# IBMJCEPlus and IBMJCEPlusFIPS providers

The IBMJCEPlus and IBMJCEPlusFIPS cryptographic providers are implementations of the Java™ Cryptography Extensions (JCE) APIs, which include, for example: ciphers, signatures, message digests, MACs and HMACs, secure random number generation, and key generation.

These providers are supported on AIX®, Windows, and Linux®. From service refresh 6, fix pack 25, the IBMJCEPlus provider is also supported on z/OS®; the IBMJCEPlusFIPS provider is not yet supported on that operating system.

The IBMJCEPlus and IBMJCEPlusFIPS cryptographic providers are intended to supercede the IBMJCE and IBMJCEFIPS providers. The newer providers have similar functionality to their older equivalents, although currently the IBMJCEPlus provider does not support key management or use of the keytool utility. The newer providers offer: support for newer algorithms (some of which are required for TLS 1.3), additional hardware-accelerated cryptographic capabilities (where supported), and performance enhancements. IBMJCEPlusFIPS also has later FIPS certification, which will continue to be renewed when needed; the certificate for IBMJCEFIPS will not be renewed nor will new enhancements be added, so you should use the newer providers where possible.

The providers are contained within a single .jar file, ibmjceplus.jar. The IBMJCEPlus provider is not FIPS-compliant, whereas the IBMJCEPlusFIPS provider is (see Certificate #3064).

- RSA decryption with the NoPadding option leaves padding bytes in the decrypted text because it is not known whether some of the 0 bytes are padding bytes or part of the plaintext. This behavior matches the behavior of the Oracle JDK. The IBMJCE and IBMJCEFIPS providers attempt to remove the padding bytes and strip all leading 0 bytes. Leading 0 bytes in the plaintext are therefore removed in the recovered text.
- While in FIPS mode (using IBMJCEPlusFIPS), asymmetric key generation might periodically fail to produce keys of the appropriate size. The underlying implementation might fail with a 1-in-256 chance. If a failure occurs, call the key generation routine again.

## Supported algorithms

The following table shows the algorithms that are currently supported. Additional algorithm support is intended for future releases. Support for these algorithms was added in service refresh 6:

- DH
- RSAPSS
- ChaCha20 and ChaCha20-Poly1305 (IBMJCEPlus provider only)
- kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, and kda-hkdf-with-sha512 (IBMJCEPlus provider only)

API | Supported algorithms |
---|---|

Algorithm parameter | AES, ChaCha20, ChaCha20-Poly1305, DESede, DSA, EC, GCM, DH, OAEP, RSAPSS |

Algorithm parameter generator | DH, DSA, EC, GCM |

Cipher algorithms | AES, ChaCha20, ChaCha20-Poly1305, DESede, RSA |

Key agreement algorithms | DH, ECDH, XDH (X25519, X448) |

Key factory | DH, DSA, EC, RSA, XDH (X25519, X448) |

Key generator | AES, ChaCha20, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, kda-hkdf-with-sha512 |

Key pair generator | DH, DSA, EC, RSA, XDH (X25519, X448) |

Message authentication code (MAC) | HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 |

Message digest | MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 |

Secret key factory | AES, ChaCha20, DESede |

Secure random | HASHDRBG, SHA256DRBG, SHA512DRBG |

Signature algorithms | NONEwithDSA, RSAPSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, NONEwithRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA |

API | Supported algorithms |
---|---|

Algorithm parameter | AES, DESede, DH, DSA, EC, GCM, OAEP, RSAPSS |

Algorithm parameter generator | DSA, EC, GCM |

Cipher algorithms | AES, DESede, RSA |

Cipher modes |
AES supports these modes: CFB8, CFB128, CFB, ECB, CBC, OFB, GCM
DESede supports these modes: ECB, CBC RSA supports these modes: null, ECB, SSL |

Key agreement algorithms | DH, ECDH |

Key factory | DH, DSA, EC, RSA |

Key generator | AES, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 |

Key pair generator | DH, DSA, EC, RSA |

Message authentication code (MAC) | HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 |

Message digest | MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 |

Secret key factory | AES, DESede |

Secure random | HASHDRBG, SHA256DRBG, SHA512DRBG |

Signature algorithms | NONEwithDSA, RSAPSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, NONEwithRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA |

## Known limitations

- Elliptic Curve Diffie-Hellman Key Agreement is supported. Diffie-Hellman Key Agreement is supported only from service refresh 6.
- RSA private keys must be CRT (Chinese Remainder Theorem) keys. Private keys without the CRT parameters are not supported. Generated key pairs will have CRT private keys.
- Binary Elliptic Curves are not supported.
- RSA decryption with the NoPadding option might leave padding bytes in the decrypted text.
- IBMJCEPlusFIPS asymmetric key generation might periodically fail to produce keys of the appropriate size (1 in 256 chance). If this situation occurs, call the key generation routine again.
- The providers in IBMJCEPlus do not have their own Keystore implementations. Instead, Keystore implementations (JKS, JCEKS, PKCS#12) will come from the IBMJCE provider.
- The RSA-PSS signature object cannot be initialized with a message digest algorithm that is not the same as the one supplied in the MGFParameterSpec.
- The new version of the underlying native library used by IBMJCEPlus and
IBMJCEPlusFIPS adds support for some algorithms, which are not yet supported by IBMJCEPlus and
IBMJCEPlusFIPS. These algorithms are:
- HMAC-SHA3 algorithms for message authentication code are not supported.
- SHA3 algorithms for creating message digests are not supported.
- AES-CTR algorithm for data encryption and decryption is not supported.