IAIK/Stiftung SIC IAIK-JCE

Similar documents
IT Networks & Security CERT Luncheon Series: Cryptography

National Security Agency Perspective on Key Management

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Secure Network Communications FIPS Non Proprietary Security Policy

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

Public-Key Infrastructure

EXAM questions for the course TTM Information Security May Part 1

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Pulse Secure, LLC. January 9, 2015

Table of Contents. Bibliografische Informationen digitalisiert durch

Ciphire Mail. Abstract

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Symantec Mobility: Suite Server Cryptographic Module

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS by Nikos Mavroyanopoulos

Authentication requirement Authentication function MAC Hash function Security of

I N F O R M A T I O N S E C U R I T Y

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

RSA BSAFE. Security tools for C/C++ developers. Solution Brief

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

Cryptography and Network Security Chapter 15

I N F O R M A T I O N S E C U R I T Y

Computer Security: Principles and Practice

Secure Sockets Layer

Key & Data Storage on Mobile Devices

Chapter 6 Electronic Mail Security

An Introduction to Cryptography as Applied to the Smart Grid

2014 IBM Corporation

Lecture 9: Application of Cryptography

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Using BroadSAFE TM Technology 07/18/05

How To Encrypt Data With Encryption

Enabling SSL and Client Certificates on the SAP J2EE Engine

Federal S/MIME V3 Client Profile

SSL Protect your users, start with yourself

A Survey of the Elliptic Curve Integrated Encryption Scheme

Introduction to Cryptography

ETSI TS V1.2.1 ( )

Package PKI. July 28, 2015

Cryptography and Network Security Chapter 12

, ) I Transport Layer Security

Cryptographic Hash Functions Message Authentication Digital Signatures

Apple Cryptographic Service Provider Functional Specification

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

mod_ssl Cryptographic Techniques

CRYPTOGRAPHY AND NETWORK SECURITY

Ciphire Mail Encryption and Authentication

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Security Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4

BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

Deep-Secure Mail Guard Feature Guide

SecureDoc Disk Encryption Cryptographic Engine

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

UM0586 User manual. STM32 Cryptographic Library. Introduction

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

[SMO-SFO-ICO-PE-046-GU-

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Chapter 7 Transport-Level Security

Communication Systems SSL

WebSphere DataPower Release FIPS and NIST SP a support.

Biometrics, Tokens, & Public Key Certificates

SENSE Security overview 2014

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

NIST Cryptographic Algorithm Validation Program (CAVP) Certifications for Freescale Cryptographic Accelerators

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

ERserver. iseries. Securing applications with SSL

Overview. SSL Cryptography Overview CHAPTER 1

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

IBM i Version 7.3. Security Digital Certificate Manager IBM

FIPS SECURITY POLICY FOR

Qualtrics Single Sign-On Specification

BroadSAFE Enhanced IP Phone Networks

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Network Security Essentials Chapter 7

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

SBClient SSL. Ehab AbuShmais

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Sharing Secrets Using Encryption Facility

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Hash Function JH and the NIST SHA3 Hash Competition

Transcription:

IAIK-JCE IAIK-JCE is a set of APIs and implementations of cryptographic functions including digest, signature, message authentication code, key agreement, symmetric, asymmetric, stream and block encryption methods. It supplements the security functionality of the default JDK (JCA/JCE) and extends it about additional features and crypto protocol implementations. It offers a wide range of cryptographic algorithms (e.g. RIPEMD, SHA family, SHA-3, HMAC, DSA, RSA, DH, DES, 3DES, AES, etc.) which can be used via the standard JCA/JCE API. The X.509 package supports creation and parsing of X.509 public key, qualified and attribute certificates. Revocation information can be provided and verified via CRLs and OCSP. LDAP utilities maybe used to search LDAP directories for certificates and attribute certificates or download CRLs from their distribution points. Comprehensive ASN.1 and PKCS APIs allow modelling of ASN.1 structures, secure storing of sensitive keying and data material, and signing or encrypting of digital documents. The cryptographic functionality of IAIK-JCE is extended with elliptic curve cryptography and smartcard and HSM support by means of the IAIK- ECCelerate and IAIK-PKCS#11 toolkits. A particular lightweight version (IAIK-JCE ME) is optimized for usage with small and mobile devices. Main Benefits Easy to use: IAIK-JCE comes with an easy-to-use and intuitive API. The comprehensive Javadoc documentation and rich set of demo samples helps you to get started quickly and soon become familiar with cryptography for the Java TM platform and IAIK-JCE. Performance: IAIK-JCE has been optimized for speed and memory consumption. For our algorithm implementations we have utilized all our programming knowledge and experience to write effective code and get a maximum of speed. Our PKCS#7 library and X.509 CRL implementations provide stream-based versions which allow the signing/encrypting of large amounts of data or parse big revocation lists without running into memory problems. IAIK-JCE (version CC Core 3.1) has passed a Common Criteria evaluation with level EAL 3+. This gives you the assurance that an

