IT Guy

IT、AI / Machine Learning、IoT、Project Management、プログラミング、ITIL等々

Java Security API (JCA) - Security Providerのリスト出力


JavaのSecurity API (JCA - Java Cryptography Architecture)を使ったサンプル。Security Providerのリストを出力したり、指定したSecurity Providerの詳細情報を出力するプログラム。

ちなみに、Security Providerの一覧は、$<JAVA_HOME>/jre/lib/security以下のjava.securityファイルからの確認できる。

# List of providers and their preference orders (see above):


Java 1.8

Sample Code

import java.util.Iterator;
import java.util.Map;
 * List All Security Providers or Display detailed info on the specified Security provider
 * Usage
 * 1) No Argument : display all lists
 * 2) Argument - ProviderName : display detailed info
 *   e.g. "SunEC"
public class ListSecurityProvider {
    public static void main(String[] args) {
        try {
            if (args.length > 0) {
                Provider provider = Security.getProvider(args[0]);
                System.out.println(provider.getName() + " : Services provided");

                Iterator iter = provider.entrySet().iterator();
                while (iter.hasNext()) {
                    Map.Entry entry = (Map.Entry);
                    System.out.println("\t" + entry.getKey() + " = " + entry.getValue());
            } else {
                // list all Security providers
                Provider[] providers = Security.getProviders();
                for (int i = 0; i < providers.length; i++) {
                    System.out.println("Provider[" + (i+1) + "] " + providers[i].getName());
        } catch (NullPointerException e) {
            // Provider was not found
            System.err.println("The provider specified is not installed in the JRE");
            System.err.println("Please check the file in the $<JAVA_HOME>/jre/lib/security");


Provider[1] SUN
SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
Provider[2] SunRsaSign
Sun RSA signature provider
Provider[3] SunEC
Sun Elliptic Curve provider (EC, ECDSA, ECDH)
Provider[4] SunJSSE
Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)
Provider[5] SunJCE
SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
Provider[6] SunJGSS
Sun (Kerberos v5, SPNEGO)
Provider[7] SunSASL
Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)
Provider[8] XMLDSig
XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)
Provider[9] SunPCSC
Sun PC/SC provider
Provider[10] SunMSCAPI
Suns Microsoft Crypto API provider
引数 - SunECの場合
SunEC : Services provided
    AlgorithmParameters.EC =
    KeyAgreement.ECDH SupportedKeyClasses =|
    Signature.SHA256withECDSA ImplementedIn = Software name = SunEC
    Signature.NONEwithECDSA SupportedKeyClasses =|
    Signature.SHA224withECDSA ImplementedIn = Software
    Signature.SHA1withECDSA =$SHA1
    Alg.Alias.Signature.OID.1.2.840.10045.4.1 = SHA1withECDSA
    Signature.SHA256withECDSA SupportedKeyClasses =|
    Signature.SHA224withECDSA SupportedKeyClasses =|
    KeyPairGenerator.EC KeySize = 256
    KeyFactory.EC ImplementedIn = Software version = 1.8
    AlgorithmParameters.EC KeySize = 256
    Signature.NONEwithECDSA =$Raw
    Signature.SHA512withECDSA ImplementedIn = Software
    Alg.Alias.KeyFactory.EllipticCurve = EC
    Alg.Alias.KeyPairGenerator.EllipticCurve = EC
    Signature.SHA256withECDSA =$SHA256
    Signature.SHA512withECDSA =$SHA512
    Signature.SHA1withECDSA KeySize = 256
    Signature.SHA1withECDSA SupportedKeyClasses =|
    Signature.SHA384withECDSA SupportedKeyClasses =|
    Alg.Alias.AlgorithmParameters.EllipticCurve = EC
    Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 = EC
    Alg.Alias.Signature.1.2.840.10045.4.1 = SHA1withECDSA
    Signature.SHA224withECDSA =$SHA224
    Signature.SHA384withECDSA ImplementedIn = Software
    AlgorithmParameters.EC ImplementedIn = Software info = Sun Elliptic Curve provider (EC, ECDSA, ECDH)
    Signature.SHA512withECDSA SupportedKeyClasses =|
    KeyPairGenerator.EC =
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 = SHA512withECDSA
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 = SHA384withECDSA
    KeyAgreement.ECDH =
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 = SHA256withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.4 = SHA512withECDSA
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 = SHA224withECDSA
    Signature.SHA384withECDSA =$SHA384
    Alg.Alias.Signature.1.2.840.10045.4.3.3 = SHA384withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.2 = SHA256withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.1 = SHA224withECDSA
    Signature.SHA1withECDSA ImplementedIn = Software
    Signature.NONEwithECDSA ImplementedIn = Software className =
    AlgorithmParameters.EC SupportedCurves = [secp112r1,]|[secp112r2,]|[secp128r1,]|[secp128r2,]|[secp160k1,]|[secp160r1,]|[secp160r2,]|[secp192k1,]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,]|[secp224r1,NIST P-224,]|[secp256k1,]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,]|[secp521r1,NIST P-521,]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,]|[sect113r2,]|[sect131r1,]|[sect131r2,]|[sect163k1,NIST K-163,]|[sect163r1,]|[sect163r2,NIST B-163,]|[sect193r1,]|[sect193r2,]|[sect233k1,NIST K-233,]|[sect233r1,NIST B-233,]|[sect239k1,]|[sect283k1,NIST K-283,]|[sect283r1,NIST B-283,]|[sect409k1,NIST K-409,]|[sect409r1,NIST B-409,]|[sect571k1,NIST K-571,]|[sect571r1,NIST B-571,]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,]|[brainpoolP192r1,]|[brainpoolP224r1,]|[brainpoolP256r1,]|[brainpoolP320r1,]|[brainpoolP384r1,]|[brainpoolP512r1,]
    KeyPairGenerator.EC ImplementedIn = Software
    KeyAgreement.ECDH ImplementedIn = Software
    KeyFactory.EC =

JCA(Java Cryptography Architecture) vs. JCE(Java Cryptography Extension)


  • Prior to JDK 1.4, the JCE was an unbundled product, and as such, the JCA and JCE were regularly referred to as separate, distinct components.
  • Strictly speaking, the JCE extends the JCA by simply exposing more engines and including an additional provider, the SunJCE provider, that includes one or more implementations for each engine. The separation between the JCA and the JCE was a result of political situations, not technical limitations. The JCE places its classes in a different package, javax.crypto.*.
  • As JCE is now bundled in the JDK, the distinction is becoming less apparent. Since the JCE uses the same architecture as the JCA, the JCE should be more properly thought of as a part of the JCA.