International JCE Standard Algorithm Names

The Java Security API requires and utilizes a set of standard names for various ciphers, padding schemes, signature algorithms, etc. IJCE defines the following names as standard names. Each name links to a more detailed description.

Nothing is implied about the security of an algorithm by it being included on this list. If you would like to add an entry to the list, please contact David Hopwood (preferably with references for the algorithm you want to be added).

Contents


MessageDigest names


HAVAL Message Digest
References:
Parameters:
Status:
public domain


MD2 Message Digest
Author:
Ron Rivest, RSA Data Security Inc.
References:
Status:
public domain


MD4 Message Digest
Author:
Ron Rivest, RSA Data Security Inc.
References:
Status:
public domain
Security comment:
Bert den Boer and Antoon Bosselaers have found a method of generating collisions for MD4. It is generally considered insecure.


MD5 Message Digest
Author:
Ron Rivest, RSA Data Security Inc.
References:
Status:
public domain
Security comment:
Bert den Boer and Antoon Bosselaers have found a method of generating pseudo-collisions for MD5. Although that does not necessarily allow a direct attack on normal uses of the function, the authors RSADSI do not recommend it for new applications.


RIPEMD128 Message Digest
Aliases:
RIPEMD-128
References:
Status:
public domain


RIPEMD160 Message Digest
Aliases:
RIPEMD-160
Status:
public domain


SHA-1 Message Digest
Aliases:
SHA
References:
Status:
public domain


SHA-0 Message Digest
References:
Status:
public domain
Security comment:
This is the original version of the Secure Hash Algorithm, and has been superceded by SHA-1 (which is thought to be more secure).


Signature names

Signature algorithms in JCE fall into two categories: those that define a complete algorithm, and incomplete algorithms, that are always used in conjuntion with a Message Digest. The latter require the string "md/" to be prepended to the name, where md is one of the Message Digest names listed above. For example, MD5 with RSA-PEM has the algorithm name "MD5/RSA-PEM".

Note: Not every combination of a message digest, and an incomplete signature algorithm is guaranteed to be valid.

Complete signature algorithm names:

RawDSA: The asymmetric transformation described in NIST FIPS 186, described as the "DSA Sign Operation" and the "DSA Verify Operation", prior to creating a digest. The input to RawDSA is always 20 bytes long.

DSA: Digital Signature Algorithm, as defined in Digital Signature Standard, NIST FIPS 186. This standard defines a digital signature algorithm that uses the RawDSA asymmetric transformation along with the SHA-1 message digest algorithm.

RawRSA: [need reference]

RawElGamal: [need reference]

Incomplete signature algorithm names:

RSA-PEM: The RSA signature algorithm, using the block format described in RFC 1423 (Privacy Enhanced Mail).

RSA-X509 (alias RSA): The RSA signature algorithm, using the block format described in X.509.

Cipher names

Asymmetric (public key) ciphers:

RawRSA: The Rivest, Shamir and Adleman asymmetric cipher, without block padding.

RSA/PKCS#1 (alias RSA): The Rivest, Shamir and Adleman asymmetric cipher, with the padding conventions described in RSA Laboratory Technical Note PKCS#1.

RawElGamal: The ElGamal asymmetric cipher, without block padding.

Symmetric (secret key) ciphers:

3-Way: [need reference]

Blowfish: [need reference]

CAST5 (aliases CAST, CAST-128): [need reference]

CAST3: [need reference] Note that this algorithm has been superceded by CAST5.

DES: The Data Encryption Standard, as defined by NIST in FIPS 46-1 and 46-2.

DES-EDE3 (aliases 3DES, DES3, TripleDES): The EDE3 variant of Triple-DES.

DES-EEE3: The EEE3 variant of Triple-DES.

DES-EDE2: The EDE2 variant of Triple-DES.

DES-EEE2: The EEE2 variant of Triple-DES.

GOST: "GOST 28147-89", as described in section 14.1 of Applied Cryptography 2nd edition (and using the S-boxes given there).

IDEA: The International Data Encryption Algorithm (IDEA) from ASCOM Systec, Switzerland.

