Jipher Reference Information

8 Jipher Reference Information

Supported Algorithm Strings

The following table lists the algorithm strings and their aliases supported by Jipher. These strings are grouped by their associated engine class.

Table 8-1 Algorithm Strings Supported by Jipher

Engine	Supported Algorithm Strings and Their Aliases	Notes
`SecureRandom`	`DRBG` (`SHA1PRNG`, `CTRDRBG`, `CTRDRBG128`, `NativePRNG`, `NativePRNGNonBlocking`)	All aliases use the same underlying DRBG algorithm from OpenSSL
`MessageDigest`	`SHA-1` (`SHA`, `SHA1`, `1.3.14.3.2.26`, `OID.1.3.14.3.2.26` )	—
	`SHA-224` (`SHA224`, `2.16.840.1.101.3.4.2.4`, `OID.2.16.840.1.101.3.4.2.4`) `SHA-256` (`SHA256`, `2.16.840.1.101.3.4.2.1`, `OID.2.16.840.1.101.3.4.2.1`) `SHA-384` (`SHA384`, `2.16.840.1.101.3.4.2.2`, `OID.2.16.840.1.101.3.4.2.2`) `SHA-512` (`SHA512`, `2.16.840.1.101.3.4.2.3`, `OID.2.16.840.1.101.3.4.2.3`)	—
	`SHA3-224` (`2.16.840.1.101.3.4.2.7`, `OID.2.16.840.1.101.3.4.2.7`) `SHA3-256` (`2.16.840.1.101.3.4.2.8`, `OID.2.16.840.1.101.3.4.2.8`) `SHA3-384` (`2.16.840.1.101.3.4.2.9`, `OID.2.16.840.1.101.3.4.2.9`) `SHA3-512` (`2.16.840.1.101.3.4.2.10`, `OID.2.16.840.1.101.3.4.2.10`)	—
`Cipher`	`AES` (`Rijndael`, `2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`) `AES/CTR/NoPadding`	—
	`AES_128/ECB/NoPadding` (`2.16.840.1.101.3.4.1.1`, `OID.2.16.840.1.101.3.4.1.1`) `AES_192/ECB/NoPadding` (`2.16.840.1.101.3.4.1.21`, `OID.2.16.840.1.101.3.4.1.21`) `AES_256/ECB/NoPadding` (`2.16.840.1.101.3.4.1.41`, `OID.2.16.840.1.101.3.4.1.41`) `AES_128/CBC/PKCS5Padding` (`AES_128/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.2`, `OID.2.16.840.1.101.3.4.1.2`) `AES_192/CBC/PKCS5Padding` (`AES_192/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.22`, `OID.2.16.840.1.101.3.4.1.22`) `AES_256/CBC/PKCS5Padding` (`AES_256/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.42`, `OID.2.16.840.1.101.3.4.1.42`) `AES_128/OFB/NoPadding` (`2.16.840.1.101.3.4.1.3`, `OID.2.16.840.1.101.3.4.1.3`) `AES_192/OFB/NoPadding` (`2.16.840.1.101.3.4.1.23`, `OID.2.16.840.1.101.3.4.1.23`) `AES_256/OFB/NoPadding` (`2.16.840.1.101.3.4.1.43`, `OID.2.16.840.1.101.3.4.1.43`) `AES_128/CFB/NoPadding` (`2.16.840.1.101.3.4.1.4`, `OID.2.16.840.1.101.3.4.1.4`) `AES_192/CFB/NoPadding` (`2.16.840.1.101.3.4.1.24`, `OID.2.16.840.1.101.3.4.1.24`) `AES_256/CFB/NoPadding` (`2.16.840.1.101.3.4.1.44`, `OID.2.16.840.1.101.3.4.1.44`) `AES/GCM/NoPadding` `AES_128/GCM/NoPadding` (`2.16.840.1.101.3.4.1.6`, `OID.2.16.840.1.101.3.4.1.6`) `AES_192/GCM/NoPadding` (`2.16.840.1.101.3.4.1.26`, `OID.2.16.840.1.101.3.4.1.26`) `AES_256/GCM/NoPadding` (`2.16.840.1.101.3.4.1.46`, `OID.2.16.840.1.101.3.4.1.46`)	—
	`DESede` (`TripleDES`) `DESede/CBC/PKCS5Padding` (`DESede/CBC/PKCS7Padding`, `OID.1.2.840.113549.3.7`, `1.2.840.113549.3.7`)	—
	`AES/KW/NoPadding` (`AESWrap`, `AES-KW`) `AES_128/KW/NoPadding` (`AESWrap_128`, `2.16.840.1.101.3.4.1.5`, `OID.2.16.840.1.101.3.4.1.5`) `AES_192/KW/NoPadding` (`AESWrap_192`, `2.16.840.1.101.3.4.1.25`, `OID. 2.16.840.1.101.3.4.1.25`) `AES_256/KW/NoPadding` (`AESWrap_256`, `2.16.840.1.101.3.4.1.45`, `OID.2.16.840.1.101.3.4.1.45`)	RFC 3394
