Hi,
After my previous post concerning Crypto Java/Crypto: Encrypt your message simply with Cipher, I would expose a useful class to list the providers and algo available.
The provider org.bouncycastle.jce.provider.BouncyCastleProvider needs the adding of the bcprov-jdk15on-147.jar library to the classpath.
Then, it’s necessary to add the BC provider via the code:
Security.addProvider(new BouncyCastleProvider());
See the Java ™ Cryptography Architecture Sun Providers Documentation : http://javasearch.developpez.com/sun/j2se/1.6.0/technotes/guides/security/SunProviders.html
Note: The Java Cryptography Extension (JCE) provider included with J2SE 1.4.x does not support RSA encryption. Because the XML Encryption defined by WS-Security is typically based on RSA encryption, in order to use WS-Security to encrypt SOAP messages you must download and install a JCE provider that supports RSA encryption.
RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology.
Read the http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html and
Installing Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File
ProvidersList
package com.ho.crypto.test2;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class ProvidersList {
public static void listProviders() {
Provider[] providers = Security.getProviders();
System.out.println("Providers list");
for (int i = 0; i < providers.length; i++) {
System.out.println(" " + (i + 1) + ": " + providers[i].toString());
}
System.out.println();
}
public static void detailledListProviders() {
Provider[] providers = Security.getProviders();
System.out.println("Detailled providers list");
for (int i = 0; i < providers.length; i++) {
System.out.println(" [" + (i + 1) + "] " + providers[i].getName() + " v" + providers[i].getVersion() + ": " + providers[i].getInfo());
Iterator<Provider.Service> services = getServices(providers[i]).iterator();
String str = providers[i].getName() + ": ";
while (services.hasNext()) {
Provider.Service service = services.next();
System.out.print(" - " + service.toString().replace(str, "").replace("aliases", " aliases").replace(
"attributes", " attributes"));
}
}
System.out.println();
}
public static void providerDetails(String providerName) {
Provider provider = Security.getProvider(providerName);
if (provider == null) {
System.err.println("Unknown provider '" + providerName + "'");
return;
}
System.out.println(provider.getName() + " v" + provider.getVersion() + ": " + provider.getInfo());
Iterator<Provider.Service> services = getServices(provider).iterator();
while (services.hasNext()) {
Provider.Service service = services.next();
System.out.println(" - " + service.getType() + " " + service.getAlgorithm() + " -> " + service.getClassName());
String alias = getAlias(service);
if (alias != null)
System.out.println(" Alias : " + alias + ".");
}
System.out.println();
}
public static void providerDetails(String providerName, String type) {
Provider provider = Security.getProvider(providerName);
if (provider == null) {
System.err.println("Unknown provider '" + providerName + "'");
return;
}
System.out.println(type + " for " + provider.getName() + " v" + provider.getVersion() + ": " + provider.getInfo());
Iterator<Provider.Service> services = getServices(provider).iterator();
while (services.hasNext()) {
Provider.Service service = services.next();
if (service.getType().equalsIgnoreCase(type)) {
System.out.println(" - " + service.getAlgorithm() + " -> " + service.getClassName());
String alias = getAlias(service);
if (alias != null)
System.out.println(" Alias : " + alias + ".");
}
}
System.out.println();
}
private static List<Provider.Service> getServices(Provider provider) {
List<Provider.Service> input = new ArrayList<Provider.Service>();
List<Provider.Service> output = new ArrayList<Provider.Service>();
Iterator<Provider.Service> services = provider.getServices().iterator();
while (services.hasNext()) {
Provider.Service service = services.next();
input.add(service);
}
while (!input.isEmpty()) {
int i = 0;
for (int j = i + 1; j < input.size(); j++) {
if (isGreater(input.get(i), input.get(j))) {
i = j;
}
}
output.add(input.remove(i));
}
return output;
}
private static boolean isGreater(Provider.Service s1, Provider.Service s2) {
if (s1.getType().compareTo(s2.getType()) == 0)
return (s1.getAlgorithm().compareTo(s2.getAlgorithm()) > 0);
return (s1.getType().compareTo(s2.getType()) > 0);
}
private static String getAlias(Provider.Service service) {
String toString = service.toString();
if (toString.contains("aliases: [")) {
return toString.substring(toString.indexOf("aliases: [") + 10, toString.indexOf("]"));
}
return null;
}
public static void main(String[] args) {
//
Security.addProvider(new BouncyCastleProvider());
// All providers
listProviders();
detailledListProviders();
// BC Provider
//providerDetails("BC");
//providerDetails("BC", "Cipher");
//Security.addProvider(new com.xx.yy.zz.provider.HSMProvider());
//providerDetails("HSMProvider");
//providerDetails("HSMProvider", "Cipher");
System.exit(0);
}
}
TEST 1 : list all providers available
Security.addProvider(new BouncyCastleProvider());
// All providers
listProviders();
… results could be:
Depending of JDK used, several implementations of providers exist:
1: SUN version 1.6 (from Java 1.1)
2: SunRsaSign version 1.5 (from Java 1.3)
3: SunJSSE version 1.6 (from Java 1.4)
4: SunJCE version 1.6 (from Java 5)
5: SunJGSS version 1.0
6: SunSASL version 1.5
7: XMLDSig version 1.0
8: SunPCSC version 1.6 (from Java 6)
9: BC version 1.47
With jdk7.0 the provider SunEC.
