The code snippet below highlights my current implementation of a crypto object, using both the AES cipher and CTR mode of operation.
import javax.crypto.Cipher;
public abstract class Crypto {
private static final String CIPHER_ALGORITHM = "AES/CTR/NoPadding";
private String AesKeyString = "ByWelFHCgFqivFZrWs89LQ==";
private void setKey() throws NoSuchAlgorithmException{
byte[] keyBytes;
keyBytes = Base64.getDecoder().decode(AesKeyString);
aesKey = new SecretKeySpec(keyBytes, "AES");
}
protected byte[] execute(int mode, byte[] target, byte[] iv)
throws Exception{
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(mode, aesKey, ivSpec);
return cipher.doFinal(target);
}
}
As far as I'm concerned, the getInstance() method returns a Cipher object that implements the requested transformation, from the first Provider that supports this transformation.
Following, there is a list containing all of my available providers:
SUN
Alg.Alias.Signature.SHA1/DSA SHA1withDSA
Alg.Alias.Signature.1.2.840.10040.4.3 SHA1withDSA
Alg.Alias.Signature.DSS SHA1withDSA
SecureRandom.SHA1PRNG ImplementedIn Software
KeyStore.JKS sun.security.provider.JavaKeyStore$DualFormatJKS
Alg.Alias.MessageDigest.SHA-1 SHA
MessageDigest.SHA sun.security.provider.SHA
KeyStore.CaseExactJKS sun.security.provider.JavaKeyStore$CaseExactJKS
CertStore.com.sun.security.IndexedCollection ImplementedIn Software
Signature.SHA256withDSA sun.security.provider.DSA$SHA256withDSA
Alg.Alias.MessageDigest.OID.1.3.14.3.2.26 SHA
Alg.Alias.Signature.DSA SHA1withDSA
KeyFactory.DSA ImplementedIn Software
KeyStore.JKS ImplementedIn Software
AlgorithmParameters.DSA ImplementedIn Software
Signature.NONEwithDSA sun.security.provider.DSA$RawDSA
Alg.Alias.CertificateFactory.X509 X.509
Signature.SHA256withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
CertStore.com.sun.security.IndexedCollection sun.security.provider.certpath.IndexedCollectionCertStore
Provider.id className sun.security.provider.Sun
Alg.Alias.MessageDigest.1.3.14.3.2.26 SHA
Alg.Alias.Signature.SHA-1/DSA SHA1withDSA
KeyStore.DKS sun.security.provider.DomainKeyStore$DKS
Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2 SHA256withDSA
CertificateFactory.X.509 ImplementedIn Software
Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1 SHA224withDSA
Signature.SHA1withDSA KeySize 1024
Signature.NONEwithDSA KeySize 1024
KeyFactory.DSA sun.security.provider.DSAKeyFactory
CertPathValidator.PKIX ImplementedIn Software
Configuration.JavaLoginConfig sun.security.provider.ConfigFile$Spi
Alg.Alias.Signature.OID.1.2.840.10040.4.3 SHA1withDSA
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4 SHA-224
Alg.Alias.KeyFactory.1.2.840.10040.4.1 DSA
MessageDigest.MD5 ImplementedIn Software
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3 SHA-512
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2 SHA-384
Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1 SHA-256
Alg.Alias.Signature.RawDSA NONEwithDSA
Provider.id name SUN
Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1 DSA
CertPathBuilder.PKIX ValidationAlgorithm RFC3280
Policy.JavaPolicy sun.security.provider.PolicySpiFile
Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1 DSA
Signature.SHA224withDSA KeySize 2048
Alg.Alias.AlgorithmParameters.1.3.14.3.2.12 DSA
Alg.Alias.Signature.SHA/DSA SHA1withDSA
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12 DSA
MessageDigest.SHA-384 sun.security.provider.SHA5$SHA384
MessageDigest.SHA-224 sun.security.provider.SHA2$SHA224
Signature.SHA1withDSA ImplementedIn Software
AlgorithmParameterGenerator.DSA sun.security.provider.DSAParameterGenerator
Signature.NONEwithDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
MessageDigest.SHA-512 sun.security.provider.SHA5$SHA512
Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1 DSA
CertPathBuilder.PKIX sun.security.provider.certpath.SunCertPathBuilder
Alg.Alias.Signature.1.3.14.3.2.27 SHA1withDSA
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4 SHA-224
CertPathBuilder.PKIX ImplementedIn Software
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3 SHA-512
Provider.id version 1.8
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2 SHA-384
Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1 SHA-256
Signature.SHA256withDSA KeySize 2048
AlgorithmParameters.DSA sun.security.provider.DSAParameters
Signature.SHA1withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
CertStore.Collection sun.security.provider.certpath.CollectionCertStore
AlgorithmParameterGenerator.DSA ImplementedIn Software
KeyPairGenerator.DSA KeySize 2048
CertStore.LDAP sun.security.provider.certpath.ldap.LDAPCertStore
Alg.Alias.Signature.2.16.840.1.101.3.4.3.2 SHA256withDSA
CertificateFactory.X.509 sun.security.provider.X509Factory
