OpenJCEPlus provider
The OpenJCEPlus cryptographic provider is an implementation of the Java™ Cryptography Extensions (JCE) APIs, which include, for example: ciphers, signatures, message digests, MACs and HMACs, secure random number generation, and key generation. In version 8 of the SDK, this security provider was known as the IBMJCEPlus provider.
The OpenJCEPlus provider uses native interfaces to IBM Z® hardware, offering hardware-accelerated cryptographic algorithms where supported.
Enabling the OpenJCEPlus provider
The OpenJCEPlus provider is enabled by default due to its position in the JAVA_HOME/conf/security/java.security file. If you want to use a different provider as the default instead, move that provider ahead of the OpenJCEPlus provider in this file.
Supported algorithms
The following table shows the algorithms that are currently supported. Additional algorithm support is intended for future releases.
![Start of changes for 11.0.15.0](../../settings/images/11.0.15.0.gif)
- HMAC-SHA3 algorithms for message authentication code
- SHA3 algorithms for creating message digests
![End of changes for 11.0.15.0](../../settings/images/ng_SRend.gif)
![Start of changes for 11.0.19.0](../../settings/images/11.0.19.0.gif)
- RSASSA-PSS algorithm for algorithm parameter
- XDH, X25519, and X448 algorithms for key agreement
- EdDSA, Ed25519, Ed448, RSASSA-PSS, XDH, X25519, and X448 algorithms for key factory and key pair generator
- EdDSA, Ed25519, Ed448, and RSASSA-PSS support for signature algorithms
![End of changes for 11.0.19.0](../../settings/images/ng_SRend.gif)
API | Supported algorithms |
---|---|
Algorithm parameter | AES, ChaCha20, ChaCha20-Poly1305, DESede, DH, DSA, EC, GCM, OAEP, RSASSA-PSS |
Algorithm parameter generator | DH, DSA, EC, GCM |
Cipher algorithms | AES, ChaCha20, ChaCha20-Poly1305, DESede, RSA |
Cipher modes |
AES supports these modes: CBC, CFB8, CFB128, CFB, ECB, GCM, OFB
DESede supports these modes: CBC, ECB RSA supports these modes: null, ECB, SSL |
Key agreement algorithms | DH, ECDH, XDH, X25519, X448 |
Key factory | DH, DSA, EC, EdDSA, Ed25519, Ed448, RSA , RSASSA-PSS, XDH, X25519, X448 |
Key generator | AES, ChaCha20, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 , kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, kda-hkdf-with-sha512 |
Key pair generator | DH, DSA, EC, EdDSA, Ed25519, Ed448, RSA, RSASSA-PSS, XDH, X25519, X448 |
Message authentication code (MAC) | HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 |
Message digest | MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 |
Secret key factory | AES, ChaCha20, DESede |
Secure random | HASHDRBG, SHA256DRBG (default), SHA512DRBG |
Signature algorithms | EdDSA, Ed25519, Ed448, NONEwithDSA, NONEwithECDSA, NONEwithRSA, RSASSA-PSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA, SHA3-512withDSA, SHA3-224withECDSA, SHA3-256withECDSA, SHA3-384withECDSA, SHA3-512withECDSA, SHA3-224withRSA, SHA3-256withRSA, SHA3-384withRSA, SHA3-512withRSA |
Supported elliptic curves
secp256r1, 1.2.840.10045.3.1.7, NIST P-256
, and X9.62
prime256v1
refer to the same curve. You can use the curve names to create parameter
specifications for EC parameter generation with the ECGenParameterSpec class.
Curve name | Object identifier | Additional names or aliases |
---|---|---|
secp112r1 |
1.3.132.0.6 |
|
secp112r2 |
1.3.132.0.7 |
|
secp128r1 |
1.3.132.0.28 |
|
secp128r2 |
1.3.132.0.29 |
|
secp160k1 |
1.3.132.0.9 |
|
secp160r1 |
1.3.132.0.8 |
|
secp160r2 |
1.3.132.0.30 |
|
secp192k1 |
1.3.132.0.31 |
|
secp192r1 |
1.2.840.10045.3.1.1 |
NIST P-192, X9.62 prime192v1 |
secp224k1 |
1.3.132.0.32 |
|
secp224r1 |
1.3.132.0.33 |
NIST P-224 |
secp256k1 |
1.3.132.0.10 |
|
secp256r1 |
1.2.840.10045.3.1.7 |
NIST P-256, X9.62 prime256v1 |
secp384r1 |
1.3.132.0.34 |
NIST P-384 |
secp521r1 |
1.3.132.0.35 |
NIST P-521 |
X9.62 prime192v2 |
1.2.840.10045.3.1.2 |
|
X9.62 prime192v3 |
1.2.840.10045.3.1.3 |
|
X9.62 prime239v1 |
1.2.840.10045.3.1.4 |
|
X9.62 prime239v2 |
1.2.840.10045.3.1.5 |
|
X9.62 prime239v3 |
1.2.840.10045.3.1.6 |
|
brainpoolP160r1 |
1.3.36.3.3.2.8.1.1.1 |
|
brainpoolP192r1 |
1.3.36.3.3.2.8.1.1.3 |
|
brainpoolP224r1 |
1.3.36.3.3.2.8.1.1.5 |
|
brainpoolP256r1 |
1.3.36.3.3.2.8.1.1.7 |
|
brainpoolP320r1 |
1.3.36.3.3.2.8.1.1.9 |
|
brainpoolP384r1 |
1.3.36.3.3.2.8.1.1.11 |
|
brainpoolP512r1 |
1.3.36.3.3.2.8.1.1.13 |
Known limitations
- Only RSA key sizes 512, 1024, 2048, and 4096 are supported.
- RSA key public exponents must be 65537 or greater.
- RSA private keys must be CRT (Chinese Remainder Theorem) keys. Private keys without the CRT parameters are not supported. Generated key pairs will have CRT private keys.
- RSA decryption with the NoPadding option might leave padding bytes in the decrypted text.
- Binary Elliptic Curves are not supported.
- The providers in OpenJCEPlus do not have their own Keystore implementations. Instead, Keystore implementations (JKS, JCEKS, PKCS#12) come from the SUN and SunJCE providers.
- The version of the underlying native library used by OpenJCEPlus adds
support for some algorithms, which are not yet supported by OpenJCEPlus. These algorithms are:
- The AES-CTR algorithm for data encryption and decryption is not supported.
-
AES-GCM encryption and decryption Cipher.update operations should be done only for large amounts of data that need to be protected, for the following reason. The authentication tag can be validated only on the doFinal (Cipher.doFinal()) operation; if the doFinal operation fails for any reason, all plaintext that is returned from a previous update operation must be discarded. For smaller amounts of data, it is therefore sensible to run only doFinal operations.
AES-GCM is not suggested for use with the cipher stream APIs (CipherInputStream and CipherOutputStream) because these APIs were not designed to deal with the complexities of AES-GCM, such as the one just described.
RSASSA-PSS signature does not support RSA plain keys.
RSASSA-PSS supports SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 as input digest algorithms.
EdDSA signature supports two pure modes of Ed25519 or Ed448.