Java Cryptography Extension V1.2.1

 

 

Contents

  1. Overview
  2. Differences between IBM and Sun versions of JCE
  3. JCE documentation
  4. Using JCE
  5. JCE sample code

 

Overview

The Java Cryptography Extension (JCE) 1.2.1 provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects.

JCE 1.2.1 supplements the J2EE implementations of message digests and digital signatures.

For a general overview of JCE, visit http://java.sun.com/products/jce. The documents at this Web site contain links to many other Web-based information sources.

 

Differences between IBM and Sun versions of JCE

The IBM version of JCE differs from the Sun version in the following ways:

  • The com.sun.crypto.provider.* packages have been moved to com.ibm.crypto.provider* packages.
  • IBM provides more algorithms in the JCE. The algorithms are:

      Cipher algorithms

      • RSA encryption/decryption
      • Blowfish
      • DES
      • Triple DES
      • Mars
      • RC2
      • RC4
      • Seal
      • PBE with MD2 and DES
      • PBE with MD2 and Triple DES
      • PBE with MD2 and RC2
      • PBE with MD5 and DES
      • PBE with MD5 and Triple DES
      • PBE with MD5 and RC2
      • PBE with SHA1 and DES
      • PBE with SHA1 and TripleDES
      • PBE with SHA1 and RC2
      • PBE with SHA1 and 40-bit RC2
      • PBE with SHA1 and 128-bit RC2
      • PBE with SHA1 and 40-bit RC4
      • PBE with SHA1 and 128-bit RC4
      • PBE with SHA1 and 2-key Triple DES
      • PBE with SHA1 and 3-key Triple DES

      Signature algorithms

      • RSA/SHA1, RSA/MD5, RSA/MD2 signatures
      • DSA/SHA1 signature

      Message digest algorithms


      Message authentication code (MAC)

      • Hmac/SHA1
      • Hmac/MD2
      • Hmac/MD5

      Key agreement algorithm

      • DiffieHellman

      Random number generation algorithm

      • Secure Random

      Key Store

      • JCEKS
      • JKS
      • PKCS12KS

     

    JCE documentation

    To use the JCE APIs, expand the jcedocs.jar file, which is located in the docs\jce\jcedocs.jar file of the main directory. The files that are extracted contain the following information:

    index.html A full list of all APIs
    com/ibm/crypto/provider The IBM JCE provider API
    com/ibm/crypto/tools The IBM JCE keytool API
    javax/crypto The JCE framework

     

    Using JCE

    To use the IBMJCE 1.2.1 provider, include the following IBM JCE JAR files in your CLASSPATH if they are not already located in your Java extensions directory (e.g., (java)\(jre)\lib\ext):

    • ibmjceprovider.jar
    • ibmjcefw.jar
    • local_policy.jar
    • US_export_policy.jar

    *New* Beginning with the 2002 July build, ibmpkcs.jar is required. Please make sure the ibmpkcs.jar is also located in the Java extensions directory.

    Check your CLASSPATH and Java extensions directory for the file ibmjcaprovider.jar. This file must be removed from both your CLASSPATH and Java extensions directory. The file can not just be renamed, it must be removed. If it is not removed, than errors such as, the JCE provider can not be accessed, may result.

    Also, specify the following in your java.security file:

    security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.crypto.provider.IBMJCE

    Note that the IBM JCE provider must be placed after the default Sun JCA provider that is available with the JRE.

    Now, you are ready to use the IBMJCE provider.

     

    JCE sample code

    The sample programs that demonstrate how to use the IBMJCE are located in the docs\jce\samplejce.jar file.

     

    IBM is a trademark of the IBM Corporation in the United States, other countries, or both.