independent professional security evaluation body has inspected our toolkit (which is especially interesting for the use in financial and e- business applications). Interoperability: IAIK-JCE provides the cryptographic basis for all IAIK crypto toolkits implementing standard protocols like S/MIME, SSL/TLS, or XML Signature and XML Encryption. Extensive testing and usage in real-world applications for a long time guarantee a maximum level on interoperability. Extensibility and Flexibility: Where possible, IAIK-JCE can easily be extended by user-written code. The X.509 package, for instance, allows it to plug-in private certificate extensions in a straightforward manner. Our PKCS#7 library makes it possible to integrate smartcard operations in an easy way. This design principle is maintained and further developed by the IAIK-JCE extending SSL/TLS, CMS and S/MIME toolkits. Feature List Written entirely in the Java TM language Support for JDK Versions 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8 and compatible Reliability and robustness through use in real world applications over many years Developed and maintained by experts in applied cryptography and the Java TM programming language Comprehensive documentation and many demos Hash algorithms: SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, MD2, MD5, RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320, WHIRLPOOL, GOST-3411 SHA3 candidate hash algorithms: BLAKE-224, BLAKE-256, BLAKE-384, and BLAKE-512, Groestl-224, Groestl-256, Groestl-384, and Groestl-512, JH-224, JH-256, JH-384, and JH-512,

KECCAK-224, KECCAK-256, KECCAK-384, and KECCAK-512, as well as Skein-224, Skein-256, Skein-384, and Skein-512 SHA3 Extendable Output Functions (XOFs): SHAKE128 (SHAKE128InputStream), SHAKE256 (SHAKE256InputStream) Signature schemes o PKCS#1 version 1.5 RSA with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD2, MD5, RIPEMD-128, RIPEMD-160, RIPEMD-256, WHIRLPOOL; raw RSA with external hashing o PKCS#1 version 2.1 RSA PSS with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD2, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL; Support for RSASSA-PSS keys according to RFC 4055 o ISO 9796-2 (2002) RSA with SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160, WHIRLPOOL; o Raw RSA with external hashing o SSL/TLS RSA signature with MD5 and SHA-1 o DSA and DSA with external hashing o DSA with SHA-2 according to FIPS 186-3 Symmetric ciphers AES, DES, Triple-DES (112 and 168 bit), IDEA, Blowfish, Camellia, GOST, CAST-128, RC2, ARCFOUR (compatible with RC4 TM ), RC5, RC6, password-based (PKCS#5 PBES1 with MD5, SHA-1 and DES, Triple-DES, RC2; PKCS#5 PBES2 with AES, DESede,... and HMAC/SHA-1, HMAC/SHA-2), MARS, Twofish, Rijndael, Rijnael- 256, Serpent o key generation o Password based key derivation (PKCS#5, PBKDF2; PKCS#12) o encryption and decryption o ECB, CBC, PCBC, CFB, OFB, OpenPGPCFB, CTR, CCM, GCM, CTS modes of operation o padding PKCS#5, SSL version 3.0, ISO 7816-4, ISO 10126-2, no padding

Optional AES addon which makes use of the AES-NI instruction set extensions of modern x86 CPUs Key-Wrap ciphers for AES, Camellia, Triple-DES, CAST-128, RC2, HMAC-AES, HMAC-Triple-DES RSA encryption/decryption according to PKCS#1 version 1.5 and 2.1 OAEP; Support for RSAES-OAEP keys according to RFC 4055 Blinding for RSA private key operations ElGamal encryption/ decryption according to PKCS#1 version 1.5 HMACs with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL, GOST-3411 CMAC with AES and Triple-DES CBC-MAC with AES, DESede, DES according to ISO/IEC 9797-1 Key agreement with DH (Diffie Hellman) and ESDH (Ephemeral Static DH) Key-Pair generation for RSA (unlimited key-size) according to IEEE P1363, Key-Pair generation for RSA according to FIPS 186-3, RSASSA- PSS, RSAES-OAEP, DSA, DSA-SHA2, DH, ESDH Random o NIST SP800-90 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, HMAC/SHA-1, HMAC/SHA-224, HMAC/SHA256, HMAC/SHA-384, HMAC/SHA-512, AES-128, AES-192 and AES-256 o FIPS 186 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160 o ANSI X9.17 o BSI AIS 20 (v2.0) E.5 with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5, RIPEMD-128, RIPEMD-160, WHIRLPOOL Software key stores o PKCS#12 o Proprietary (IAIKKeyStore)

ASN.1 encoding and decoding (DER, BER, Base 64) X.509 Certificates o public key and attribute certificates o encoding and decoding o parsing and creation (issuing) of certificates o PKCS#7 and X.509 certificate lists o a rich set of predefined extensions (PKIX, Netscape and more) o support for custom extensions o qualified certificates o implementations of all mandatory attributes of the PKIX AttributeCertificate profile and more o support for custom attributes X.509 CRLs with support for indirect and delta CRLs Stream based X.509 CRL implementation to parse large CRLs for revocation information without memory problems OCSP (Online Certificate Status Protocol), client side and server side o direct support for transport via TCP and HTTP o OCSP response creation based on CRLs LdapURLConnection implementation allowing to search LDAP directories for certificates attribute certificates or CRLs as accustomed from the java.net URL framework Password Generator, Password Store and Password Strengh Checker utilities PKCS support o PKCS#1 version 1.5 signature and encryption o PKCS#1 version 2.1 PSS signatures and OAEP encryption o PKCS#5 password-based cryptography o PKCS#7 with support for single-pass stream processing o PKCS#8 private key information syntax o PKCS#9 selected object classes and attribute types o PKCS#10 certificate requests o PKCS#12 personal information exchange syntax (private keys)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information