Creating a Cipher Object

Like other engine classes in the API, Cipher objects are created using the getInstance factory methods of the Cipher class. A factory method is a static method that returns an instance of a class, in this case, an instance of Cipher, which implements a requested transformation.

To create a Cipher object, you must specify the transformation name. You can also specify which provider you want to supply the implementation of the requested transformation:

 public static Cipher getInstance(String transformation);

 public static Cipher getInstance(String transformation,
 String provider);

If just a transformation name is specified, the system will determine if there is an implementation of the requested transformation available in the environment, and if there is more than one, whether there is a preferred one.

If both a transformation name and a package provider are specified, the system will determine if there is an implementation of the requested transformation in the package requested, and throw an exception if there is not.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (such as DES), and can be followed by a mode and padding scheme.

A transformation is of the form:

  • "algorithm/mode/padding" or
  • "algorithm"

For example, the following are valid transformations:

"DES/CBC/PKCS5Padding"
"DES"

If no mode or padding have been specified, provider-specific default values for the mode and padding scheme are used. For example, the IBMJCE provider uses ECB as the default mode, and PKCS5Padding as the default padding scheme for DES, DES-EDE and Blowfish ciphers. This means that in the case of the IBMJCE provider,

Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");

and

Cipher c1 = Cipher.getInstance("DES");

are equivalent statements.

When requesting a block cipher in stream cipher mode (such as DES in CFB or OFB mode), you can optionally specify the number of bits to be processed at a time, by appending this number to the mode name as shown in the DES/CFB8/NoPadding and DES/OFB32/PKCS5Padding transformations. If no such number is specified, a provider-specific default is used. (For example, the IBMJCE provider uses a default of 64 bits.)

Appendix A of this document and Appendix A of the Java Cryptography Architecture guide contain lists of standard names that can be used to specify the algorithm name, mode, and padding scheme components of a transformation.

The objects returned by factory methods are uninitialized, and must be initialized before they become usable.