LOKI97: [need reference]

LOKI91 (alias LOKI): [need reference]

Loki89: [need reference] Note that this algorithm has been superceded by LOKI91.

RC2: The block cipher RC2, as defined by RSA Data Security Inc., in [need reference].

RC4: The stream cipher RC4, proprietary to RSA Data Security Inc.

RC5: The block cipher RC5, as defined by RSA Data Security Inc., in [need reference].

Pike: [need reference]

SAFER: [need reference]

SEAL: [need reference]

SPEED: [need reference]

Square: [need reference]

Mode names

ECB: Electronic Codebook mode, as defined in the National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) 81. This is implemented as a built-in algorithm.

CBC: Cipher Block Chaining mode, as defined in NIST FIPS 81.

CFB: Cipher Feedback mode, as defined in NIST FIPS 81.

OFB: Output Feedback mode, as defined in NIST FIPS 81.

PCBC: Propagating Cipher Block Chaining mode [need reference]

PaddingScheme names

PKCS#5 (alias PKCS5): The padding algorithm described in RSA Laboratory Technical Note PKCS#5.

PKCS#7 (alias PKCS7): The padding algorithm described in RSA Laboratory Technical Note PKCS#7. (This algorithm is a generalization of PKCS#5, and so it is valid for PKCS#5 to be implemented as an alias to PKCS#7.)

OneAndZeroes: An algorithm that adds a single binary 1 bit, followed by as many binary 0 bits as needed to complete a block.

NONE: A built-in algorithm, used to specify that for encryption, an IllegalBlockSizeException should be thrown when the plaintext input is not an exact number of blocks, and for decryption, that no unpadding should be done.

Appendix B: names

This appendix specifies details concerning some of the algorithms defined in Appendix A. Any provider supplying an implementation of the listed algorithms must comply with the specifications in this appendix. Note: The most recent version of this document is available from JavaSoft's public Web site.

To add a new algorithm not specified herein, you should first survey other people or companies supplying provider packages to see if they have already added that algorithm, and, if so, use the definitions they published, if available. Otherwise, you should create and make available a template, similar to those found in this Appendix B, with the specifications for the algorithm you provide.

Specification Template

The algorithm specifications below contain the following fields:

Name

The name by which the algorithm is known. This is the name passed to the getInstance method (when requesting the algorithm), and returned by the getAlgorithm method to determine the name of an existing algorithm object. These methods are in the relevant engine classes: Signature, MessageDigest, and KeyPairGenerator.

Type

The type of algorithm: Signature, MessageDigest, or KeyPairGenerator.

Description

General notes about the algorithm, including any standards implemented by the algorithm, applicable patents, etc.

KeyPair Algorithm (Optional)

The keypair algorithm for this algorithm.

Strength (Optional)

For a keyed algorithm or key generation algorithm: the legal strengths for key generation or key initialization.

Parameter Defaults (Optional)

For a key generation algorithm: the default parameter values.

Signature format (Optional)

For a Signature algorithm, the format of the signature, that is, the input and output of the verify and sign methods, respectively.

Algorithm Specifications

SHA-1 Message Digest Algorithm

Name: SHA-1

Type: MessageDigest

Description: The message digest algorithm as defined in NIST's FIPS 180-1. The output of this algorithm is a 160-bit digest. Note that the term "SHA" is often used, but it always refers to SHA-1. The first SHA, as published in FIPS 180, is obsolete. Its legal Java Cryptography Architecture name is SHA-0.

MD2 Message Digest Algorithm

Name: MD2

Type: MessageDigest

Description: The message digest algorithm as defined in RFC 1319. The output of this algorithm is a 128-bit (16 byte) digest.

MD5 Message Digest Algorithm

Name: MD5

Type: MessageDigest

Description: The message digest algorithm as defined in RFC 1321. The output of this algorithm is a 128-bit (16 byte) digest.

The Digital Signature Algorithm

Name: DSA

Type: Signature

Description: This algorithm is the signature algorithm described in NIST FIPS 186, using DSA with the SHA-1 message digest algorithm.

