES cipher	-
DESede (DESede parameters)	Algorithm parameters (initialization vector) representation for the DESede cipher	3DES
IDEA (IDEA parameters)	Algorithm parameters (initialization vector) representation for the IDEA cipher	-
CAST128 (CAST128 parameters)	Algorithm parameters (initialization vector) representation for the CAST128 cipher	CAST5, CAST
RC2 (RC2 parameters)	Algorithm parameters (initialization vector) representation for the RC2 cipher	-
Rijndael (Rijndael parameters)	Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES)	AES
Rijndael-256 (Rijndael parameters)	Algorithm parameters (initialization vector) representation for the Rijndael Advanced Encryption Standard (AES) block cipher with block size of 256 bits.	AES

*) The IAIK provider supports the following cipher modes and padding schemes:

General Usage:

   Cipher cipher = Cipher.getInstance("Cipher/Operation Mode/Padding Scheme");
 

for instance:

 Cipher des = Cipher.getInstance("DES/CBC/PKCS5Padding", "IAIK");
 

Cipher Modes (default: ECB)
Name	Specification
ECB (Electronic Code Book)	"DES MODES OF OPERATION", NIST FIPS PUB 81
CBC (Cipher Block Chaining)	"DES MODES OF OPERATION", NIST FIPS PUB 81
PCBC (Propagated Cipher Block Chaining)	defined by Kerberos
CFB (Cipher FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
OFB (Output FeedBack)	"DES MODES OF OPERATION", NIST FIPS PUB 81
Padding Schemes (default: NoPadding)
Name	Specification
PKCS5Padding (PKCS#5 Padding)	padding scheme as described in specified by PKCS #5: Password-Based Cryptography Specification Version 2.0 (RFC 2898)
SSL3Padding	padding scheme as described in the Secure Sockets Layer SSL v3.0 specification

FIPS 140-2:

This class is part of the Toolkit's FIPS 140-2 cryptographic module and contains APIs that are considered part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; refer to the API documentation for further details

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Provider

java.security.Provider.Service

Field Summary

Fields

Modifier and Type	Field and Description
static double	version Version number of the IAIK JCE.

Fields inherited from class java.util.Properties

defaults

Constructor Summary

Constructors

Constructor and Description
IAIK() The constructor; creates a new instance of the IAIK JCA/JCE cryptographic service provider.

Method Summary

Methods

Modifier and Type	Method and Description
static void	addAsProvider() Installs the IAIK JCA/JCE cryptographic service provider in first position.
static void	addAsProvider(boolean printStatusInfo) Installs the IAIK JCA/JCE cryptographic service provider in first position printing status information to System.out if requested by the caller.
static IAIK	getInstance() Returns an instance of the IAIK JCA/JCE cryptographic service provider; this call is identical to calling the constructor except that it returns as a previously created instance if available.
static java.security.MessageDigest	getMd5() Deprecated. since 8.0; use MD5 instead
static boolean	getUseOldMd5() Deprecated. since 8.0; use MD5 instead
static void	setUseOldMd5(boolean useOldMd5) Deprecated. since 8.0; use MD5 instead

Methods inherited from class iaik.utils.ExtendedProvider

isAvailable, puta, putc, putc

Methods inherited from class java.security.Provider

clear, elements, entrySet, get, getInfo, getName, getProperty, getService, getServices, getVersion, keys, keySet, load, put, putAll, putService, remove, removeService, toString, values

Methods inherited from class java.util.Properties

getProperty, list, list, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNames

Methods inherited from class java.util.Hashtable

clone, contains, containsKey, containsValue, equals, hashCode, isEmpty, rehash, size

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

version

public static final double version

Version number of the IAIK JCE. Currently 2.6.

See Also:

Constant Field Values

Constructor Detail

IAIK

public IAIK()

The constructor; creates a new instance of the IAIK JCA/JCE cryptographic service provider.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Method Detail

addAsProvider

public static void addAsProvider()

Installs the IAIK JCA/JCE cryptographic service provider in first position.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

getInstance

public static IAIK getInstance()

Returns an instance of the IAIK JCA/JCE cryptographic service provider; this call is identical to calling the constructor except that it returns as a previously created instance if available.

FIPS 140-2:

FIPS Service: Query Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call)
• status output interface (exceptions)

Returns:

[FIPS 140-2 control input] an instance of the IAIK JCA/JCE cryptographic service provider

addAsProvider

public static void addAsProvider(boolean printStatusInfo)

Installs the IAIK JCA/JCE cryptographic service provider in first position printing status information to System.out if requested by the caller.

FIPS 140-2:

FIPS Service: Modify Object

This API is part of the logical interface to the Toolkit's FIPS 140-2 cryptographic module; use of this API causes the caller to assume the FIPS 140-2 user role and accesses the following FIPS 140-2 logical interfaces:

• control input interface (API call, parameters)
• status output interface (exceptions)

Parameters:

printStatusInfo - [FIPS 140-2 control input] indicates whether or not status information (including system properties) will be printed to System.out

setUseOldMd5

public static void setUseOldMd5(boolean useOldMd5)

Deprecated. since 8.0; use MD5 instead

Set whether to use the old or the new implementation of the Md5 algorithm. The new implementation is about twice as fast, but crashes on some older JIT compilers. Therefore, set this to true only if Md5 crashes or hangs on your VM. This flag will only affect IAIK instances created after this call is made.

The current default is to use the OLD version to be compatible with all systems.

getUseOldMd5

public static boolean getUseOldMd5()

Deprecated. since 8.0; use MD5 instead

Check whether the old or the new implementation of the Md5 algorithm is active.

getMd5

public static java.security.MessageDigest getMd5()

Deprecated. since 8.0; use MD5 instead

Return a new implementation of the Md5 message digest. It will be either the new or the old implementation depending on the setting of the useOldMd5 flag. Applications should not use this method, it is for internal library use only, use MessageDigest.getInstance() instead.