OpenJCEPlus provider

The OpenJCEPlus cryptographic provider is an implementation of the Java™ Cryptography Extensions (JCE) APIs, which include, for example: ciphers, signatures, message digests, MACs and HMACs, secure random number generation, and key generation. In version 8 of the SDK, this security provider was known as the IBMJCEPlus provider.

The OpenJCEPlus provider uses native interfaces to IBM Z® hardware, offering hardware-accelerated cryptographic algorithms where supported.

Enabling the OpenJCEPlus provider

The OpenJCEPlus provider is enabled by default due to its position in the JAVA_HOME/conf/security/java.security file. If you want to use a different provider as the default instead, move that provider ahead of the OpenJCEPlus provider in this file.

Note: If your application contains hard-coded references to a provider name instead of using the provider list and provider fail-over mechanisms, changes to the java.security file might not affect your application.

Supported algorithms

The following table shows the algorithms that are currently supported. Additional algorithm support is intended for future releases.

Start of changes for 11.0.15.0Support for the following algorithms was added in 11.0.15:
  • HMAC-SHA3 algorithms for message authentication code
  • SHA3 algorithms for creating message digests
End of changes for 11.0.15.0
Start of changes for 11.0.19.0Support for the following algorithms was added in 11.0.19:
  • RSASSA-PSS algorithm for algorithm parameter
  • XDH, X25519, and X448 algorithms for key agreement
  • EdDSA, Ed25519, Ed448, RSASSA-PSS, XDH, X25519, and X448 algorithms for key factory and key pair generator
  • EdDSA, Ed25519, Ed448, and RSASSA-PSS support for signature algorithms
End of changes for 11.0.19.0
Table 1. Algorithms supported by the OpenJCEPlus provider
API Supported algorithms
Algorithm parameter AES, ChaCha20, ChaCha20-Poly1305, DESede, DH, DSA, EC, GCM, OAEP, RSASSA-PSS
Algorithm parameter generator DH, DSA, EC, GCM
Cipher algorithms AES, ChaCha20, ChaCha20-Poly1305, DESede, RSA
Cipher modes
AES supports these modes: CBC, CFB8, CFB128, CFB, ECB, GCM, OFB
DESede supports these modes: CBC, ECB  
RSA supports these modes: null, ECB, SSL
Key agreement algorithms DH, ECDH, XDH, X25519, X448
Key factory DH, DSA, EC, EdDSA, Ed25519, Ed448, RSA , RSASSA-PSS, XDH, X25519, X448
Key generator AES, ChaCha20, DESede, HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 , kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, kda-hkdf-with-sha512
Key pair generator DH, DSA, EC, EdDSA, Ed25519, Ed448, RSA, RSASSA-PSS, XDH, X25519, X448
Message authentication code (MAC) HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512
Message digest MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512
Secret key factory AES, ChaCha20, DESede
Secure random HASHDRBG, SHA256DRBG (default), SHA512DRBG
Signature algorithms EdDSA, Ed25519, Ed448, NONEwithDSA, NONEwithECDSA, NONEwithRSA, RSASSA-PSS, SHA1withDSA, SHA224withDSA, SHA256withDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA, SHA3-512withDSA, SHA3-224withECDSA, SHA3-256withECDSA, SHA3-384withECDSA, SHA3-512withECDSA, SHA3-224withRSA, SHA3-256withRSA, SHA3-384withRSA, SHA3-512withRSA

Supported elliptic curves

The following table lists the elliptic curves that the OpenJCEPlus provider implements, their object identifier, and any additional names or aliases that are used to refer to them. All the strings that appear in one row refer to the same curve. For example, the strings secp256r1, 1.2.840.10045.3.1.7, NIST P-256, and X9.62 prime256v1 refer to the same curve. You can use the curve names to create parameter specifications for EC parameter generation with the ECGenParameterSpec class.
Table 2. Elliptic curves implemented by OpenJCEPlus
Curve name Object identifier Additional names or aliases
secp112r1 1.3.132.0.6  
secp112r2 1.3.132.0.7  
secp128r1 1.3.132.0.28  
secp128r2 1.3.132.0.29  
secp160k1 1.3.132.0.9  
secp160r1 1.3.132.0.8  
secp160r2 1.3.132.0.30  
secp192k1 1.3.132.0.31  
secp192r1 1.2.840.10045.3.1.1 NIST P-192, X9.62 prime192v1
secp224k1 1.3.132.0.32  
secp224r1 1.3.132.0.33 NIST P-224
secp256k1 1.3.132.0.10  
secp256r1 1.2.840.10045.3.1.7 NIST P-256, X9.62 prime256v1
secp384r1 1.3.132.0.34 NIST P-384
secp521r1 1.3.132.0.35 NIST P-521
X9.62 prime192v2 1.2.840.10045.3.1.2  
X9.62 prime192v3 1.2.840.10045.3.1.3  
X9.62 prime239v1 1.2.840.10045.3.1.4  
X9.62 prime239v2 1.2.840.10045.3.1.5  
X9.62 prime239v3 1.2.840.10045.3.1.6  
brainpoolP160r1 1.3.36.3.3.2.8.1.1.1  
brainpoolP192r1 1.3.36.3.3.2.8.1.1.3  
brainpoolP224r1 1.3.36.3.3.2.8.1.1.5  
brainpoolP256r1 1.3.36.3.3.2.8.1.1.7  
brainpoolP320r1 1.3.36.3.3.2.8.1.1.9  
brainpoolP384r1 1.3.36.3.3.2.8.1.1.11  
brainpoolP512r1 1.3.36.3.3.2.8.1.1.13  

Known limitations

  • Only RSA key sizes 512, 1024, 2048, and 4096 are supported.
  • RSA key public exponents must be 65537 or greater.
  • RSA private keys must be CRT (Chinese Remainder Theorem) keys. Private keys without the CRT parameters are not supported. Generated key pairs will have CRT private keys.
  • RSA decryption with the NoPadding option might leave padding bytes in the decrypted text.
  • Binary Elliptic Curves are not supported.
  • The providers in OpenJCEPlus do not have their own Keystore implementations. Instead, Keystore implementations (JKS, JCEKS, PKCS#12) come from the SUN and SunJCE providers.
  • The version of the underlying native library used by OpenJCEPlus adds support for some algorithms, which are not yet supported by OpenJCEPlus. These algorithms are:
    • The AES-CTR algorithm for data encryption and decryption is not supported.

  • AES-GCM encryption and decryption Cipher.update operations should be done only for large amounts of data that need to be protected, for the following reason. The authentication tag can be validated only on the doFinal (Cipher.doFinal()) operation; if the doFinal operation fails for any reason, all plaintext that is returned from a previous update operation must be discarded. For smaller amounts of data, it is therefore sensible to run only doFinal operations.

    AES-GCM is not suggested for use with the cipher stream APIs (CipherInputStream and CipherOutputStream) because these APIs were not designed to deal with the complexities of AES-GCM, such as the one just described.

  • Start of changes for 11.0.19.0RSASSA-PSS signature does not support RSA plain keys.End of changes for 11.0.19.0
  • Start of changes for 11.0.19.0RSASSA-PSS supports SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 as input digest algorithms.End of changes for 11.0.19.0
  • Start of changes for 11.0.19.0EdDSA signature supports two pure modes of Ed25519 or Ed448.End of changes for 11.0.19.0