Supported Cryptographic Algorithms
The following table lists the cryptographic algorithms supported by the CADP for Java Provider. Not all algorithms are supported by all client software.
Algorithm | Supported Operations | Description | Function |
---|---|---|---|
AES | — Encrypt — Decrypt | symmetric key block cipher | Highly secure algorithm; recommended for most environments. |
DES | — Encrypt — Decrypt | symmetric key block cipher | Known to be an insecure algorithm; not recommended for any environment. |
DESede | — Encrypt — Decrypt | symmetric key block cipher | Not as secure as AES; can be used in many environments. |
FPE | — Encrypt — Decrypt | symmetric key block cipher | Used to encrypt data keeping the formatting preserved. |
ARIA | — Encrypt — Decrypt | symmetric key block cipher | Not as secure as AES; can be used in many environments. |
HMAC | — MAC — MAC Verify | keyed hash function | Used to protect integrity and authenticity. Strength is determined by key size. |
RC4 | — Encrypt — Decrypt | symmetric key stream cipher | Extremely slow compared to block ciphers. |
RSA | — Encrypt — Decrypt — Sign — Sign Verify — Wrap | asymmetric key algorithm | Used to encrypt data and create digital signatures; not the recommended encryption algorithm. |
EC | — Encrypt — Decrypt — Sign — Sign Verify — Wrap | asymmetric key algorithm | Used to encrypt data and create digital signatures. |
SEED | — Encrypt — Decrypt | symmetric key block cipher | National standard encryption algorithm in the Republic of Korea. |
GCM | — Encrypt — Decrypt | symmetric key block cipher | Used to achieve encryption and data integrity. |
Supported public algorithms
CADP for Java supports the following public algorithms:
AES
Block Size | 16 bytes |
Supported Modes | — ECB (default) — CBC — CTR |
Padding Schemes | — PKCS5Padding — NoPadding – When using AES with NoPadding in CBC or ECB mode, then you must supply the cipher text in multiples of 16 bytes. |
IV | CBC or CTR mode requires a 16 byte IV. IV is not allowed in ECB mode. |
Key Size (in bits) | — 128 (default) — 192 — 256 |
Identifier Strings | — AES/CBC/NoPadding — AES/CBC/PKCS5Padding — AES/ECB/NoPadding — AES/ECB/PKCS5Padding — AES: This is equivalent to AES/ECB/PKCS5Padding — AES/CTR/NoPadding (This algorithm is supported in local mode only). |
AES/GCM
Supported Mode | GCM |
Padding Schemes | NoPadding |
IV | 1 to 16 byte IV For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused during encryption/decryption operations. |
Key Size (in bits) | — 128 (default) — 192 — 256 |
Identifier Strings | AES/GCM/NoPadding |
AAD | This is the data that will be passed to the recipient in plain text, but need to be 'authenticated' to avoid being tampered (optional). |
TagLen | Ensures the data is not accidentally altered or maliciously tampered during transmission or storage. The TagLen is 32 to 128 bits in multiple of 8. |
DES
Block Size | 8 bytes |
Supported Modes | — ECB (default) — CBC |
Padding Schemes | — PKCS5Padding — NoPadding Note: When using DES with NoPadding, the data for encryption must be in multiples of 8 bytes. |
IV | CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
Key Size (in bits) | 56 bits. The key contains an extra 8 bits of parity, for a total key to 64 bits. |
Identifier Strings | — DES/CBC/NoPadding: uses outer CBC mode — DES/CBC/PKCS5Padding: uses outer CBC mode — DES/ECB/NoPadding — DES/ECB/PKCS5Padding — DES: This is equivalent to DES/ECB/PKCS5Padding |
DESede
Block Size | 8 bytes |
Supported Modes | — ECB (default) — CBC |
Padding Schemes | — PKCS5Padding (dafault) — NoPadding When using DESede with NoPadding, then data for encryption must be in multiples of 8 bytes. |
IV | CBC mode requires an 8 byte IV. IV is not allowed in ECB mode. |
Key Size (in bits) | Supported key sizes are 168 (default) and 112 bits. Each key contains an extra 8 bits of parity. Thus, when you create a key of 112 bits, the actual key size is 128 bits; when you create a key of 168 bits, the actual key size is 192 bits. A key size of 112 bits refers to two-key triple DES. The sequence of operations in two-key triple DES is: — Encrypt with Key1 — Decrypt with Key2 — Encrypt with Key1 A key size of 168 bits refers to three-key triple DES. The sequence of operations in three-key triple DES is: — Encrypt with Key1 — Decrypt with Key2 — Encrypt with Key3 |
Identifier Strings | — DESede/CBC/NoPadding: uses outer CBC mode — DESede/CBC/PKCS5Padding: uses outer CBC mode — DESede/ECB/NoPadding — DESede/ECB/PKCS5Padding — DESede: This is equivalent to DESede/ECB/PKCS5Padding |
HMAC
Supported Hash Function | — SHA1 — SHA256 — SHA384 — SHA512 |
IV | No IV is required. |
Key Size | Keys can be between 128 and 512 bits. The HMAC keys you generate should be a multiple of 8 bytes. On some platforms, HMAC keys that are not a multiple of 8 bytes might yield incorrect results when generating MACs. |
Identifier Strings | — HmacSHA1 — HmacSHA256 — HmacSHA384 — HmacSHA512 |
Additional Notes | HMAC is a stream cipher. HMAC keys are bitstreams of multiples of 8 bits. |
RC4
IV | No IV is required. |
Key Size | Supported key sizes are 40 and 128 bits. |
Identifier Strings | RC4 |
Additional Notes | RC4 is a stream cipher with byte-oriented operations, which means that RC4 keys are bitstreams of multiples of 8 bits. |
RSA
Padding Scheme | — PKCS1Padding — PKCS1OAEPPadding — PKCS1OAEPPaddingSHA384 — PKCS1OAEPPaddingSHA512 — PKCS1OAEPPaddingSHA256 Note: — PKCS1OAEPPaddingSHA256/384 are not supported with keysize 512 — PKCS1OAEPPaddingSHA512 is not supported with keysize 512 and 1024. — Cipher initialization supports OAEPParameterSpec, which can be used to provide user specified salt in local mode. |
IV | No IV is required. |
Key Size | — 512 — 1024 (default) — 2048 — 3072 — 4096 Note: — RSA-3072 and RSA-4096 are not supported for cryptographic operations on i300 series Key Manager appliances. — Keys using these algorithms can still be created, imported, and exported on those devices. |
Identifier Strings | — SHA1withRSA: for signatures — RSA: for encryption |
Additional Notes | The ciphertext is always the size of the RSA key; if your RSA key is 2048 bits (256 bytes), then the ciphertext is 256 bytes. Because they use PKCS#1 padding, RSA keys can encrypt data up to 11 bytes smaller than the key size. If you use a 2048-bit RSA key, then the maximum data size that you can encrypt with that key is 245 bytes. RSA keys cannot be used to perform data migration operations. |
The following table provides the SunJCE transformation names corresponding to CADP for Java transformations:
CADP for JAVA Transformations | SunJCE Transformations | OAEP Parameters to be used with SunJCE |
---|---|---|
RSA/None/ PKCS1OAEPPadding | RSA/ECB/OAEPwithSHA-1andMGF1Padding | new OAEPParameterSpec ("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource PSpecified.DEFAULT) |
RSA/None/ PKCS1OAEPPaddingSHA256 | RSA/ECB/OAEPwithSHA-256andMGF1Padding | new OAEPParameterSpec ("SHA-256","MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT) |
RSA/None/ PKCS1OAEPPaddingSHA384 | RSA/ECB/OAEPwithSHA-384andMGF1Padding | new OAEPParameterSpec ("SHA-384", "MGF1" ,MGF1ParameterSpec.SHA384, PSource.PSpecified.DEFAULT) |
RSA/None/ PKCS1OAEPPaddingSHA512 | RSA/ECB/OAEPwithSHA- 512andMGF1Padding | new OAEPParameterSpec ("SHA-512", "MGF1" ,MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT) |
EC
Padding Scheme | — ECIESwithSHA1AES/CBC/PKCS5Padding — ECIESwithSHA224AES/CBC/PKCS5Padding — ECIESwithSHA256AES/CBC/PKCS5Padding — ECIESwithSHA384AES/CBC/PKCS5Padding — ECIESwithSHA512AES/CBC/PKCS5Padding — ECIESwithSHA1AES/CBC/NoPadding — ECIESwithSHA224AES/CBC/NoPadding — ECIESwithSHA256AES/CBC/NoPadding — ECIESwithSHA384AES/CBC/NoPadding — ECIESwithSHA512AES/CBC/NoPadding — ECIESwithSHA1DESede/CBC/NoPadding — ECIESwithSHA224DESede/CBC/NoPadding — ECIESwithSHA256DESede/CBC/NoPadding — ECIESwithSHA384DESede/CBC/NoPadding — ECIESwithSHA512DESede/CBC/NoPadding — ECIESwithSHA1DESede/CBC/PKCS5Padding — ECIESwithSHA224DESede/CBC/PKCS5Padding — ECIESwithSHA256DESede/CBC/PKCS5Padding — ECIESwithSHA384DESede/CBC/PKCS5Padding — ECIESwithSHA512DESede/CBC/PKCS5Padding |
Internal Symmetric Algorithm | — AES — DESede |
IV | — 16 byte IV is required for AES based algorithms — 8 byte IV is required for DES based algorithms. |
Curve ID | — secp224k1 — secp224r1 — secp256k1 — secp384r1 — secp521r1 — prime256v1 — brainpoolP224r1 — brainpoolP224t1 — brainpoolP256r1 — brainpoolP256t1 — brainpoolP384r1 — brainpoolP384t1 — brainpoolP512r1 — brainpoolP512t1 |
Mode | CBC |
Additional Notes | — Only doFinal call is supported for data length of less than 3,000 bytes (data length depends on the Curve ID used.) — Multipart Update is not supported. |
SEED
Block Size | 16 bytes |
Supported Modes | — ECB — CBC |
Padding Schemes | — PKCS5Padding — NoPadding |
IV | — CBC mode requires a 16 byte IV. — IV is not allowed in ECB mode. |
Key Size in bits | 128 |
Additional Notes | When using SEED with NoPadding, then data for encryption must be in multiples of 16 bytes. |
ARIA
Block Size | 16 bytes |
Supported Modes | — ECB (default) — CBC |
Padding Schemes | — PKCS5Padding — NoPadding When using ARIA in NoPadding mode, you must supply ciphertext in multiples of 16 bytes. |
IV | — CBC mode requires a 16 byte IV. — IV is not allowed in ECB mode. |
Key Size | —128 bits — 192 — 256 |
Identifier Strings | — ARIA/CBC/NoPadding — ARIA/CBC/PKCS5Padding — ARIA/ECB/NoPadding — ARIA/ECB/PKCS5Padding — ARIA (equivalent to ARIA/ECB/PKCS5Padding) |
Additional Notes | When using ARIA with NoPadding, then data for encryption must be in multiples of 16 bytes. |
FPE/AES
Cardinalities | — CARD10 — CARD26 — CARD62 —UNICODE |
IV | — FPE/AES/CARD10: a 56 bytes IV when data size is >56 bytes — FPE/AES/CARD26: a 40 bytes IV when data size is >40 bytes — FPE/AES/CARD62:a 32 bytes IV when data size is >32 bytes — For FPE/AES/UNICODE: When cardinality is y, a x characters IV is used when data size is >x characters. Here, y is the number of characters in the unicode character set file, and corresponding value of x is derived using the following formula: double lg = Math.log10(Math.pow((double)2,(double)96))/Math.log10((double)CharacterSet_size); double block_len = 2 * Math.floor(lg); The table with cardinality and corresponding IV value based on the above formula is provided in here. Note: If data size is less than the block_len and IV is supplied, The Algorithm doesn't requires IV error is returned. To avoid this error, set the setIgnoreIv flag to true. The following code snippet shows how to pass setIgnoreIv . new FPEParameterAndFormatBuilder().set_tweakData(tweakData) .set_tweakAlgorithm(tweakAlgo).set_spec(spec).setFpeFormat(fpeFormat). setIsExternalVersion(true).setKeyVersion(versionHeader).setIgnoreIv(true).build() The value of each hex encoded byte in the IV value will be in the range 00 to (cardinality-1). For example, when CARD62 is used, the maximum value will be 3D (hex encode of 62-1=61). In the following IV for CARD62 0102030405060708090A0B0C0D0E0F1000303132333435363738393A3B3C3D3D ,the hex 0A lies in the range 00 to cardinality-1 that is, 00 to 3D. |
Key Size in bits | —128 (default) — 192 — 256 |
Identifier Strings | — FPE/AES/CARD10 — FPE/AES/CARD26 — FPE/AES/CARD62 — FPE/AES/UNICODE |
Tweak Algorithm | Specify a hashing algorithm to be applied to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256 |
Tweak Data | Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. If, tweak data algorithm is "None" or absent, the value must be HEX encoded string representing 64 bit long (hence, HEX encoding will consume 16 characters). |
Additional Notes | Versioned key is not supported in remote mode. Default Tweak Algorithm will be None if invalid or Null value is provided. CARD26, CARD62, and UNICODE are supported only in local mode. CARD 10 is supported in local and remote mode. It supports five formats for CARD10: — LAST_FOUR — FIRST_SIX_LAST_FOUR — FIRST_SIX — FIRST_TWO_LAST_FOUR — NONE |
FPE/FF1
Cardinalities | — CARD10 — CARD26 — CARD62 —UNICODE |
Key Size in bits | —128 (default) — 192 — 256 |
Identifier Strings | — FPE/FF1/CARD10 — FPE/FF1/CARD26 — FPE/FF1/CARD62 — FPE/FF1/UNICODE |
Tweak Algorithm | Specify a hashing algorithm to be applied to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256 |
Tweak Data | Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. If tweak algorithm is None, the tweak data is optional. If tweak data is provided, the value must be HEX encoded string. |
Additional Notes | Default Tweak Algorithm will be None if invalid or Null value is provided.CARD10, CARD26, CARD62, and UNICODE are supported only in local mode. It supports five formats: — LAST_FOUR — FIRST_SIX_LAST_FOUR — FIRST_SIX — FIRST_TWO_LAST_FOUR — NONE |
FPE/FF1v2
Cardinalities | — CARD10 — CARD26 — CARD62 —UNICODE |
Key Size in bits | —128 (default) — 192 — 256 |
Identifier Strings | — FPE/FF1v2/CARD10 — FPE/FF1v2/CARD26 — FPE/FF1v2/CARD62 — FPE/FF1v2/UNICODE |
Tweak Algorithm | Specify a hashing algorithm to be applied to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256 |
Tweak Data | Tweak data is optional but highly recommended. It uses the tweakable cipher concept to protect against statistical attacks due to potentially small input/output space. If tweak algorithm is None, the tweak data is optional. If tweak data is provided, the value must be HEX encoded string. |
Additional Notes | Default Tweak Algorithm will be None if invalid or Null value is provided.CARD10, CARD26, CARD62, and UNICODE are supported only in local mode. It supports five formats: — LAST_FOUR — FIRST_SIX_LAST_FOUR — FIRST_SIX — FIRST_TWO_LAST_FOUR — NONE |
FPE/FF3
Cardinalities | — CARD10 — CARD26 — CARD62 —UNICODE |
Key Size in bits | —128 (default) — 192 — 256 |
Identifier Strings | — FPE/FF3/CARD10 — FPE/FF3/CARD26 — FPE/FF3/CARD62 — FPE/FF3/UNICODE |
Tweak Algorithm | Specify a hashing algorithm to be applied to specified tweak data beforehand. Valid values: — None — SHA1 — SHA256 |
Tweak Data | If tweak algorithm is None, the value must be 16 characters HEX encoded string. For tweak algorithm SHA1 and SHA256, the tweak data length should be ≤ 256 characters. |
Additional Notes | Default Tweak Algorithm will be None if Null value is provided. CARD10, CARD26, CARD62, and UNICODE are supported only in local mode. It supports five formats: — LAST_FOUR — FIRST_SIX_LAST_FOUR — FIRST_SIX — FIRST_TWO_LAST_FOUR — NONE |