Geek Answers Handbook

The relationship between the JCA, its providers and the JCE?

I thought it was easy when the JCA replaced the JCE. However, by writing some test code so that all the providers on my system show that this is not the case.

I noticed the following:

  • Some algorithms have several vendors (for example: MD5withRSA is located in SunRsaSign , as well as SunJSSE )
  • The JCA seems to have type algorithms that go beyond what is in JCE

Clause 1 makes sense as the JCA appears (for me) as a library / array of JCE providers to choose from.

Point 2 is a bit confusing because it assumes that the JCA is not an exact array of "identical" JCE providers; it's a kind of watering hole for any kind vendor, JCE, whether or not connected.

So what is the working relationship between the JCA, its providers, and the JCE? Do suppliers also exist in independent silos or do they “build” from each other / have dependencies between them?

For people interested in the code and the results that caused this question below

 import java.security.Provider; import java.security.Security; import java.util.ArrayList; public class ConsoleListJca { public static void main(String[] args) { for (Provider provider : Security.getProviders()) { System.out.println("Provider: " + provider.getName() + " (ver " + provider.getVersion() + ")"); System.out.print(" Algorithms: "); ArrayList<String> algos = new ArrayList<String>(); for (Provider.Service service : provider.getServices()) { algos.add(String.format( "%s (%s)", service.getAlgorithm(), service.getType())); } java.util.Collections.sort(algos); String algorsStr = algos.toString(); // remove [ and ] from ArrayList toString() algorsStr = algorsStr.substring(1, algorsStr.length()-1); System.out.println(algorsStr); System.out.println(); } } }

and results (formatted for SO):

