概要
JavaのSecurity API (JCA - Java Cryptography Architecture)を使ったサンプル。Security Providerのリストを出力したり、指定したSecurity Providerの詳細情報を出力するプログラム。
ちなみに、Security Providerの一覧は、$<JAVA_HOME>/jre/lib/security以下のjava.securityファイルからの確認できる。
... # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=sun.security.ec.SunEC security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.9=sun.security.smartcardio.SunPCSC security.provider.10=sun.security.mscapi.SunMSCAPI ...
実行環境
Java 1.8
Sample Code
package com.sahn.security.test; import java.security.Provider; import java.security.Security; import java.util.Iterator; import java.util.Map; /* * List All Security Providers or Display detailed info on the specified Security provider * * Usage * 1) No Argument : display all lists * 2) Argument - ProviderName : display detailed info * e.g. "SunEC" */ public class ListSecurityProvider { public static void main(String[] args) { try { if (args.length > 0) { Provider provider = Security.getProvider(args[0]); System.out.println(provider.getName() + " : Services provided"); Iterator iter = provider.entrySet().iterator(); while (iter.hasNext()) { Map.Entry entry = (Map.Entry) iter.next(); System.out.println("\t" + entry.getKey() + " = " + entry.getValue()); } } else { // list all Security providers Provider[] providers = Security.getProviders(); for (int i = 0; i < providers.length; i++) { System.out.println("Provider[" + (i+1) + "] " + providers[i].getName()); System.out.println(providers[i].getInfo()); System.out.println(""); } } } catch (NullPointerException e) { // Provider was not found System.err.println("The provider specified is not installed in the JRE"); System.err.println("Please check the java.security file in the $<JAVA_HOME>/jre/lib/security"); } } }
実行結果サンプル
引数無しの場合
Provider[1] SUN SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration) Provider[2] SunRsaSign Sun RSA signature provider Provider[3] SunEC Sun Elliptic Curve provider (EC, ECDSA, ECDH) Provider[4] SunJSSE Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2) Provider[5] SunJCE SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) Provider[6] SunJGSS Sun (Kerberos v5, SPNEGO) Provider[7] SunSASL Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) Provider[8] XMLDSig XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices) Provider[9] SunPCSC Sun PC/SC provider Provider[10] SunMSCAPI Suns Microsoft Crypto API provider
引数 - SunECの場合
SunEC : Services provided
AlgorithmParameters.EC = sun.security.ec.ECParameters
KeyAgreement.ECDH SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA256withECDSA ImplementedIn = Software
Provider.id name = SunEC
Signature.NONEwithECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA ImplementedIn = Software
Signature.SHA1withECDSA = sun.security.ec.ECDSASignature$SHA1
Alg.Alias.Signature.OID.1.2.840.10045.4.1 = SHA1withECDSA
Signature.SHA256withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA224withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC KeySize = 256
KeyFactory.EC ImplementedIn = Software
Provider.id version = 1.8
AlgorithmParameters.EC KeySize = 256
Signature.NONEwithECDSA = sun.security.ec.ECDSASignature$Raw
Signature.SHA512withECDSA ImplementedIn = Software
Alg.Alias.KeyFactory.EllipticCurve = EC
Alg.Alias.KeyPairGenerator.EllipticCurve = EC
Signature.SHA256withECDSA = sun.security.ec.ECDSASignature$SHA256
Signature.SHA512withECDSA = sun.security.ec.ECDSASignature$SHA512
Signature.SHA1withECDSA KeySize = 256
Signature.SHA1withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Signature.SHA384withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
Alg.Alias.AlgorithmParameters.EllipticCurve = EC
Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 = EC
Alg.Alias.Signature.1.2.840.10045.4.1 = SHA1withECDSA
Signature.SHA224withECDSA = sun.security.ec.ECDSASignature$SHA224
Signature.SHA384withECDSA ImplementedIn = Software
AlgorithmParameters.EC ImplementedIn = Software
Provider.id info = Sun Elliptic Curve provider (EC, ECDSA, ECDH)
Signature.SHA512withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
KeyPairGenerator.EC = sun.security.ec.ECKeyPairGenerator
Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 = SHA512withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 = SHA384withECDSA
KeyAgreement.ECDH = sun.security.ec.ECDHKeyAgreement
Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 = SHA256withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.4 = SHA512withECDSA
Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 = SHA224withECDSA
Signature.SHA384withECDSA = sun.security.ec.ECDSASignature$SHA384
Alg.Alias.Signature.1.2.840.10045.4.3.3 = SHA384withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.2 = SHA256withECDSA
Alg.Alias.Signature.1.2.840.10045.4.3.1 = SHA224withECDSA
Signature.SHA1withECDSA ImplementedIn = Software
Signature.NONEwithECDSA ImplementedIn = Software
Provider.id className = sun.security.ec.SunEC
AlgorithmParameters.EC SupportedCurves = [secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST K-233,1.3.132.0.26]|[sect233r1,NIST B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13]
KeyPairGenerator.EC ImplementedIn = Software
KeyAgreement.ECDH ImplementedIn = Software
KeyFactory.EC = sun.security.ec.ECKeyFactory
JCA(Java Cryptography Architecture) vs. JCE(Java Cryptography Extension)
疲れたので英語のまま・・・^^;
- Prior to JDK 1.4, the JCE was an unbundled product, and as such, the JCA and JCE were regularly referred to as separate, distinct components.
- Strictly speaking, the JCE extends the JCA by simply exposing more engines and including an additional provider, the SunJCE provider, that includes one or more implementations for each engine. The separation between the JCA and the JCE was a result of political situations, not technical limitations. The JCE places its classes in a different package, javax.crypto.*.
- As JCE is now bundled in the JDK, the distinction is becoming less apparent. Since the JCE uses the same architecture as the JCA, the JCE should be more properly thought of as a part of the JCA.