KeyPair Algorithm: DSA

Signature Format: a DER sequence of two ASN.1 INTEGER values: r and s, in that order: SEQUENCE ::= { r INTEGER, s INTEGER }

RSA-based Signature Algorithms, with MD2, MD5 or SHA-1

Names: MD2/RSA, MD5/RSA and SHA-1/RSA

Type: Signature

Description: These are the signature algorithms that use the MD2, MD5, and SHA-1 message digest algorithms (respectively) with RSA encryption.

KeyPair Algorithm: RSA

Signature Format: A DER-encoded PKCS#1 block as defined in RSA Laboratory's Public Key Cryptography Standards Note #1. The data encrypted is the digest of the data signed.

DSA KeyPair Generation Algorithm

Name: DSA

Type: KeyPairGenerator

Description: This algorithm is the key pair generation algorithm described in NIST FIPS 186 for DSA.

Strength: The length, in bits, of the modulus p. This can be any integer that is a multiple of 8, greater than or equal to 512.

Parameter Defaults: The following default parameter values are used for strengths of 512, 768, and 1024 bits.

512-bit Key Parameters
SEED = b869c82b 35d70e1b 1ff91b28 e37a62ec dc34409b

counter = 123

p = fca682ce 8e12caba 26efccf7 110e526d b078b05e decbcd1e b4a208f3
    ae1617ae 01f35b91 a47e6df6 3413c5e1 2ed0899b cd132acd 50d99151
    bdc43ee7 37592e17

q = 962eddcc 369cba8e bb260ee6 b6a126d9 346e38c5
     
g = 678471b2 7a9cf44e e91a49c5 147db1a9 aaf244f0 5a434d64 86931d2d
    14271b9e 35030b71 fd73da17 9069b32e 2935630e 1c206235 4d0da20a
    6c416e50 be794ca4

768-bit key parameters
SEED = 77d0f8c4 dad15eb8 c4f2f8d6 726cefd9 6d5bb399

counter = 263

p = e9e64259 9d355f37 c97ffd35 67120b8e 25c9cd43 e927b3a9 670fbec5
    d8901419 22d2c3b3 ad248009 3799869d 1e846aab 49fab0ad 26d2ce6a
    22219d47 0bce7d77 7d4a21fb e9c270b5 7f607002 f3cef839 3694cf45
    ee3688c1 1a8c56ab 127a3daf

q = 9cdbd84c 9f1ac2f3 8d0f80f4 2ab952e7 338bf511

g = 30470ad5 a005fb14 ce2d9dcd 87e38bc7 d1b1c5fa cbaecbe9 5f190aa7
    a31d23c4 dbbcbe06 17454440 1a5b2c02 0965d8c2 bd2171d3 66844577
    1f74ba08 4d2029d8 3c1c1585 47f3a9f1 a2715be2 3d51ae4d 3e5a1f6a
    7064f316 933a346d 3f529252

1024-bit key parameters
SEED = 8d515589 4229d5e6 89ee01e6 018a237e 2cae64cd

counter = 92

p = fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80
    b6512669 455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b
    801d346f f26660b7 6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6
    1bf83b57 e7c6a8a6 150f04fb 83f6d3c5 1ec30235 54135a16 9132f675
    f3ae2b61 d72aeff2 2203199d d14801c7

q = 9760508f 15230bcc b292b982 a2eb840b f0581cf5
     
p = f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b
    3d078267 5159578e bad4594f e6710710 8180b449 167123e8 4c281613
    b7cf0932 8cc8a6e1 3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f
    0bfa2135 62f1fb62 7a01243b cca4f1be a8519089 a883dfe1 5ae59f06
    928b665e 807b5525 64014c3b fecf492a

RSA KeyPair Generation Algorithm

Name: RSA

Type: KeyPairGenerator

Description: This algorithm is the key pair generation algorithm described in PKCS#1.

Strength: Any integer that is a multiple of 8, greater than or equal to 512.


Cryptix Author: David Hopwood

Copyright © 1997 Systemics Ltd
on behalf of the Cryptix Development Team.
All rights reserved.
Cryptix is a trademark of Systemics Ltd.