	`AES/KWP/NoPadding` (`AESWrapPad`, `AES-KWP`) `AES_128/KWP/NoPadding` (`AESWrapPad_128`, `2.16.840.1.101.3.4.1.8`, `OID.2.16.840.1.101.3.4.1.8`) `AES_192/KWP/NoPadding`, (`AESWrapPad_192`, `2.16.840.1.101.3.4.1.28`, `OID.2.16.840.1.101.3.4.1.28`) `AES_256/KWP/NoPadding` (`AESWrapPad_256`, `2.16.840.1.101.3.4.1.48`, `OID.2.16.840.1.101.3.4.1.48`)	RFC 5649
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	PBES2 password-based cipher
	`PBEWithSHA1AndDESede` (`1.2.840.113549.1.12.1.3`, `OID.1.2.840.113549.1.12.1.3`)	PKCS #12 password-based encryption. The key derivation function used for this algorithm is a not a FIPS 140 allowed algorithm. This algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140 Allowed Algorithms.
	`RSA/ECB/PKCS1Padding` (`RSA`) `RSA/ECB/NoPadding`	—
	`RSA/ECB/OAEPPadding` `RSA/ECB/OAEPWithSHA-1andMGF1Padding` (`RSA/ECB/OAEPWithSHA1andMGF1Padding`) `RSA/ECB/OAEPWithSHA-224andMGF1Padding` (`RSA/ECB/OAEPWithSHA224andMGF1Padding`) `RSA/ECB/OAEPWithSHA-256andMGF1Padding` (`RSA/ECB/OAEPWithSHA256andMGF1Padding`) `RSA/ECB/OAEPWithSHA-384andMGF1Padding` (`RSA/ECB/OAEPWithSHA384andMGF1Padding`) `RSA/ECB/OAEPWithSHA-512andMGF1Padding` (`RSA/ECB/OAEPWithSHA512andMGF1Padding`)	—
`KeyFactory`	`RSA` (`1.2.840.113549.1.1`, `OID.1.2.840.113549.1.1`, `1.2.840.113549.1.1.1`, `OID.1.2.840.113549.1.1.1`) `RSASSA-PSS` (`PSS`, `1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`) `EC` (`EllipticCurve`, `1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DSA` (`1.2.840.10040.4.1`, `OID.1.2.840.10040.4.1`, `1.3.14.3.2.12`) `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—
`Signature`	`SHA1withRSA` (`1.2.840.113549.1.1.5`, `OID.1.2.840.113549.1.1.5`, `1.3.14.3.2.29`, `OID.1.3.14.3.2.29`) `SHA224withRSA` (`1.2.840.113549.1.1.14`, `OID.1.2.840.113549.1.1.14`) `SHA256withRSA` (`1.2.840.113549.1.1.11`, `OID.1.2.840.113549.1.1.11`) `SHA384withRSA` (`1.2.840.113549.1.1.12`, `OID.1.2.840.113549.1.1.12`) `SHA512withRSA` (`1.2.840.113549.1.1.13`, `OID.1.2.840.113549.1.1.13`) `NONEwithRSA`	RSA with PKCS1
	`RSASSA-PSS` (`1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`)	—
	`SHA1withECDSA` (`1.2.840.10045.4.1`, `OID.1.2.840.10045.4.1`) `SHA224withECDSA` (`1.2.840.10045.4.3.1`, `OID.1.2.840.10045.4.3.1`) `SHA256withECDSA` (`1.2.840.10045.4.3.2`, `OID.1.2.840.10045.4.3.2`) `SHA384withECDSA` (`1.2.840.10045.4.3.3`, `OID.1.2.840.10045.4.3.3`) `SHA512withECDSA` (`1.2.840.10045.4.3.4`, `OID.1.2.840.10045.4.4.4`) `NONEwithECDSA`	—
	`SHA1withDSA` (`DSA`, `DSS`, `SHA/DSA`, `SHA-1/DSA`, `SHA1/DSA`, `SHAwithDSA`, `DSAWithSHA1`, `1.2.840.10040.4.3`, `OID.1.2.840.10040.4.3`, `1.3.14.3.2.13`, `OID.1.3.14.3.2.13`, `1.3.14.3.2.27`, `OID.1.3.14.3.2.27`) `SHA224withDSA` (`2.16.840.1.101.3.4.3.1`, `OID.2.16.840.1.101.3.4.3.1`) `SHA256withDSA` (`2.16.840.1.101.3.4.3.2`, `OID.2.16.840.1.101.3.4.3.2`) `SHA384withDSA` (`2.16.840.1.101.3.4.3.3`, `OID.2.16.840.1.101.3.4.3.3`) `SHA512withDSA` (`2.16.840.1.101.3.4.3.4`, `OID.2.16.840.1.101.3.4.3.4`) `NONEwithDSA` (`RawDSA`)	—
