Java Cryptography Extension

 

The Java™ Cryptography Extension (JCE) 1.2 is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. The JCE implementation on System i™ is compatible with the implementation of Sun Microsystems, Inc. This documentation covers the unique aspects of the System i implementation.

In order to understand this information, you should be familiar with the general documentation for the JCE extensions. See the Sun JCE documentation for more information about JCE extensions.

The IBM® JCE Provider supports the following algorithms:

Table 1. Supported algorithms in JDK 1.3 and JDK 1.4.2
JDK version Signature algorithms Cipher algorithms
1.3

SHA1withDSA
SHA1withRSA
MD5withRSA
MD2withRSA

Blowfish
AES
DES
Triple DES
PBEWithMD2AndDES
PBEWithMD2AndTripleDES
PBEWithMD2AndRC2
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithMD5AndRC2
PBEWithSHA1AndDES
PBEWithSHA1AndTripleDES
PBEWithSHA1AndRC2
PBEWithSHAAnd40BitRC2
PBEWithSHAAnd128BitRC2
PBEWithSHAAnd40BitRC4
PBEWithSHAAnd128BitRC4
PBEWithSHAAnd2KeyTripleDES
PBEWithSHAAnd3KeyTripleDES
Mars
RC2
RC4
RSA
Seal

1.4.2

SHA1withDSA
SHA1withRSA
MD5withRSA
MD2withRSA

Blowfish
AES
DES
Triple DES
PBEWithMD2AndDES
PBEWithMD2AndTripleDES
PBEWithMD2AndRC2
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithMD5AndRC2
PBEWithSHA1AndDES
PBEWithSHA1AndTripleDES
PBEWithSHA1AndRC2
PBEWithSHAAnd40BitRC2
PBEWithSHAAnd128BitRC2
PBEWithSHAAnd40BitRC4
PBEWithSHAAnd128BitRC4
PBEWithSHAAnd2KeyTripleDES
PBEWithSHAAnd3KeyTripleDES
Mars
RC2
RC4
RSA
Seal

Table 2. Supported algorithms in JDK 1.3 and JDK 1.4.2, continued
JDK version Message authentication codes (MACs) Message digests Key agreement algorithms
1.3

HmacSHA1
HmacMD2
HmacMD5

MD2
MD5
SHA-1

DiffieHellman
1.4.2

HmacSHA1
HmacMD2
HmacMD5

MD2
MD5
SHA-1
SHA-256
SHA-384
SHA-512

DiffieHellman

In addition, IBM JCE Provider also provides a random number generator.

If you want to use IBM JCE with Java 1.3, edit the /QIBM/ProdData/OS400/Java400/jdk/lib/security/java.security file. The section of the file that needs to be changed is shown as follows. 

#                                                           
# To use the IBMJCE security provider, you need to:          
# 1) Install an IBM Cryptographic Access Provider Product             
# 2) Uncomment the third provider entry that follows.               
#                                                            
# List of providers and their preference orders: 
#                                                            
security.provider.1=sun.security.provider.Sun                
security.provider.2=com.sun.rsajca.Provider                  
#security.provider.3=com.ibm.crypto.provider.IBMJCE

There is also a IBMJCEFIPS JCE provider. This provider has been validated and found to be compliant with Federal Information Processing standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules."

The IBMJCEFIPS JCE provider supports the following algorithms:

Table 3. Algorithms supported by the IBMJCEFIPS JCE provider
Signature algorithms Cipher algorithms Message authentication codes Message digests

SHA1withDSA
SHA1withRSA

AES
TripleDES
RSA

HmacSHA1

MD5
SHA-1
SHA-256
SHA-384
SHA-512

The IBMJCEFIPS JCE provider also supports the IBMSecureRandom algorithm for random number generation.

To use IBMJCEFIPS, you will need to add a symbolic link to your extension directory by issuing the following command: 

ADDLNK OBJ('/QIBM/ProdData/OS400/Java400/ext/ibmjcefips.jar')
NEWLNK(< your extension directory >)

You will also have to add the provider to the list of providers by either adding an entry in the java.security file (for example, security.provider.4=com.ibm.crypto.fips.provider.IBMJCEFIPS), or by using the Security.addProvider() method.

 

Parent topic:

Java security

Related concepts
Java security model Java Secure Socket Extension Java Authentication and Authorization Service IBM Java Generic Security Service (JGSS)