Start of changes for service refresh 5 fix pack 10

IBMJCEPlus and IBMJCEPlusFIPS providers

The IBMJCEPlus and IBMJCEPlusFIPS cryptographic providers are implementations of the Java™ Cryptography Extensions (JCE) APIs, which include, for example: ciphers, signatures, message digests, MACs and HMACs, secure random number generation, and key generation.

These providers are supported on AIX®, Windows, and Linux®. Start of changes for service refresh 6 fix pack 25From service refresh 6, fix pack 25, the IBMJCEPlus provider is also supported on z/OS®; the IBMJCEPlusFIPS provider is not yet supported on that operating system.End of changes for service refresh 6 fix pack 25

The IBMJCEPlus and IBMJCEPlusFIPS cryptographic providers are intended to supercede the IBMJCE and IBMJCEFIPS providers. The newer providers have similar functionality to their older equivalents, although currently the IBMJCEPlus provider does not support key management or use of the keytool utility. The newer providers offer: support for newer algorithms (some of which are required for TLS 1.3), additional hardware-accelerated cryptographic capabilities (where supported), and performance enhancements. IBMJCEPlusFIPS also has later FIPS certification, which will continue to be renewed when needed; the certificate for IBMJCEFIPS will not be renewed nor will new enhancements be added, so you should use the newer providers where possible.

The providers are contained within a single .jar file, ibmjceplus.jar. The IBMJCEPlus provider is not FIPS-compliant, whereas the IBMJCEPlusFIPS provider is (see Certificate #3064).

Both providers use native interfaces to various hardware platforms, offering hardware-accelerated cryptographic algorithms where supported, which is an advantage over the standard IBMJCE and IBMJCEFIPS providers. Although the IBMJCEPlus and IBMJCEPlusFIPS providers have similar functionality to the IBMJCE and IBMJCEFIPS providers, the "Plus" providers can operate differently in some situations. The following list shows known differences in behavior:
  • RSA decryption with the NoPadding option leaves padding bytes in the decrypted text because it is not known whether some of the 0 bytes are padding bytes or part of the plaintext. This behavior matches the behavior of the Oracle JDK. The IBMJCE and IBMJCEFIPS providers attempt to remove the padding bytes and strip all leading 0 bytes. Leading 0 bytes in the plaintext are therefore removed in the recovered text.
  • While in FIPS mode (using IBMJCEPlusFIPS), asymmetric key generation might periodically fail to produce keys of the appropriate size. The underlying implementation might fail with a 1-in-256 chance. If a failure occurs, call the key generation routine again.

Supported algorithms

The following table shows the algorithms that are currently supported. Additional algorithm support is intended for future releases. Support for these algorithms was added in service refresh 6:

Start of changes for service refresh 6
  • DH
  • RSAPSS
  • ChaCha20 and ChaCha20-Poly1305 (IBMJCEPlus provider only)
  • kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, and kda-hkdf-with-sha512 (IBMJCEPlus provider only)
End of changes for service refresh 6
Table 1. Algorithms supported by the IBMJCEPlus provider
API Supported algorithms
Algorithm parameter AES, ChaCha20, ChaCha20-Poly1305, DESede, DSA, EC, GCM, DH, OAEP, RSAPSS
Algorithm parameter generator DH, DSA, EC, GCM
Cipher algorithms AES, ChaCha20, ChaCha20-Poly1305, DESede, RSA
Key agreement algorithms DH, ECDHStart of changes for service refresh 6 fix pack 10, XDH (X25519, X448)End of changes for service refresh 6 fix pack 10
Key factory DH, DSA, EC, RSAStart of changes for service refresh 6 fix pack 10, XDH (X25519, X448)End of changes for service refresh 6 fix pack 10
Key generator AES, ChaCha20, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, kda-hkdf-with-sha512
Key pair generator DH, DSA, EC, RSAStart of changes for service refresh 6 fix pack 10, XDH (X25519, X448)End of changes for service refresh 6 fix pack 10
Message authentication code (MAC) HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
Message digest MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
Secret key factory AES, ChaCha20, DESede
Secure random HASHDRBG, SHA256DRBG, SHA512DRBG
Signature algorithms NONEwithDSA, RSAPSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, NONEwithRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
Table 2. Algorithms supported by the IBMJCEPlusFIPS provider
API Supported algorithms
Algorithm parameter AES, DESede, DH, DSA, EC, GCM, OAEP, RSAPSS
Algorithm parameter generator DSA, EC, GCM
Cipher algorithms AES, DESede, RSA
Cipher modes
AES supports these modes: CFB8, CFB128, CFB, ECB, CBC, OFB, GCM
DESede supports these modes: ECB, CBC
RSA supports these modes: null, ECB, SSL
Key agreement algorithms DH, ECDH
Key factory DH, DSA, EC, RSA
Key generator AES, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
Key pair generator DH, DSA, EC, RSA
Message authentication code (MAC) HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
Message digest MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
Secret key factory AES, DESede
Secure random HASHDRBG, SHA256DRBG, SHA512DRBG
Signature algorithms NONEwithDSA, RSAPSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, NONEwithRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA

Known limitations

  • Elliptic Curve Diffie-Hellman Key Agreement is supported. Diffie-Hellman Key Agreement is supported only from service refresh 6.
  • RSA private keys must be CRT (Chinese Remainder Theorem) keys. Private keys without the CRT parameters are not supported. Generated key pairs will have CRT private keys.
  • Binary Elliptic Curves are not supported.
  • RSA decryption with the NoPadding option might leave padding bytes in the decrypted text.
  • IBMJCEPlusFIPS asymmetric key generation might periodically fail to produce keys of the appropriate size (1 in 256 chance). If this situation occurs, call the key generation routine again.
  • The providers in IBMJCEPlus do not have their own Keystore implementations. Instead, Keystore implementations (JKS, JCEKS, PKCS#12) will come from the IBMJCE provider.
  • Start of changes for service refresh 6The RSA-PSS signature object cannot be initialized with a message digest algorithm that is not the same as the one supplied in the MGFParameterSpec.End of changes for service refresh 6
  • Start of changes for service refresh 5 fix pack 20The new version of the underlying native library used by IBMJCEPlus and IBMJCEPlusFIPS adds support for some algorithms, which are not yet supported by IBMJCEPlus and IBMJCEPlusFIPS. These algorithms are:
    • HMAC-SHA3 algorithms for message authentication code are not supported.
    • SHA3 algorithms for creating message digests are not supported.
    • AES-CTR algorithm for data encryption and decryption is not supported.
    End of changes for service refresh 5 fix pack 20
These limitations also affect the IBMJSSE2 provider, if you use it with the IBMJCEPlus or IBMJCEPlusFIPS provider.
End of changes for service refresh 5 fix pack 10