Alg.Alias.Signature.2.16.840.1.101.3.4.3.1 SHA224withDSA
CertStore.LDAP LDAPSchema RFC2587
KeyPairGenerator.DSA ImplementedIn Software
CertStore.LDAP ImplementedIn Software
CertPathValidator.PKIX ValidationAlgorithm RFC3280
Signature.SHA224withDSA sun.security.provider.DSA$SHA224withDSA
CertStore.Collection ImplementedIn Software
Alg.Alias.Signature.1.3.14.3.2.13 SHA1withDSA
CertPathValidator.PKIX sun.security.provider.certpath.PKIXCertPathValidator
Alg.Alias.MessageDigest.SHA1 SHA
AlgorithmParameterGenerator.DSA KeySize 2048
SecureRandom.SHA1PRNG sun.security.provider.SecureRandom
Signature.SHA1withDSA sun.security.provider.DSA$SHA1withDSA
Alg.Alias.KeyFactory.1.3.14.3.2.12 DSA
KeyPairGenerator.DSA sun.security.provider.DSAKeyPairGenerator
MessageDigest.SHA ImplementedIn Software
Provider.id info SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1 DSA
MessageDigest.SHA-256 sun.security.provider.SHA2$SHA256
Alg.Alias.Signature.DSAWithSHA1 SHA1withDSA
MessageDigest.MD5 sun.security.provider.MD5
Alg.Alias.Signature.SHAwithDSA SHA1withDSA
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1 DSA
Signature.SHA224withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
MessageDigest.MD2 sun.security.provider.MD2
SunRsaSign
Signature.SHA224withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2 MD2withRSA
Provider.id name SunRsaSign
Signature.SHA224withRSA sun.security.rsa.RSASignature$SHA224withRSA
Signature.SHA512withRSA sun.security.rsa.RSASignature$SHA512withRSA
Signature.MD5withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Signature.MD2withRSA sun.security.rsa.RSASignature$MD2withRSA
Signature.MD2withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1 RSA
Provider.id version 1.8
KeyFactory.RSA sun.security.rsa.RSAKeyFactory
Signature.SHA512withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Signature.MD5withRSA sun.security.rsa.RSASignature$MD5withRSA
Signature.SHA256withRSA sun.security.rsa.RSASignature$SHA256withRSA
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
Signature.SHA1withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.14 SHA224withRSA
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1 RSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.13 SHA512withRSA
Signature.SHA256withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.12 SHA384withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.11 SHA256withRSA
Provider.id info Sun RSA signature provider
Signature.SHA1withRSA sun.security.rsa.RSASignature$SHA1withRSA
Signature.SHA384withRSA sun.security.rsa.RSASignature$SHA384withRSA
Alg.Alias.Signature.1.3.14.3.2.29 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.14 SHA224withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.13 SHA512withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.12 SHA384withRSA
Provider.id className sun.security.rsa.SunRsaSign
Alg.Alias.Signature.1.2.840.113549.1.1.4 MD5withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.11 SHA256withRSA
Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
KeyPairGenerator.RSA sun.security.rsa.RSAKeyPairGenerator
Alg.Alias.Signature.1.2.840.113549.1.1.2 MD2withRSA
Signature.SHA384withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4 MD5withRSA
SunEC
AlgorithmParameters.EC sun.security.ec.ECParameters
KeyAgreement.ECDH SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA256withECDSA ImplementedIn Software
Provider.id name SunEC
Signature.NONEwithECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA ImplementedIn Software
Signature.SHA1withECDSA sun.security.ec.ECDSASignature$SHA1
Alg.Alias.Signature.OID.1.2.840.10045.4.1 SHA1withECDSA
Signature.SHA256withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC KeySize 256
KeyFactory.EC ImplementedIn Software
Provider.id version 1.8
AlgorithmParameters.EC KeySize 256
Signature.NONEwithECDSA sun.security.ec.ECDSASignature$Raw
Signature.SHA512withECDSA ImplementedIn Software
Alg.Alias.KeyFactory.EllipticCurve EC
Signature.SHA256withECDSA sun.security.ec.ECDSASignature$SHA256
Alg.Alias.KeyPairGenerator.EllipticCurve EC
Signature.SHA512withECDSA sun.security.ec.ECDSASignature$SHA512
Signature.SHA1withECDSA KeySize 256
Signature.SHA1withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA384withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Alg.Alias.AlgorithmParameters.EllipticCurve EC
Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 EC
Alg.Alias.Signature.1.2.840.10045.4.1 SHA1withECDSA
Signature.SHA224withECDSA sun.security.ec.ECDSASignature$SHA224
Signature.SHA384withECDSA ImplementedIn Software
AlgorithmParameters.EC ImplementedIn Software
Provider.id info Sun Elliptic Curve provider (EC, ECDSA, ECDH)