 Provider: SUN (ver 1.7) Algorithms: CaseExactJKS (KeyStore), Collection (CertStore), DSA (AlgorithmParameterGenerator), DSA (AlgorithmParameters), DSA (KeyFactory), DSA (KeyPairGenerator), JKS (KeyStore), JavaLoginConfig (Configuration), JavaPolicy (Policy), LDAP (CertStore), MD2 (MessageDigest), MD5 (MessageDigest), NONEwithDSA (Signature), NativePRNG (SecureRandom), PKIX (CertPathBuilder), PKIX (CertPathValidator), SHA (MessageDigest), SHA-256 (MessageDigest), SHA-384 (MessageDigest), SHA-512 (MessageDigest), SHA1PRNG (SecureRandom), SHA1withDSA (Signature), X.509 (CertificateFactory), com.sun.security.IndexedCollection (CertStore) Provider: SunRsaSign (ver 1.7) Algorithms: MD2withRSA (Signature), MD5withRSA (Signature), RSA (KeyFactory), RSA (KeyPairGenerator), SHA1withRSA (Signature), SHA256withRSA (Signature), SHA384withRSA (Signature), SHA512withRSA (Signature) Provider: SunEC (ver 1.7) Algorithms: EC (AlgorithmParameters), EC (KeyFactory), EC (KeyPairGenerator), ECDH (KeyAgreement), NONEwithECDSA (Signature), SHA1withECDSA (Signature), SHA256withECDSA (Signature), SHA384withECDSA (Signature), SHA512withECDSA (Signature) Provider: SunJSSE (ver 1.7) Algorithms: Default (SSLContext), MD2withRSA (Signature), MD5andSHA1withRSA (Signature), MD5withRSA (Signature), NewSunX509 (KeyManagerFactory), PKCS12 (KeyStore), PKIX (TrustManagerFactory), RSA (KeyFactory), RSA (KeyPairGenerator), SHA1withRSA (Signature), SunX509 (KeyManagerFactory), SunX509 (TrustManagerFactory), TLSv1 (SSLContext), TLSv1.1 (SSLContext), TLSv1.2 (SSLContext) Provider: SunJCE (ver 1.7) Algorithms: AES (AlgorithmParameters), AES (Cipher), AES (KeyGenerator), AESWrap (Cipher), ARCFOUR (Cipher), ARCFOUR (KeyGenerator), Blowfish (AlgorithmParameters), Blowfish (Cipher), Blowfish (KeyGenerator), DES (AlgorithmParameters), DES (Cipher), DES (KeyGenerator), DES (SecretKeyFactory), DESede (AlgorithmParameters), DESede (Cipher), DESede (KeyGenerator), DESede (SecretKeyFactory), DESedeWrap (Cipher), DiffieHellman (AlgorithmParameterGenerator), DiffieHellman (AlgorithmParameters), DiffieHellman (KeyAgreement), DiffieHellman (KeyFactory), DiffieHellman (KeyPairGenerator), HmacMD5 (KeyGenerator), HmacMD5 (Mac), HmacPBESHA1 (Mac), HmacSHA1 (KeyGenerator), HmacSHA1 (Mac), HmacSHA256 (KeyGenerator), HmacSHA256 (Mac), HmacSHA384 (KeyGenerator), HmacSHA384 (Mac), HmacSHA512 (KeyGenerator), HmacSHA512 (Mac), JCEKS (KeyStore), OAEP (AlgorithmParameters), PBE (AlgorithmParameters), PBEWithMD5AndDES (AlgorithmParameters), PBEWithMD5AndDES (Cipher), PBEWithMD5AndDES (SecretKeyFactory), PBEWithMD5AndTripleDES (AlgorithmParameters), PBEWithMD5AndTripleDES (Cipher), PBEWithMD5AndTripleDES (SecretKeyFactory), PBEWithSHA1AndDESede (AlgorithmParameters), PBEWithSHA1AndDESede (Cipher), PBEWithSHA1AndDESede (SecretKeyFactory), PBEWithSHA1AndRC2_40 (AlgorithmParameters), PBEWithSHA1AndRC2_40 (Cipher), PBEWithSHA1AndRC2_40 (SecretKeyFactory), PBKDF2WithHmacSHA1 (SecretKeyFactory), RC2 (AlgorithmParameters), RC2 (Cipher), RC2 (KeyGenerator), RSA (Cipher), SslMacMD5 (Mac), SslMacSHA1 (Mac), SunTls12Prf (KeyGenerator), SunTlsKeyMaterial (KeyGenerator), SunTlsMasterSecret (KeyGenerator), SunTlsPrf (KeyGenerator), SunTlsRsaPremasterSecret (KeyGenerator) Provider: SunJGSS (ver 1.7) Algorithms: 1.2.840.113554.1.2.2 (GssApiMechanism), 1.3.6.1.5.5.2 (GssApiMechanism) Provider: SunSASL (ver 1.7) Algorithms: CRAM-MD5 (SaslClientFactory), CRAM-MD5 (SaslServerFactory), DIGEST-MD5 (SaslClientFactory), DIGEST-MD5 (SaslServerFactory), EXTERNAL (SaslClientFactory), GSSAPI (SaslClientFactory), GSSAPI (SaslServerFactory), NTLM (SaslClientFactory), NTLM (SaslServerFactory), PLAIN (SaslClientFactory) Provider: XMLDSig (ver 1.0) Algorithms: DOM (KeyInfoFactory), DOM (XMLSignatureFactory), http://www.w3.org/2000/09/xmldsig#base64 (TransformService), http://www.w3.org/2000/09/xmldsig#enveloped-signature (TransformService), http://www.w3.org/2001/10/xml-exc-c14n# (TransformService), http://www.w3.org/2001/10/xml-exc-c14n#WithComments (TransformService), http://www.w3.org/2002/06/xmldsig-filter2 (TransformService), http://www.w3.org/2006/12/xml-c14n11 (TransformService), http://www.w3.org/2006/12/xml-c14n11#WithComments (TransformService), http://www.w3.org/TR/1999/REC-xpath-19991116 (TransformService), http://www.w3.org/TR/1999/REC-xslt-19991116 (TransformService), http://www.w3.org/TR/2001/REC-xml-c14n-20010315 (TransformService), http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments (TransformService) Provider: SunPCSC (ver 1.7) Algorithms: PC/SC (TerminalFactory) Provider: Apple (ver 1.1) Algorithms: KeychainStore (KeyStore)
+7
source share
2 answers

The main difference between JCA and JCE is that JCE is a JCA extension, not a replacement. JCA includes classes such as MessageDigest , SecureRandom , KeyFactory , Signature and KeyStore . JCE add some more cryptography classes like Cipher , KeyGeneration , Mac and KeyGeneration . The distinction between JCA and JCE has largely faded away, since JCE has been provided with standard runtime for some time.

JCA/JCE designed to separate cryptographic implementation from abstraction. This is a provider-based architecture where you can plug in a provider of your choice, such as BouncyCastle , which has more cryptographic algorithm support than the one provided by providers contained in the standard Java runtime.

+9
source

Initially, JCE was a separate API, but now JCE is integrated as part of the JCA .

From the JDK 11 documentation:

Prior to JDK 1.4, JCE was a separate product, and therefore JCA and JCE were regularly called separate separate components. As JCE is now part of the JDK, the distinction becomes less obvious. Because the JCE uses the same architecture as the JCA, the JCE should be more correctly regarded as part of the JCA.

Now JCE is an integral part of the JCA, and the term JCE is gradually disappearing from the Java ecosystem.

In short: JCE is a technology / term / concept from a story. Modern Java developers use JCA to access cryptography in Java and never mention JCE.

0
source

More articles:


All Articles