`Mac`	`HmacSHA1` (`1.2.840.113549.2.7`, `OID.1.2.840.113549.2.7`) `HmacSHA224` (`1.2.840.113549.2.8`, `OID.1.2.840.113549.2.8`) `HmacSHA256` (`1.2.840.113549.2.9`, `OID.1.2.840.113549.2.9`) `HmacSHA384` (`1.2.840.113549.2.10`, `OID.1.2.840.113549.2.10`) `HmacSHA512` (`1.2.840.113549.2.11`, `OID.1.2.840.113549.2.11`)	—
`Mac`	`HmacPBESHA1` `HmacPBESHA224` `HmacPBESHA256` `HmacPBESHA384` `HmacPBESHA512`	PKCS #12 password-based encryption HMAC algorithms The key derivation function used for these algorithms is not a FIPS 140 allowed algorithm. These algorithms will be removed in a future release of Jipher. See Supported Non-FIPS 140 Allowed Algorithms.
`KeyGenerator`	`HmacSHA1` (`1.2.840.113549.2.7`, `OID.1.2.840.113549.2.7`) `HmacSHA224` (`1.2.840.113549.2.8`, `OID.1.2.840.113549.2.8`) `HmacSHA256` (`1.2.840.113549.2.9`, `OID.1.2.840.113549.2.9`) `HmacSHA384` (`1.2.840.113549.2.10`, `OID.1.2.840.113549.2.10`) `HmacSHA512` (`1.2.840.113549.2.11`, `OID.1.2.840.113549.2.11`)	—
	`AES` (`Rijndael`, `2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`) `AES_128/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.1`, `2.16.840.1.101.3.4.1.1`) `AES_192/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.21`, `2.16.840.1.101.3.4.1.21`) `AES_256/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.41`, `2.16.840.1.101.3.4.1.41`) `AES_128/CBC/PKCS5Padding` (`AES_128/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.2`, `2.16.840.1.101.3.4.1.2`) `AES_192/CBC/PKCS5Padding` (`AES_192/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.22`, `2.16.840.1.101.3.4.1.22`) `AES_256/CBC/PKCS5Padding` (`AES_256/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.42`, `2.16.840.1.101.3.4.1.42`) `AES_128/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.3`, `2.16.840.1.101.3.4.1.3`) `AES_192/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.23`, `2.16.840.1.101.3.4.1.23`) `AES_256/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.43`, `2.16.840.1.101.3.4.1.43`) `AES_128/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.4`, `2.16.840.1.101.3.4.1.4`) `AES_192/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.24`, `2.16.840.1.101.3.4.1.24`) `AES_256/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.44`, `2.16.840.1.101.3.4.1.44`) `AES_128/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.6`, `2.16.840.1.101.3.4.1.6`) `AES_192/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.26`, `2.16.840.1.101.3.4.1.26`) `AES_256/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.46`, `2.16.840.1.101.3.4.1.46`) `DESede` (`TripleDES`, `OID.1.2.840.113549.3.7`, `1.2.840.113549.3.7`)	—
	`SunTls12Prf` `SunTlsMasterSecret` (`SunTls12MasterSecret`, `SunTlsExtendedMasterSecret`) `SunTlsKeyMaterial` (`SunTls12KeyMaterial`) `SunTlsRsaPremasterSecret` (`SunTls12RsaPremasterSecret`)	These non-standard KeyGenerator algorithms are needed to provide the cryptography required by the SunJSSE provider to support TLSv1.2.
