MessageDigest is the first component in the request to the security provider. There can be many algorithms that can provide a message digest. SHA−1 and MD5 are the two most common, though well explore other possibilities when we look in depth at the corresponding classes that handle digests. So the name of the algorithm e.g., MD5 forms the second component of the string provided to the security class. These components are concatenated into a single string separated by a dot e.g., MessageDigest.MD5 . Seventeen cryptographic engines are supported by Suns security providers; there are implementations of at least one algorithm of each engine in one of Suns providers. The engines and the algorithms implemented by Sun are listed in Table 8−1. Version 1.3 comes with two security providers: Sun, the primary security provider, and SunRsaSign, which implements RSA algorithms. SunJCE is the provider that comes with the Java Cryptography Extension, and SunJSSE is the provider that comes with the Java Secure Sockets Extension. Engines that have an asterisk are JCE engines and have special deployment rules discussed later in this chapter. Table 8−1. Security Engines and Algorithms Engine Algorithm Name Provider AlgorithmParameterGenerator DiffieHellman SunJCE AlgorithmParameterGenerator DSA Sun AlgorithmParameters Blowfish SunJCE AlgorithmParameters DES SunJCE AlgorithmParameters DESede SunJCE AlgorithmParameters DiffieHellman SunJCE AlgorithmParameters DSA Sun AlgorithmParameters PBE SunJCE CertificateFactory X509 Sun Cipher Blowfish SunJCE Cipher DES SunJCE Cipher DESede SunJCE Cipher PBEWithMD5AndDES SunJCE Cipher PBEWithMD5AndTripleDES SunJCE KeyAgreement DiffieHellman SunJCE KeyFactory DiffieHellman SunJCE KeyFactory DSA Sun KeyFactory RSA SunJSSE KeyFactory RSA SunRsaSign KeyGenerator Blowfish SunJCE KeyGenerator DES SunJCE KeyGenerator DESede SunJCE KeyGenerator HmacMD5 SunJCE KeyGenerator HmacSHA1 SunJCE KeyManagerFactory SunX509 SunJSSE KeyPairGenerator DiffieHellman SunJCE KeyPairGenerator DSA Sun KeyPairGenerator RSA SunJSSE Chapter 8. Security Providers KeyPairGenerator RSA SunRsaSign KeyStore JCEKS SunJCE KeyStore JKS Sun KeyStore PKCS12 SunJSSE Mac HmacMD5 SunJCE Mac HmacSHA1 SunJCE MessageDigest MD5 Sun MessageDigest SHA Sun SecretKeyFactory DESede SunJCE SecretKeyFactory DWES SunJCE SecretKeyFactory PBEWithMD5AndDES SunJCE SecureRandom SHA1PRNG Sun Signature MD2withRSA SunJSSE Signature MD2withRSA SunRsaSign Signature MD5withRSA SunJSSE Signature MD5withRSA SunRsaSign Signature SHA1withDSA Sun Signature SHA1withRSA SunJSSE Signature SHA1withRSA SunRsaSign SSLContext SSL SunJSSE SSLContext SSLv3 SunJSSE SSLContext TLS SunJSSE SSLContext TLSv1 SunJSSE TrustManagerFactory SunX509 SunJSSE The algorithm names in this table are the strings passed to the desired engine class in order for it to find the class implementing the operation. In addition, the security infrastructure also accepts certain alias strings that map an alias to one of these valid strings. For example, the official name of SHA the Secure Hash Algorithm for message digests is SHA−1 to distinguish it from SHA−0, the first such algorithm, which is now obsolete. Internally, security providers can alias one name to another, such that you may specify either SHA or SHA−1 to find a message digest that implements the secure hash algorithm.

8.1.2 Choosing a Security Provider

When the Java virtual machine begins execution, it is responsible for consulting the users properties in order to determine which security providers should be in place. These properties must be located in the file JREHOMElibsecurityjava.security. In Suns release of 1.3, that file contains these lines among others: security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.rsajca.Provider These lines tell us that there are at least two provider classes that should be consulted; the first class to be consulted is an instance of the sun.security.provider.Sun class and the second class is an instance of the com.sun.rsajca.Provider class. Each provider given in this file must be numbered, starting with 1. If you want to use additional providers,