Supported Ciphers

SafeNet ProtectToolkit-J includes support for symmetric block and stream ciphers, as well as support for the asymmetric RSA cipher. The following algorithms are available through the javax.crypto.Cipher interface:

Cipher Name Key Length (bits) Block Size (bits) Cipher Modes Padding
DES 64 64 ECB,CBC PKCS5Padding, NoPadding
DESede 128,192 64 ECB,CBC PKCS5Padding, NoPadding
AES 128,182,256 64 ECB,CBC PKCS5 Padding, NoPadding
IDEA 128 64 ECB,CBC PKCS5Padding, NoPadding
CAST128 8-128 64 ECB,CBC PKCS5Padding, NoPadding
RC2 0-1024 64 ECB,CBC PKCS5Padding, NoPadding
RC4 8-2048 N/A ECB NoPadding
PBEWithMD2AndDES(PBE Ciphers) 64 64 N/A N/A
PBEWithMD5AndDES(PBE Ciphers) 64 64 N/A N/A
PBEWithMD5AndCAST(PBE Ciphers) 128 128 N/A N/A
PBEWithSHA1AndCAST(PBE Ciphers) 128 128 N/A N/A
PBEWithSHA1AndTripleDES(PBE Ciphers) 128 128 N/A N/A
RSA 512-4096 variable ECB PCKS1Padding, NoPadding,
OAEP, OAEPPadding

Here, the Cipher name is the name of the Cipher as known to the JCE. To request a particular algorithm, pass this name to the Cipher.getInstance() method. Some algorithms support different key lengths, and the supported key lengths are listed in the table above. The block size is the size of data that is processed by the cipher. During encryption, the amount of data processed must be a multiple of this size, unless padding is employed (see below), and the encrypted output will therefore be a multiple of this size.

Electronic Codebook Mode (ECB) and Cipher Block Chaining (CBC) are defined in FIPS PUB 81: DES Modes of Operation. All ciphers will default to ECB mode.

PKCS#5 padding is defined in PKCS#5, and is the standard padding applied to block ciphers with a block size of 64 bits. DES, DESede, IDEA, CAST128 and RC2 all default to "NoPadding". When PKCS5Padding is employed with a block cipher, the input data for encryption can be any length, and will be padded to the appropriate length before encryption.

PKCS#1 padding is defined in PKCS#1, and is the standard padding mechanism for the RSA cipher. When this padding mechanism is used, PKCS#1 padding will be performed on each block encrypted. For public-key encryption PKCS#1 type 1 blocks will be created, and for private-key encryption type 2 blocks will be created. When “NoPadding” is requested, no PKCS#1 packing is applied to the data and the processing is performed as per the X.509 (raw) RSA specification.

Cipher Algorithm Parameters

Currently, SafeNet ProtectToolkit-J does not support algorithm parameters.

Calls to Cipher.getParameters() will always return null. Neither does the provider include any java.security.AlgorithmParameters classes.