`AlgorithmParameters`	`EC` (`1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DSA` (`1.2.840.10040.4.1`, `OID.1.2.840.10040.4.1`, `1.3.14.3.2.12`, `OID.1.3.14.3.2.12`) `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`) `RSASSA-PSS` (`1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`)	—
	`AES` (`2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`, `2.16.840.1.101.3.4.1.2`, `OID.2.16.840.1.101.3.4.1.2`, `2.16.840.1.101.3.4.1.3`, `OID.2.16.840.1.101.3.4.1.3`, `2.16.840.1.101.3.4.1.4`, `OID.2.16.840.1.101.3.4.1.4`, `2.16.840.1.101.3.4.1.6`, `OID.2.16.840.1.101.3.4.1.6`, `2.16.840.1.101.3.4.1.22`, `OID.2.16.840.1.101.3.4.1.22`, `2.16.840.1.101.3.4.1.23`, `OID.2.16.840.1.101.3.4.1.23`, `2.16.840.1.101.3.4.1.24`, `OID.2.16.840.1.101.3.4.1.24`, `2.16.840.1.101.3.4.1.26`, `OID.2.16.840.1.101.3.4.1.26`, `2.16.840.1.101.3.4.1.42`, `OID.2.16.840.1.101.3.4.1.42`, `2.16.840.1.101.3.4.1.43`, `OID.2.16.840.1.101.3.4.1.43`, `2.16.840.1.101.3.4.1.44`, `OID.2.16.840.1.101.3.4.1.44`, `2.16.840.1.101.3.4.1.46` `OID.2.16.840.1.101.3.4.1.46`) `DESede` (`OID.1.2.840.113549.3.7`, `1.2.840.113549.3.7`) `GCM` `OAEP` (`1.2.840.113549.1.1.7`, `OID.1.2.840.113549.1.1.7`)	—
	`PBES2` (`1.2.840.113549.1.5.13`, `OID.1.2.840.113549.1.5.13`) `PBE` `PBEWithSHA1AndDESede` (`OID.1.2.840.113549.1.12.1.3`, `1.2.840.113549.1.12.1.3`)	The key derivation function used for the PBEWithSHA1AndDESede algorithm is a not a FIPS 140 allowed algorithm. The PBEWithSHA1AndDESede algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140 Allowed Algorithms.
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	—
`KeyPairGenerator`	`RSA` (`1.2.840.113549.1.1`, `OID.1.2.840.113549.1.1`, `1.2.840.113549.1.1.1`, `OID.1.2.840.113549.1.1.1`) `RSASSA-PSS` (`PSS`, `1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`) `EC` (`EllipticCurve`, `1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DSA` (`1.2.840.10040.4.1`, `OID.1.2.840.10040.4.1`, `1.3.14.3.2.12`, `OID.1.3.14.3.2.12`) `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—
`AlgorithmParameterGenerator`	`DSA` (`1.2.840.10040.4.1`, `OID.1.2.840.10040.4.1`, `1.3.14.3.2.12`, `OID.1.3.14.3.2.12`)	—
`SecretKeyFactory`	`AES` `DESede` (`TripleDES`)	—
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	—
	`PBKDF2WithHmacSHA1` (`PBKDF2WithSHA1`, `1.2.840.113549.1.5.12`, `OID.1.2.840.113549.1.5.12`) `PBKDF2WithHmacSHA224` (`PBKDF2WithSHA224`) `PBKDF2WithHmacSHA256` (`PBKDF2WithSHA256`) `PBKDF2WithHmacSHA384` (`PBKDF2WithSHA384`) `PBKDF2WithHmacSHA512` (`PBKDF2WithSHA512`)	—
	`PBEWithSHA1AndDESede` (`OID.1.2.840.113549.1.12.1.3`, `1.2.840.113549.1.12.1.3`)	The key derivation function used for this algorithm is a not a FIPS 140 allowed algorithm. This algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140 Allowed Algorithms.
KeyAgreement	`ECDH` `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—