TEST 2 : list the detailled classes algo, generator, cipher available for all providers
Security.addProvider(new BouncyCastleProvider());
// All providers
detailledListProviders();
… results could be:
Detailled providers list
[1] SUN v1.6: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
- AlgorithmParameterGenerator.DSA -> sun.security.provider.DSAParameterGenerator
attributes: {ImplementedIn=Software, KeySize=1024}
...
[2] SunRsaSign v1.5: Sun RSA signature provider
- KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
- KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator
aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
- Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA
aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2]
attributes: {SupportedKeyClasses=java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey}
...
[3] SunJSSE v1.6: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
- KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory
aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
- KeyManagerFactory.NewSunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$X509
- KeyManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509
- KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator
aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1]
- KeyStore.PKCS12 -> com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore
- SSLContext.Default -> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl
- SSLContext.SSL -> com.sun.net.ssl.internal.ssl.SSLContextImpl
- SSLContext.SSLv3 -> com.sun.net.ssl.internal.ssl.SSLContextImpl
- SSLContext.TLS -> com.sun.net.ssl.internal.ssl.SSLContextImpl
- SSLContext.TLSv1 -> com.sun.net.ssl.internal.ssl.SSLContextImpl
- Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA
aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2]
- Signature.MD5andSHA1withRSA -> com.sun.net.ssl.internal.ssl.RSASignature
- Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA
aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4]
- Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA
aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29, OID.1.3.14.3.2.29]
- TrustManagerFactory.PKIX -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$PKIXFactory
aliases: [SunPKIX, X509, X.509]
- TrustManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$SimpleFactory
[4] SunJCE v1.6: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
- AlgorithmParameterGenerator.DiffieHellman -> com.sun.crypto.provider.DHParameterGenerator
aliases: [DH, OID.1.2.840.113549.1.3.1, 1.2.840.113549.1.3.1]
- AlgorithmParameters.AES -> com.sun.crypto.provider.AESParameters
aliases: [Rijndael]
- AlgorithmParameters.Blowfish -> com.sun.crypto.provider.BlowfishParameters
- AlgorithmParameters.DES -> com.sun.crypto.provider.DESParameters
...
[5] SunJGSS v1.0: Sun (Kerberos v5, SPNEGO)
- GssApiMechanism.1.2.840.113554.1.2.2 -> sun.security.jgss.krb5.Krb5MechFactory
- GssApiMechanism.1.3.6.1.5.5.2 -> sun.security.jgss.spnego.SpNegoMechFactory
[6] SunSASL v1.5: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
- SaslClientFactory.CRAM-MD5 -> com.sun.security.sasl.ClientFactoryImpl
- SaslClientFactory.DIGEST-MD5 -> com.sun.security.sasl.digest.FactoryImpl
- SaslClientFactory.EXTERNAL -> com.sun.security.sasl.ClientFactoryImpl
- SaslClientFactory.GSSAPI -> com.sun.security.sasl.gsskerb.FactoryImpl
- SaslClientFactory.PLAIN -> com.sun.security.sasl.ClientFactoryImpl
- SaslServerFactory.CRAM-MD5 -> com.sun.security.sasl.ServerFactoryImpl
- SaslServerFactory.DIGEST-MD5 -> com.sun.security.sasl.digest.FactoryImpl
- SaslServerFactory.GSSAPI -> com.sun.security.sasl.gsskerb.FactoryImpl
[7] XMLDSig v1.0: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory)
- KeyInfoFactory.DOM -> org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory
- TransformService.http://www.w3.org/2000/09/xmldsig#base64 -> org.jcp.xml.dsig.internal.dom.DOMBase64Transform
aliases: [BASE64]
attributes: {MechanismType=DOM}
...
