The IBMPKCS11Impl provider

The IBMPKCS11Impl provider uses the Java™ Cryptography Extension (JCE) and Java Cryptography Architecture (JCA) frameworks to seamlessly add the capability to use hardware cryptography via the Public Key Cryptographic Standards # 11 (PKCS#11) standard. This provider takes advantage of hardware cryptography within the existing JCE architecture and gives Java 2 programmers the significant security and performance advantages of hardware cryptography with minimal changes to existing Java applications. As the complexities of hardware cryptography are taken care of within the normal JCE, advanced security and performance using hardware cryptographic devices is made easily available.

PKCS#11 is a standard that provides a common application interface to cryptographic services on various platforms via various hardware cryptographic devices. The current list of support hardware devices can be found in the IBM® Java PKCS 11 Supported Devices document.

The IBMPKCS11Impl provider provides all of the following: Message Digest via the MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512 algorithms. It provides the symmetric algorithms DES, tripleDES (also known as DESede), AES, Arc-Four(RC4), Blowfish and the asymmetric algorithm RSA for encryption and decryption. It further provides digital signature and verification via the RSA, DSA and ECDSA algorithms. There is support for Key Agreement using Diffie-Hellman, Elliptic Curve Diffie-Hellman and HMACs using HmacMD5, HmacSHA1, HmacSHA256, HmacSHA384, and HmacSHA512. This implementation also includes random number generation, key translation using key factories, key/certificate generation and key/certificate management using the iKeyman application. iKeyman is independent from the IBMPKCS11Impl provider.