Supported Non-FIPS 140 Allowed Algorithms

Note:

Support for the PKCS #12 KDF algorithm will be removed in a future Jipher release. Once Jipher no longer supports the PKCS #12 KDF algorithm, it will no longer support the following algorithms (and aliases):

AlgorithmParameters
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
Cipher
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
SecretKeyFactory
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
Mac
- HmacPBESHA1
- HmacPBESHA224
- HmacPBESHA256
- HmacPBESHA384
- HmacPBESHA512

Jipher supports the PKCS #12 Key Derivation Function (KDF) algorithm as described in Appendix B. Deriving Keys and IVs from Passwords and Salt in RFC 7292 - PKCS #12: Personal Information Exchange Syntax v1.1. This algorithm is not allowed by FIPS 140. This algorithm is supported for interoperability reasons, specifically to support the following:

Password integrity mode: Integrity is guaranteed through a Message Authentication Code (MAC) derived from a secret integrity password. The PKCS #12 KDF algorithm is used to derive a MAC key for this mode in the Mac algorithms HmacPBESHA1, HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, and HmacPBESHA512.
Password privacy mode: Personal information is encrypted with a symmetric key derived from a user name and a privacy password. The PKCS #12 KDF algorithm is used to derive a decryption key for this mode in the Cipher algorithm PBEWithSHA1AndDESede. Note that this use of the PKCS #12 KDF algorithm is deprecated.

Keysize Restrictions

Jipher uses the following default key sizes (in bits) and enforces the following restrictions for KeyGenerator, KeyPairGenerator, and AlgorithmParameterGenerator.

KeyGenerator

Jipher honors the system property jdk.security.defaultKeySize, which enables users to configure the default key size used by KeyGenerator. The value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by a colon.

Table 8-2 KeyGenerator Algorithms and Default Key Sizes

Algorithm Name	Default Key Size	Restrictions and Comments
AES	256 if permitted by the cryptographic policy (see Import Limits on Cryptographic Algorithms), 128 otherwise.	Key size must be equal to 128, 192, or 256.
AES_128/<mode>/<padding>	128	Key size must be equal to 128.
AES_192/<mode>/<padding>	192	Key size must be equal to 192.
AES_256/<mode>/<padding>	256	Key size must be equal to 256.
DESede (Triple DES)	192	Key size must be equal to 168 or 192.
HmacSHA1	160	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA224	224	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA256	256	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA384	384	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA512	512	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.

KeyPairGenerator

Jipher honors the system property jdk.security.defaultKeySize, which enables users to configure the default key size used by KeyPairGenerator. The value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by a colon.

Table 8-3 KeyPairGenerator Algorithms and Default Key Sizes

Algorithm Name	Default Key Size	Restrictions and Comments
DiffieHellman	3072	Key size must be equal to 2048, 3072 or 4096. Algorithm parameter specification must specify an approved FFC Safe-prime group defined in SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups."
DSA	2048	Key size must be equal to 2048 or 3072. Algorithm parameter specification must specify one of the following (prime size, sub-prime size) ___domain parameter size pairings (2048, 224), (2048, 256) or (3072, 256).
EC	256	Key size must be equal to 224, 256, 384, 521. Algorithm parameter specification must specify one the four approved ECC named curves listed in Approved ECC Named Curves and SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups" defined in RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier.
RSA and RSASSA-PSS	3072	Key size must be between 2,048 and 15,360 bits. The public exponent length must exceed 16 bits and cannot exceed 256 bits. If the key size exceeds 3072, then the public exponent length cannot exceed 64 bits.

Approved ECC Named Curves

Standard for Efficient Cryptography Group (SECG) Name	NIST	OID
secp224r1	P-224	1.3.132.0.33
secp256r1	P-256	1.2.840.10045.3.1.7
secp384r1	P-384	1.3.132.0.34
secp521r1	P-521	1.3.132.0.35

AlgorithmParameterGenerator

Table 8-4 AlgorithmParameterGenerator Algorithms and Default Key Sizes

Algorithm Name	Default Key Size	Restrictions and Comments
DSA	2048	Key size must be equal to 2048 or 3072. Algorithm parameter specification must specify one of the following (prime size, sub-prime size) ___domain parameter size pairings (2048, 224), (2048, 256), or (3072, 256).

Algorithm Name

Default Key Size

Restrictions and Comments

DSA

2048

Key size must be equal to 2048 or 3072.

Algorithm parameter specification must specify one of the following (prime size, sub-prime size) ___domain parameter size pairings (2048, 224), (2048, 256), or (3072, 256).

Supported Elliptic Curve Names

Jipher supports only a fixed set of named (published) elliptic curves. These are NIST-recommended curves based on prime fields.

The following table lists the elliptic curves that are provided by Jipher.

Table 8-5 Supported Elliptic Curve Names

Elliptic Curve	Object Identifier and Aliases	Aliases
secp224r1	`1.3.132.0.33`	`P-224`, `P224`
secp256r1	`1.2.840.10045.3.1.7`	`P-256`, `P256`, `prime256v1`
secp384r1	`1.3.132.0.34`	`P-384`, `P384`
secp521r1	`1.3.132.0.35`	`P-521`, `P521`

Default Diffie-Hellman Parameters

When generating Diffie-Hellman (DH) key pairs, default DH parameters are selected based on key size. Supported key sizes are 2048, 3072, and 4096.

The default parameters are from RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security.

Table 8-6 Default DH Parameters

Key Size	Default Parameter
2048	`ffdhe2048`
3072	`ffdhe3072`
4096	`ffdhe4096`

Default Digital Signature Algorithm Parameters

When generating Default Digital Signature Algorithm (DSA) key pairs, default DSA parameters are selected based on key size. Supported key sizes are 2048 and 3072.

The default parameters are verifiably generated using the FIPS 186-4 algorithm. Line breaks have been added for the values of P and G for clarity.

Table 8-7 Default DSA Parameters for the Key Size 2048

Parameter Name	Default Parameter Value
Qlen	`224`
Digest	`SHA224`
P	00F82CD0B121DF91E2F9D1A84A9A89402A40B9544184E1FDBD27B045D122D719 BF1CB7188330EA0E866D3DD2E779C81146316D7280DA9E09FFEA58F4219484B8 E7C606F8C6C15F5BD87C21730CC83484495EF991980DCE1D704C6FFB7330B691 CCEE948F39935BDF4A1E6CEDAAA6EF37C83868EA0FFA529537384E3595D14F50 FF044F9BA38CED5AB1B291D29C8DD2DA43C711E662666FE0C241835E2100C082 10FBF0E180F7941CD12C8D98BE70CD68FCC7F57D40EB447D68BA269F6A36E667 2D232B59077AD48933C95924E81C524775C7EB5E4D2996C21D7714DA89CF76C9 1C6E48E3678B80C75CE90437B3C8608886BB9595876C200CA77E554E6E0F724B 39
Q	`00879D04B33B22C098583DE711AF3C6CEAB0BEBB0AAC1B5B5203154EEB`
G	25895D1722207B2E06032D0269587DFDA581800D5510A5605888A7E9868BCFE6 25CFB6CFF9641AE18BDF0595CC3A7668F014D7E9A818006F7A6E63B1919A25E4 1389249F0880A968CB5E63714CA3B7CACFFB1C27BE121F7E4122FB711FCEA26F 7FE2645799A9AF6007D00F846B04242A1A9664F084BD06762C66BF2BB1E42CFD F5CAE58BD4796272150A304115ACF499FACF41F57225CA6EEDFCB909F0331B97 19E5B80F18399A677D0574BED3FDEA92BD05524B0FBCED902B73A203E26A864C 99994B19B7C93959E58D5623480349B4468B47975C0F8676F05A429DFE31D7FB 9A100F73C8B17C151391C63E814F93F7F249B7E861C7958DF56D021063DEA150
seed	`767E82C5AB98153654160E06634B2B4DBE865E837C57FFD8DF03C16B`
j	`02`
counter	`112`

Table 8-8 Default DSA Parameters for the Key Size 3072

Parameter Name	Default Parameter Value
Qlen	`256`
Digest	`SHA25`
P	00B4E9351B2591E98FD2AA7A1CA493E8BD6E2DD66D1BBA15871CE860EFEE68B8 AE7656E8C4D2C31F448C9F9E669D5675DC6891797F3027A1CD4F8B1E4B1B5E58 2D18CDFAED592A1C16E313CD9040A90926191D8EEA85A07A36F5D38518C90E60 1312289A755AD50ACDD302C834CC15BAA0583B8AADEE7FF1CABB28D4E7A48654 60E04A0F04DD682A35D16B56B667EF8C0C83F9E734AC1BE4041C435BA032B29A BB2B1B0D4A814AD7A8D79DA3D53CEE7CF384A7E411FC8FD88E885F7AFBA91BC0 70483971A6DBA3E66A15D789285A788AA0EFDC0CCBC75B379A5F328353D27455 41521B8E8030B0AE395B586A88AA2D591C3C303D509978E05292D0CF47298B14 C42372C394B85208B6E3D80EBAB2B53D966523F645F1F0156FEC921C049758F8 373AF0C400D761E5971C29A5720AE7419C785E7BC6BAFD00BA9A7DC75908CD42 3BBF323A092FE7BB71C77C10BA97FE1755D00D98FDFC49C86671202292D3E4AE C66E7544DAF07196C17AF4F40452B54B2E1494B9E3FD871F67B9ACCBFFA14C8C 5D
Q	`0095527504A11CDD911A915EE8123BC1FE7B77EA7F9B694736907670D823AEA19D`
G	00A5062CD5370449DE0274E7E9610D1F1212ADB33B78DBA9507DD62DD0BBE6CB 1C00619192388F5FD705C2C25A2D90937BB294EA3D675651A8700575058DBC00 2C62BCD9781830AAE9DCA5ACE8E563B4B4A8752B5E9EAACE284233276B5EAA25 3F2529136B9B46B2FBA732BD9EBDCAA5581910A5DA161D12EFDCDBA15B5E3A60 AE362F475C0666238B15EB1C3CFCA0D2BE85B75B47A4F790E58F977AA4FC4858 0EBBC16A0F83E9843568C886401B68025A078793F5114890D3FD0AAC5B2F5567 0013A460C052A3BBDFB72FE1E102F0B9B535DB93FAA281B9315BF5043269B1E6 C29C10A31EDBD914E3014E25347790DC71212A1313EEE4DA9AA6F933E3AEFE81 38DD0CAF20F87A75869082ED9AB8BD6E983E37F3DBFDE5E1C6DC4EC3331F649D 3E72EB5005327C7D7C604CD751D5E579A8857515F810DDD01DD8B55BC3DFB57E 79E2E2E2D1431D1DD3032598FBBBEFD7E354CFC854D3CBC37F5343B3BC6A2028 374AE3B82746A7EB7BD7D4BD933F22B85DE33B6AC3B012C3205876C28EC07215 3B
seed	`DF43673D7428A318F885D40BF7B2BF6C0B977BB7E521C6CE83E347F31B28B0E5`
j	`02`
counter	`1543`