Appendix A: Standard Names
The JCE API requires and utilizes a set of standard names for algorithms, algorithm modes, and padding schemes. This specification establishes the following names as standard names. It supplements the list of standard names defined in Appendix A in the Java Cryptography Architecture API Specification & Reference. Note that algorithm names are treated as case-insensitive.
A list of all valid JCE algorithm names can be obtained by using the Java™ application JCEAlgorithms.java in jceDocs_samples.zip. See Samples.
Cipher
- Algorithm
- The following names can be specified as the algorithm component in a transformation when requesting an instance of
Cipher
:- AES: Advanced Encryption Standard as specified by NIST in FIPS 197. Based on the Rijndael algorithm by Joan Daemen and Vincent Rijmen, AES is a 128-bit block cipher supporting keys of 128, 192, and 256 bits.
- Blowfish: The block cipher designed by Bruce Schneier.
- DES: The Digital Encryption Standard as described in FIPS 46-3.
- DESede: Triple DES Encryption (DES-EDE).
- ElGamal: Asymmetric key encryption based on Diffie–Hellman key exchange.
- MARS: A shared-key (symmetric) block cipher, supporting 128-bit blocks and variable key size created by IBM.
- PBEWith<digest>And<encryption>: The
password-based encryption algorithm (PKCS #5), using the specified message digest
(<digest>) and encryption algorithm (<encryption>).
Note: Not all combinations of <digest> and
<encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 2KeyTripleDES, 3KeyTripleDES, 128BitAES, 256BitAES, AES_128, AES_256
- RC2 and RC4: Variable-key-size encryption algorithms developed by Ron Rivest for RSA Data Security, Inc.
- RSA: The RSA encryption algorithm as defined in PKCS #1.
- Seal: A software-efficient stream cipher by Phil Rogaway, IBM.
- Mode
- The following names can be specified as the mode component in a transformation when requesting an instance of
Cipher
:- ECB: Electronic Codebook Mode, as defined in: The National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) PUB 81, DES Modes of Operation,U.S. Department of Commerce, Dec 1980.
- CBC: Cipher Block Chaining Mode, as defined in FIPS PUB 81.
- CFB: Cipher Feedback Mode, as defined in FIPS PUB 81.
- CTR: Counter Mode, as defined in NIST SP 800-38A.
- OFB: Output Feedback Mode, as defined in FIPS PUB 81.
- PCBC: Plaintext Cipher Block Chaining, as defined by Kerberos.
- CTS: Cipher Text Stealing Mode, as defined in RFC 2040.
- Padding
- The following names can be specified as the padding component in a transformation when requesting an instance of
Cipher
:- NoPadding: No padding.
- PKCS5Padding: The padding scheme described in: RSA Laboratories, PKCS #5: Password-Based Encryption Standard, version 1.5, November 1993.
- ISO10126Padding: The padding scheme required by JSR 105 & JSR 106.
KeyAgreement
The following algorithm names can be specified when you request an instance of KeyAgreement
:
- DiffieHellman: Diffie-Hellman Key Agreement as defined in PKCS #3: Diffie-Hellman Key-Agreement Standard, RSA Laboratories, version 1.4, November 1993.
- ECDH: Elliptic curve Diffie–Hellman.
KeyGenerator
The following algorithm names can be specified when you request an instance of KeyGenerator
:
- AES
- Blowfish
- DES
- DESede
- HmacMD2
- HmacMD5
- HmacSHA1
- HmacSHA224
- HmacSHA256
- HmacSHA384
- HmacSHA512
- MARS
- RC2
- RC4
- Seal
SecretKeyFactory
The following algorithm names can be specified when you request an instance of SecretKeyFactory
:
- AES
- DES
- DESede
- PBEWith<digest>And<encryption>: Secret-key factory for use with PKCS #5 password-based encryption, where <digest> is a message digest and <encryption> is an encryption algorithm. Note: Not all combinations of <digest> and <encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 128BitAES, 256BitAES, AES_128, AES_256
- Mars
- PBKDF1
- PBKDF2
- PBKDF2WithHmacSHA1
- PBKDF2WithHmacSHA224
- PBKDF2WithHmacSHA256
- PBKDF2WithHmacSHA384
- PBKDF2WithHmacSHA512
- PKCS5Key
- RC2
- RC4
- Seal
AlgorithmParameters
The following algorithm names can be specified when you request an instance of AlgorithmParameters
:
- AES
- AESGCM
- Blowfish
- DES
- DESede
- DSA
- DiffieHellman
- EC
- Mars
- OAEP
- PBE
- PBES2
- PBEWith<digest>And<encryption>: Algorithm parameters for use with PKCS #5 password-based encryption, where <digest> is a message digest and <encryption> is an encryption algorithm. Note: Not all combinations of <digest> and <encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 2KeyTripleDES, 3KeyTripleDES, 128BitAES, 256BitAES, AES_128, AES_256
- PBM
- RC2
- RSAPSS
MAC
The following algorithm names can be specified when you request an instance of Mac
: