Supported Ciphers
SafeNet ProtectToolkit-J includes support for symmetric block and stream ciphers, as well as support for the asymmetric RSA cipher. The following algorithms are available through the javax.crypto.Cipher interface:
| Cipher Name | Key Length (bits) | Block Size (bits) | Cipher Modes | Padding |
|---|---|---|---|---|
| DES | 64 | 64 | ECB,CBC | PKCS5Padding, NoPadding |
| DESede | 128,192 | 64 | ECB,CBC | PKCS5Padding, NoPadding |
| AES | 128,182,256 | 64 | ECB,CBC | PKCS5 Padding, NoPadding |
| IDEA | 128 | 64 | ECB,CBC | PKCS5Padding, NoPadding |
| CAST128 | 8-128 | 64 | ECB,CBC | PKCS5Padding, NoPadding |
| RC2 | 0-1024 | 64 | ECB,CBC | PKCS5Padding, NoPadding |
| RC4 | 8-2048 | N/A | ECB | NoPadding |
| PBEWithMD2AndDES(PBE Ciphers) | 64 | 64 | N/A | N/A |
| PBEWithMD5AndDES(PBE Ciphers) | 64 | 64 | N/A | N/A |
| PBEWithMD5AndCAST(PBE Ciphers) | 128 | 128 | N/A | N/A |
| PBEWithSHA1AndCAST(PBE Ciphers) | 128 | 128 | N/A | N/A |
| PBEWithSHA1AndTripleDES(PBE Ciphers) | 128 | 128 | N/A | N/A |
| RSA | 512-4096 | variable | ECB | PCKS1Padding, NoPadding, OAEP, OAEPPadding |
Here, the Cipher name is the name of the Cipher as known to the JCE. To request a particular algorithm, pass this name to the Cipher.getInstance() method. Some algorithms support different key lengths, and the supported key lengths are listed in the table above. The block size is the size of data that is processed by the cipher. During encryption, the amount of data processed must be a multiple of this size, unless padding is employed (see below), and the encrypted output will therefore be a multiple of this size.
Electronic Codebook Mode (ECB) and Cipher Block Chaining (CBC) are defined in FIPS PUB 81: DES Modes of Operation. All ciphers will default to ECB mode.
PKCS#5 padding is defined in PKCS#5, and is the standard padding applied to block ciphers with a block size of 64 bits. DES, DESede, IDEA, CAST128 and RC2 all default to "NoPadding". When PKCS5Padding is employed with a block cipher, the input data for encryption can be any length, and will be padded to the appropriate length before encryption.
PKCS#1 padding is defined in PKCS#1, and is the standard padding mechanism for the RSA cipher. When this padding mechanism is used, PKCS#1 padding will be performed on each block encrypted. For public-key encryption PKCS#1 type 1 blocks will be created, and for private-key encryption type 2 blocks will be created. When “NoPadding” is requested, no PKCS#1 packing is applied to the data and the processing is performed as per the X.509 (raw) RSA specification.
Cipher Algorithm Parameters
Currently, SafeNet ProtectToolkit-J does not support algorithm parameters.
Calls to Cipher.getParameters() will always return null. Neither does the provider include any java.security.AlgorithmParameters classes.
