IBMPKCS11Impl Provider Package

The IBMPKCS11Impl provider:
  • Gives access to the Digital Signature Algorithm (DSA), described in NIST FIPS 186 on the hardware device.
  • Gives access to an implementation of RSA, described in PKCS #1, on the hardware device.
  • Gives access to MD2 (RFC1319), MD5 (RFC 1321) and SHA-1, SHA-256, SHA-384, SHA-512 (NIST FIPS 180-1) message digest algorithms on the hardware device.
  • Gives access to the AES cipher algorithm.
  • Gives access to the RC4 cipher algorithm.
  • Gives access to the Blowfish cipher algorithm.
  • Gives access to the DES cipher algorithm.
  • The provider allows access to the TripleDES cipher algorithm on a hardware device.
  • Enables the hardware device to be used for generating DSA key pairs that are suitable for the DSA algorithm.
  • Enables the hardware device to be used for generating DH key pairs that are suitable for the Diffie-Hellman algorithm.
  • Enables the hardware device to be used for generating EC key pairs that are suitable for the Elliptic Curve algorithm.
    Note: The IBMPKCS11Impl provider does not support Elliptic Curves that are defined using characteristic-2 finite fields. For more information, see the Java™ class java.security.spec.ECFieldF2m.
  • Provides an RSA key pair generator for generating a pair of keys (public and private) suitable for the RSA algorithm.
  • Provides access to the Diffie-Hellman algorithm for key exchange
  • Provides a DES key generator for generating a key suitable for the DES algorithm.
  • Provides TripleDES key generator for generating a key suitable for the TripleDES algorithm.
  • Provides a DSA algorithm parameter generator this is implemented in software.
  • Provides a DSA algorithm parameter manager.
  • Provides a DES algorithm parameter manager.
  • Provides a TripleDES algorithm parameter manager.
  • Provides a DH algorithm parameter manager.
  • Provides access using the "PKCS11DeviceRNG" random number generation algorithm name to random number generation on the hardware device.
  • Provides a certificate factory for X.509 certificates and Certificate Revocation Lists (CRLs).
  • Provides a keystore implementation for the proprietary keystore type named PKCS11IMPLKS.
  • Provides support for TLS/SSL for use by JSSE.
Note: None of the preceding algorithms, expect the DSA parameter generator and DH parameter generator, have been implemented in software by the provider. The provider only gives access to these functions or algorithms through the device.