概要
JavaのSecurity API (JCA - Java Cryptography Architecture)を使ったサンプル。Security Providerのリストを出力したり、指定したSecurity Providerの詳細情報を出力するプログラム。
ちなみに、Security Providerの一覧は、$<JAVA_HOME>/jre/lib/security以下のjava.securityファイルからの確認できる。
... # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=sun.security.ec.SunEC security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.9=sun.security.smartcardio.SunPCSC security.provider.10=sun.security.mscapi.SunMSCAPI ...
実行環境
Java 1.8
Sample Code
package com.sahn.security.test; import java.security.Provider; import java.security.Security; import java.util.Iterator; import java.util.Map; /* * List All Security Providers or Display detailed info on the specified Security provider * * Usage * 1) No Argument : display all lists * 2) Argument - ProviderName : display detailed info * e.g. "SunEC" */ public class ListSecurityProvider { public static void main(String[] args) { try { if (args.length > 0) { Provider provider = Security.getProvider(args[0]); System.out.println(provider.getName() + " : Services provided"); Iterator iter = provider.entrySet().iterator(); while (iter.hasNext()) { Map.Entry entry = (Map.Entry) iter.next(); System.out.println("\t" + entry.getKey() + " = " + entry.getValue()); } } else { // list all Security providers Provider[] providers = Security.getProviders(); for (int i = 0; i < providers.length; i++) { System.out.println("Provider[" + (i+1) + "] " + providers[i].getName()); System.out.println(providers[i].getInfo()); System.out.println(""); } } } catch (NullPointerException e) { // Provider was not found System.err.println("The provider specified is not installed in the JRE"); System.err.println("Please check the java.security file in the $<JAVA_HOME>/jre/lib/security"); } } }
実行結果サンプル
引数無しの場合
Provider[1] SUN SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration) Provider[2] SunRsaSign Sun RSA signature provider Provider[3] SunEC Sun Elliptic Curve provider (EC, ECDSA, ECDH) Provider[4] SunJSSE Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2) Provider[5] SunJCE SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) Provider[6] SunJGSS Sun (Kerberos v5, SPNEGO) Provider[7] SunSASL Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) Provider[8] XMLDSig XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices) Provider[9] SunPCSC Sun PC/SC provider Provider[10] SunMSCAPI Suns Microsoft Crypto API provider
引数 - SunECの場合
SunEC : Services provided AlgorithmParameters.EC = sun.security.ec.ECParameters KeyAgreement.ECDH SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey Signature.SHA256withECDSA ImplementedIn = Software Provider.id name = SunEC Signature.NONEwithECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey Signature.SHA224withECDSA ImplementedIn = Software Signature.SHA1withECDSA = sun.security.ec.ECDSASignature$SHA1 Alg.Alias.Signature.OID.1.2.840.10045.4.1 = SHA1withECDSA Signature.SHA256withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey Signature.SHA224withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey KeyPairGenerator.EC KeySize = 256 KeyFactory.EC ImplementedIn = Software Provider.id version = 1.8 AlgorithmParameters.EC KeySize = 256 Signature.NONEwithECDSA = sun.security.ec.ECDSASignature$Raw Signature.SHA512withECDSA ImplementedIn = Software Alg.Alias.KeyFactory.EllipticCurve = EC Alg.Alias.KeyPairGenerator.EllipticCurve = EC Signature.SHA256withECDSA = sun.security.ec.ECDSASignature$SHA256 Signature.SHA512withECDSA = sun.security.ec.ECDSASignature$SHA512 Signature.SHA1withECDSA KeySize = 256 Signature.SHA1withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey Signature.SHA384withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey Alg.Alias.AlgorithmParameters.EllipticCurve = EC Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 = EC Alg.Alias.Signature.1.2.840.10045.4.1 = SHA1withECDSA Signature.SHA224withECDSA = sun.security.ec.ECDSASignature$SHA224 Signature.SHA384withECDSA ImplementedIn = Software AlgorithmParameters.EC ImplementedIn = Software Provider.id info = Sun Elliptic Curve provider (EC, ECDSA, ECDH) Signature.SHA512withECDSA SupportedKeyClasses = java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey KeyPairGenerator.EC = sun.security.ec.ECKeyPairGenerator Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 = SHA512withECDSA Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 = SHA384withECDSA KeyAgreement.ECDH = sun.security.ec.ECDHKeyAgreement Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 = SHA256withECDSA Alg.Alias.Signature.1.2.840.10045.4.3.4 = SHA512withECDSA Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 = SHA224withECDSA Signature.SHA384withECDSA = sun.security.ec.ECDSASignature$SHA384 Alg.Alias.Signature.1.2.840.10045.4.3.3 = SHA384withECDSA Alg.Alias.Signature.1.2.840.10045.4.3.2 = SHA256withECDSA Alg.Alias.Signature.1.2.840.10045.4.3.1 = SHA224withECDSA Signature.SHA1withECDSA ImplementedIn = Software Signature.NONEwithECDSA ImplementedIn = Software Provider.id className = sun.security.ec.SunEC AlgorithmParameters.EC SupportedCurves = [secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST K-233,1.3.132.0.26]|[sect233r1,NIST B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13] KeyPairGenerator.EC ImplementedIn = Software KeyAgreement.ECDH ImplementedIn = Software KeyFactory.EC = sun.security.ec.ECKeyFactory
JCA(Java Cryptography Architecture) vs. JCE(Java Cryptography Extension)
疲れたので英語のまま・・・^^;
- Prior to JDK 1.4, the JCE was an unbundled product, and as such, the JCA and JCE were regularly referred to as separate, distinct components.
- Strictly speaking, the JCE extends the JCA by simply exposing more engines and including an additional provider, the SunJCE provider, that includes one or more implementations for each engine. The separation between the JCA and the JCE was a result of political situations, not technical limitations. The JCE places its classes in a different package, javax.crypto.*.
- As JCE is now bundled in the JDK, the distinction is becoming less apparent. Since the JCE uses the same architecture as the JCA, the JCE should be more properly thought of as a part of the JCA.