Java Cryptography Extension

The Java™ Cryptography Extension (JCE) 1.2 is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. The JCE implementation on an iSeries™ server is compatible with the implementation of Sun Microsystems, Inc. This documentation covers the unique aspects of the iSeries implementation.

In order to understand this information, you should be familiar with the general documentation for the JCE extensions. Seethe Sun JCE documentation for more information about JCE extensions.

Start of change The IBM^® JCE Provider supports the following algorithms: End of change

Table 1. Supported algorithms in JDK 1.3 and JDK 1.4.2
JDK version	Signature algorithms	Cipher algorithms
1.3	SHA1withDSA SHA1withRSA MD5withRSA MD2withRSA	Blowfish AES DES Triple DES PBEWithMD2AndDES PBEWithMD2AndTripleDES PBEWithMD2AndRC2 PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithMD5AndRC2 PBEWithSHA1AndDES PBEWithSHA1AndTripleDES PBEWithSHA1AndRC2 PBEWithSHAAnd40BitRC2 PBEWithSHAAnd128BitRC2 PBEWithSHAAnd40BitRC4 PBEWithSHAAnd128BitRC4 PBEWithSHAAnd2KeyTripleDES PBEWithSHAAnd3KeyTripleDES Mars RC2 RC4 RSA Seal
1.4.2	SHA1withDSA SHA1withRSA MD5withRSA MD2withRSA	Blowfish AES DES Triple DES PBEWithMD2AndDES PBEWithMD2AndTripleDES PBEWithMD2AndRC2 PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithMD5AndRC2 PBEWithSHA1AndDES PBEWithSHA1AndTripleDES PBEWithSHA1AndRC2 PBEWithSHAAnd40BitRC2 PBEWithSHAAnd128BitRC2 PBEWithSHAAnd40BitRC4 PBEWithSHAAnd128BitRC4 PBEWithSHAAnd2KeyTripleDES PBEWithSHAAnd3KeyTripleDES Mars RC2 RC4 RSA Seal

Table 2. Supported algorithms in JDK 1.3 and JDK 1.4.2, continued
JDK version	Message authentication codes (MACs)	Message digests	Key agreement algorithms
1.3	HmacSHA1 HmacMD2 HmacMD5	MD2 MD5 SHA-1	DiffieHellman
1.4.2	HmacSHA1 HmacMD2 HmacMD5	MD2 MD5 SHA-1 SHA-256 SHA-384 SHA-512	DiffieHellman

In addition, IBM JCE Provider also provides a random number generator.

If you want to use IBM JCE with Java 1.3, edit the /QIBM/ProdData/OS400/Java400/jdk/lib/security/java.security file. The section of the file that needs to be changed is shown as follows.

#                                                           
# To use the IBMJCE security provider, you need to:          
# 1) Install an IBM Cryptographic Access Provider Product             
# 2) Uncomment the third provider entry that follows.               
#                                                            
# List of providers and their preference orders: 
#                                                            
security.provider.1=sun.security.provider.Sun                
security.provider.2=com.sun.rsajca.Provider                  
#security.provider.3=com.ibm.crypto.provider.IBMJCE

Start of change There is also a IBMJCEFIPS JCE provider. This provider has been validated and found to be compliant with Federal Information Processing standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules." End of change

The IBMJCEFIPS JCE provider supports the following algorithms:

Table 3. Algorithms supported by the IBMJCEFIPS JCE provider
Signature algorithms	Cipher algorithms	Message authentication codes	Message digests
SHA1withDSA SHA1withRSA	AES TripleDES RSA	HmacSHA1	MD5 SHA-1 SHA-256 SHA-384 SHA-512

Start of change The IBMJCEFIPS JCE provider also supports the IBMSecureRandom algorithm for random number generation. End of change

To use IBMJCEFIPS, you will need to add a symbolic link to your extension directory by issuing the following command:

ADDLNK OBJ('/QIBM/ProdData/OS400/Java400/ext/ibmjcefips.jar')
NEWLNK(< your extension directory >)

Start of change You will also have to add the provider to the list of providers by either adding an entry in the java.security file (for example, security.provider.4=com.ibm.crypto.fips.provider.IBMJCEFIPS), or by using the Security.addProvider() method. End of change