Appendix A: Standard Names

The JCE API requires and utilizes a set of standard names for algorithms, algorithm modes, and padding schemes. This specification establishes the following names as standard names. It supplements the list of standard names defined in Appendix A in the Java Cryptography Architecture API Specification & Reference. Note that algorithm names are treated as case-insensitive.

A list of all valid JCE algorithm names can be obtained by using the Java™ application JCEAlgorithms.java in jceDocs_samples.zip. See Samples.

Cipher

Algorithm

The following names can be specified as the algorithm component in a transformation when requesting an instance of Cipher:

AES: Advanced Encryption Standard as specified by NIST in FIPS 197. Based on the Rijndael algorithm by Joan Daemen and Vincent Rijmen, AES is a 128-bit block cipher supporting keys of 128, 192, and 256 bits.
Blowfish: The block cipher designed by Bruce Schneier.
DES: The Digital Encryption Standard as described in FIPS 46-3.
DESede: Triple DES Encryption (DES-EDE).
ElGamal: Asymmetric key encryption based on Diffie–Hellman key exchange.
MARS: A shared-key (symmetric) block cipher, supporting 128-bit blocks and variable key size created by IBM.
PBEWith<digest>And<encryption>: The password-based encryption algorithm (PKCS #5), using the specified message digest (<digest>) and encryption algorithm (<encryption>). Note: Not all combinations of <digest> and <encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 2KeyTripleDES, 3KeyTripleDES, 128BitAES, 256BitAES, AES_128, AES_256
RC2 and RC4: Variable-key-size encryption algorithms developed by Ron Rivest for RSA Data Security, Inc.
RSA: The RSA encryption algorithm as defined in PKCS #1.
Seal: A software-efficient stream cipher by Phil Rogaway, IBM.

Mode

The following names can be specified as the mode component in a transformation when requesting an instance of Cipher:

ECB: Electronic Codebook Mode, as defined in: The National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) PUB 81, DES Modes of Operation,U.S. Department of Commerce, Dec 1980.
CBC: Cipher Block Chaining Mode, as defined in FIPS PUB 81.
CFB: Cipher Feedback Mode, as defined in FIPS PUB 81.
CTR: Counter Mode, as defined in NIST SP 800-38A.
OFB: Output Feedback Mode, as defined in FIPS PUB 81.
PCBC: Plaintext Cipher Block Chaining, as defined by Kerberos.
CTS: Cipher Text Stealing Mode, as defined in RFC 2040.

Padding

The following names can be specified as the padding component in a transformation when requesting an instance of Cipher:

NoPadding: No padding.
PKCS5Padding: The padding scheme described in: RSA Laboratories, PKCS #5: Password-Based Encryption Standard, version 1.5, November 1993.
ISO10126Padding: The padding scheme required by JSR 105 & JSR 106.

KeyAgreement

The following algorithm names can be specified when you request an instance of KeyAgreement:

DiffieHellman: Diffie-Hellman Key Agreement as defined in PKCS #3: Diffie-Hellman Key-Agreement Standard, RSA Laboratories, version 1.4, November 1993.
ECDH: Elliptic curve Diffie–Hellman.

KeyGenerator

The following algorithm names can be specified when you request an instance of KeyGenerator:

AES
Blowfish
DES
DESede
HmacMD2
HmacMD5
HmacSHA1
HmacSHA224
HmacSHA256
HmacSHA384
HmacSHA512
MARS
RC2
RC4
Seal

SecretKeyFactory

The following algorithm names can be specified when you request an instance of SecretKeyFactory:

AES
DES
DESede
PBEWith<digest>And<encryption>: Secret-key factory for use with PKCS #5 password-based encryption, where <digest> is a message digest and <encryption> is an encryption algorithm. Note: Not all combinations of <digest> and <encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 128BitAES, 256BitAES, AES_128, AES_256
Mars
PBKDF1
PBKDF2
PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
PKCS5Key
RC2
RC4
Seal

AlgorithmParameters

The following algorithm names can be specified when you request an instance of AlgorithmParameters:

AES
AESGCM
Blowfish
DES
DESede
DSA
DiffieHellman
EC
Mars
OAEP
PBE
PBES2
PBEWith<digest>And<encryption>: Algorithm parameters for use with PKCS #5 password-based encryption, where <digest> is a message digest and <encryption> is an encryption algorithm. Note: Not all combinations of <digest> and <encryption> are valid.
- <digest> can have one of the following values: MD2, MD5, SHA, SHA1, SHA-1, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
- <encryption> can have one of the following values: DES, RC2, TripleDES, 128BitRC2, 128BitRC4, 2KeyTripleDES, 3KeyTripleDES, 128BitAES, 256BitAES, AES_128, AES_256
PBM
RC2
RSAPSS

MAC

The following algorithm names can be specified when you request an instance of Mac:

HmacMD2
HmacMD5: The HMAC-MD5 keyed-hashing algorithm as defined in RFC 2104.
HmacSHA1: The HMAC-SHA1 keyed-hashing algorithm as defined in RFC 2104.
HmacSHA224
HmacSHA256
HmacSHA384
HmacSHA512
HmacPBESHA512/224
HmacPBESHA512/256