[8] SunPCSC v1.6: Sun PC/SC provider
- TerminalFactory.PC/SC -> sun.security.smartcardio.SunPCSC$Factory
[9] BC v1.47: BouncyCastle Security Provider v1.47
- AlgorithmParameterGenerator.1.2.840.113549.3.2 -> org.bouncycastle.jcajce.provider.symmetric.RC2$AlgParamGen
- AlgorithmParameterGenerator.AES -> org.bouncycastle.jcajce.provider.symmetric.AES$AlgParamGen
aliases: [2.16.840.1.101.3.4.2, 2.16.840.1.101.3.4.22, 2.16.840.1.101.3.4.42, 2.16.840.1.101.3.4.1.2, 2.16.840.1.101.3.4.1.22, 2.16.840.1.101.3.4.1.42]
...
TEST 3 : list the detailled classes algo, generator, cipher available for BC provider
Security.addProvider(new BouncyCastleProvider());
// BC Provider
providerDetails("BC");
… results could be:
BC v1.47: BouncyCastle Security Provider v1.47
- AlgorithmParameterGenerator 1.2.840.113549.3.2 -> org.bouncycastle.jcajce.provider.symmetric.RC2$AlgParamGen
- AlgorithmParameterGenerator AES -> org.bouncycastle.jcajce.provider.symmetric.AES$AlgParamGen
Alias : 2.16.840.1.101.3.4.2, 2.16.840.1.101.3.4.22, 2.16.840.1.101.3.4.42, 2.16.840.1.101.3.4.1.2, 2.16.840.1.101.3.4.1.22, 2.16.840.1.101.3.4.1.42.
...
TEST 4 : list the detailled classes cipher available for BC provider
Security.addProvider(new BouncyCastleProvider());
// BC Provider
providerDetails("BC", "Cipher");
… results could be:
Cipher for BC v1.47: BouncyCastle Security Provider v1.47
- 1.2.392.200011.61.1.1.1.2 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$CBC
- 1.2.392.200011.61.1.1.1.3 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$CBC
- 1.2.392.200011.61.1.1.1.4 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$CBC
- 1.2.410.200004.1.4 -> org.bouncycastle.jcajce.provider.symmetric.SEED$CBC
- 1.2.643.2.2.21 -> org.bouncycastle.jcajce.provider.symmetric.GOST28147$CBC
...
TEST 5 : list the detailled classes KeyGenerator available for BC provider
Security.addProvider(new BouncyCastleProvider());
// BC Provider
providerDetails("BC", "KeyGenerator");
… results could be:
KeyGenerator for BC v1.47: BouncyCastle Security Provider v1.47
- 1.2.392.200011.61.1.1.1.2 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen128
- 1.2.392.200011.61.1.1.1.3 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen192
- 1.2.392.200011.61.1.1.1.4 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen256
- 1.2.392.200011.61.1.1.3.2 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen128
- 1.2.392.200011.61.1.1.3.3 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen192
- 1.2.392.200011.61.1.1.3.4 -> org.bouncycastle.jcajce.provider.symmetric.Camellia$KeyGen256
- 1.2.410.200004.1.4 -> org.bouncycastle.jcajce.provider.symmetric.SEED$KeyGen
- 1.2.410.200004.7.1.1.1 -> org.bouncycastle.jcajce.provider.symmetric.SEED$KeyGen
- 1.2.840.113549.3.2 -> org.bouncycastle.jcajce.provider.symmetric.RC2$KeyGenerator
- 1.2.840.113549.3.7 -> org.bouncycastle.jcajce.provider.symmetric.DESede$KeyGenerator3
- 2.16.840.1.101.3.4.1.1 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen128
- 2.16.840.1.101.3.4.1.2 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen128
- 2.16.840.1.101.3.4.1.21 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen192
- 2.16.840.1.101.3.4.1.22 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen192
- 2.16.840.1.101.3.4.1.23 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen192
- 2.16.840.1.101.3.4.1.24 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen192
- 2.16.840.1.101.3.4.1.25 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen192
...
Complete results : tests_providers_list_results.txt
Best regards,
Huseyin OZVEREN