Creating a Cipher Object
Like other engine classes in the API, Cipher objects are created
using the getInstance
factory methods of the Cipher
class. A factory method is a static method that returns an instance
of a class, in this case, an instance of Cipher
,
which implements a requested transformation.
To create a Cipher object, you must specify the transformation name. You can also specify which provider you want to supply the implementation of the requested transformation:
public static Cipher getInstance(String transformation);
public static Cipher getInstance(String transformation,
String provider);
If just a transformation name is specified, the system will determine if there is an implementation of the requested transformation available in the environment, and if there is more than one, whether there is a preferred one.
If both a transformation name and a package provider are specified, the system will determine if there is an implementation of the requested transformation in the package requested, and throw an exception if there is not.
A transformation is a string that describes the operation
(or set of operations) to be performed on the given input, to produce
some output. A transformation always includes the name of a cryptographic
algorithm (such as DES
), and can be followed by a
mode and padding scheme.
A transformation is of the form:
- "algorithm/mode/padding" or
- "algorithm"
For example, the following are valid transformations:
"DES/CBC/PKCS5Padding"
"DES"
If no mode or padding have been specified, provider-specific default
values for the mode and padding scheme are used. For example, the
IBMJCE provider uses ECB
as the default mode, and PKCS5Padding
as the default padding scheme for DES
, DES-EDE
and Blowfish
ciphers.
This means that in the case of the IBMJCE provider,
Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");
and
Cipher c1 = Cipher.getInstance("DES");
are equivalent statements.
When requesting a block cipher in stream cipher mode (such as DES
in CFB
or OFB
mode),
you can optionally specify the number of bits to be processed at a
time, by appending this number to the mode name as shown in the DES/CFB8/NoPadding
and DES/OFB32/PKCS5Padding transformations. If no such number is specified,
a provider-specific default is used. (For example, the IBMJCE provider
uses a default of 64 bits.)
Appendix A of this document and Appendix A of the Java Cryptography Architecture guide contain lists of standard names that can be used to specify the algorithm name, mode, and padding scheme components of a transformation.
The objects returned by factory methods are uninitialized, and must be initialized before they become usable.