Signature.SHA512withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC sun.security.ec.ECKeyPairGenerator
Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 SHA512withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 SHA384withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 SHA256withECDSA
KeyAgreement.ECDH sun.security.ec.ECDHKeyAgreement
Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 SHA224withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.4 SHA512withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.3 SHA384withECDSA
Signature.SHA384withECDSA sun.security.ec.ECDSASignature$SHA384
Alg.Alias.Signature.1.2.840.10045.4.3.2 SHA256withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.1 SHA224withECDSA
AlgorithmParameters.EC SupportedCurves [secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST K-233,1.3.132.0.26]|[sect233r1,NIST B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13]
Provider.id className sun.security.ec.SunEC
Signature.NONEwithECDSA ImplementedIn Software
Signature.SHA1withECDSA ImplementedIn Software
KeyPairGenerator.EC ImplementedIn Software
KeyFactory.EC sun.security.ec.ECKeyFactory
KeyAgreement.ECDH ImplementedIn Software
SunJSSE
Signature.MD5andSHA1withRSA sun.security.ssl.RSASignature
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2 MD2withRSA
Alg.Alias.KeyManagerFactory.PKIX NewSunX509
Provider.id name SunJSSE
KeyManagerFactory.NewSunX509 sun.security.ssl.KeyManagerFactoryImpl$X509
Alg.Alias.Signature.OID.1.3.14.3.2.29 SHA1withRSA
Signature.MD2withRSA sun.security.rsa.RSASignature$MD2withRSA
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1 RSA
Provider.id version 1.8
KeyManagerFactory.SunX509 sun.security.ssl.KeyManagerFactoryImpl$SunX509
KeyFactory.RSA sun.security.rsa.RSAKeyFactory
TrustManagerFactory.SunX509 sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory
Alg.Alias.TrustManagerFactory.X.509 PKIX
SSLContext.TLSv1.2 sun.security.ssl.SSLContextImpl$TLS12Context
SSLContext.TLSv1.1 sun.security.ssl.SSLContextImpl$TLS11Context
Signature.MD5withRSA sun.security.rsa.RSASignature$MD5withRSA
Alg.Alias.SSLContext.SSLv3 TLSv1
Alg.Alias.SSLContext.SSL TLS
KeyStore.PKCS12 sun.security.pkcs12.PKCS12KeyStore
Alg.Alias.TrustManagerFactory.SunPKIX PKIX
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
SSLContext.Default sun.security.ssl.SSLContextImpl$DefaultSSLContext
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1 RSA
Provider.id info Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)
Signature.SHA1withRSA sun.security.rsa.RSASignature$SHA1withRSA
TrustManagerFactory.PKIX sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
SSLContext.TLS sun.security.ssl.SSLContextImpl$TLSContext
SSLContext.TLSv1 sun.security.ssl.SSLContextImpl$TLS10Context
Alg.Alias.Signature.1.3.14.3.2.29 SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.TrustManagerFactory.X509 PKIX
Provider.id className com.sun.net.ssl.internal.ssl.Provider
Alg.Alias.Signature.1.2.840.113549.1.1.4 MD5withRSA
Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
KeyPairGenerator.RSA sun.security.rsa.RSAKeyPairGenerator
Alg.Alias.Signature.1.2.840.113549.1.1.2 MD2withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5 SHA1withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4 MD5withRSA
Even though I don't see any provider supporting the "AES/CTR/NoPadding" algorithm, there is no NoSuchAlgorithmException thrown by the execute() method, thus I suppose this algorithm is supported by one of the previous providers.
The list of providers was too long to fit into this post, if you need any information regarding a not mentioned specific provider, please let me know.
You can just call getProvider()
on any Cipher
(or MessageDigest
, etc.). If you do that for a Cipher using "AES/GCM/NoPadding"
you would get the SunJCE
provider. You would not get the additional service information, of course.
To get the service information about the AES cipher, try this code:
public static void main(String[] args) {
Provider[] provs = Security.getProviders();
for (Provider provider : provs) {
Service service = provider.getService("Cipher", "AES");
if (service == null) {
continue;
}
String modes = service.getAttribute("SupportedModes");
if (modes != null && modes.matches("(?i).*CTR.*")) {
System.out.println(service);
}
}
}
which will output:
SunJCE: Cipher.AES -> com.sun.crypto.provider.AESCipher$General
aliases: [Rijndael]
attributes: {SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, SupportedKeyFormats=RAW, SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128}
So there you have it: AES, CTR and NoPadding.
Admittedly, the Service
interface of Provider
is not that well described so it takes a bit of puzzling to get to this information.