本文介绍了JCE Provider支持的安全随机算法、密钥类型、消息摘要、MAC/HMAC算法、最大加密和解密长度以及签名。
支持的安全随机算法
算法 | 大小 |
AES-CTR-DRBG (FIPS compliant) | AES-CTR-DRBG安全随机算法可以在HSM内为每个API调用生成多达8000字节的随机数。 |
支持的密钥类型
算法 | 支持的大小(比特) |
AES | 128, 192, 256 (default) |
RSA密钥对 | 2048, 2304, 2560, 2816,3072, 3328, 3584, 3840,4096 (default) |
Triple DES (DESede) | 192 |
EC密钥对 | NIST P256NIST P384 (没有默认值,因为密钥必须使用标准名称构建。) |
XDH密钥对 | X25519 |
ECC曲线 | secp256k1 |
HMAC | HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 |
支持的信息摘要
摘要名称 |
AES-CMAC |
SHA-1 |
SHA-224 |
SHA-256 |
SHA-384 |
SHA-512 |
支持的MAC/HMAC算法
算法 | JCA name |
HmacSHA1 | HmacSHA1, Hmac128SHA1 |
HmacSHA224 | HmacSHA224, Hmac128SHA224 |
HmacSHA256 | HmacSHA256, Hmac128SHA256 |
HmacSHA384 | HmacSHA384, Hmac256SHA384 |
HmacSHA512 | HmacSHA512, Hmac256SHA512 |
AESCMAC | AESCMAC |
支持的最大加密和解密长度
算法 | 加密最大长度 | 解密最大长度 |
AES-CBC | No max limit | No max limit |
AES-CCM | 16000 bytes | 16000 bytes |
AES-CTR | No max limit | No max limit |
AES-ECB | No max limit | No max limit |
AES-GCM | 16000 bytes | 16000 bytes |
DESede-CBC | No max limit | No max limit |
DESede-ECB | No max limit | No max limit |
支持的签名
算法 | 签名 | JCA名称 |
EC | NONE with ECDSA | NONEwithECDSA |
SHA1 with ECDSA | SHA1withECDSA | |
SHA224 with ECDSA | SHA224withECDSA | |
SHA256 with ECDSA | SHA256withECDSA | |
SHA384 with ECDSA | SHA384withECDSA | |
SHA512 with ECDSA | SHA512withECDSA | |
RSA/PKCS1.5 | NONEwithRSA | NONEwithRSA |
SHA1 with RSA | SHA1withRSA | |
SHA224 with RSA | SHA224withRSA | |
SHA256 with RSA | SHA256withRSA | |
SHA384 with RSA | SHA384withRSA | |
SHA512 with RSA | SHA512withRSA | |
PSS | PSS SHA1 with RSA | SHA1withRSA/PSS SHA1withRSAandMGF1 |
PSS SHA224 with RSA | SHA224withRSA/PSS SHA224withRSAandMGF1 | |
PSS SHA256 with RSA | SHA256withRSA/PSS SHA256withRSAandMGF1 | |
PSS SHA384 with RSA | SHA384withRSA/PSS SHA384withRSAandMGF1 | |
PSS SHA512 with RSA | SHA512withRSA/PSS SHA512withRSAandMGF1 |