如何找出我的 JVM 支持什么算法 [加密]？

Question

I am using Jasypt for encryption. This is my code:

public class Encryptor {    
    private final static StandardPBEStringEncryptor pbeEncryptor = new StandardPBEStringEncryptor();
    private final static String PASSWORD = "FBL";
    private final static String ALGORITHM = "PBEWithMD5AndTripleDES";

    static{
        pbeEncryptor.setPassword( PASSWORD );
        //pbeEncryptor.setAlgorithm( ALGORITHM );       
    }

    public static String getEncryptedValue( String text ){
        return pbeEncryptor.encrypt( text );
    }

    public static String getDecryptedValue( String text ){
        return pbeEncryptor.decrypt( text );
    }

}

Uncomment the setAlgorithm line and it will throw an exception

org.jasypt.exceptions.EncryptionOperationNotPossibleException : Encryption raised an excep tion. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Ex tension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine

api says:

Sets the algorithm to be used for encryption Sets the algorithm to be used for encryption, like PBEWithMD5AndDES.

This algorithm has to be supported by your JCE provider (if you specify one, or the default JVM provider if you don't) and, if it is supported, you can also specify mode and padding for it, like ALGORITHM/MODE/PADDING.

refer: http://www.jasypt.org/api/jasypt/apidocs/org/jasypt/encryption/pbe/StandardPBEStringEncryptor.html#setAlgorithm%28java.lang.String%29

Now, when you comment 'setAlgorithm' it will use the default Algorithm [ i guess it is md5 ], and it will work fine. That means md5 is supported by my JVM. Now, how to find out what other encryption algorithms are supported by my JVM.

Thanks,

Answer 1

The following will list all the providers and the algorithms supporter. What version of Java are you using? Unless you're on an old version JCE should be included as standard.

import java.security.Provider;
import java.security.Security;

public class SecurityListings {
    public static void main(String[] args) {
        for (Provider provider : Security.getProviders()) {
            System.out.println("Provider: " + provider.getName());
            for (Provider.Service service : provider.getServices()) {
                System.out.println("  Algorithm: " + service.getAlgorithm());
            }
        }

    }
}

Edit: Any reason why you don't use the standard stuff from the javax.crypto package?

1) Generate a Key using

Key key = SecretKeyFactory.getInstance(algorithm).generateSecret(new PBEKeySpec(password.toCharArray()));

2) Create a Cipher using

cipher = Cipher.getInstance(algorithm);  

3) Init your cipher with the key

cipher.init(Cipher.ENCRYPT_MODE, key);  

4) Do the encrypting with

byte[] encrypted = cipher.doFinal(data)

Answer 2

The Jasypt command line tool now comes with a script for doing this called listAlgorithms.bat for windows and listAlgorithms.sh for Linux.

You can find instructions on how to download and use it here: http://www.jasypt.org/cli.html#Listing_algorithms

Answer 3

If you don't have it installed already, then you need to install the JCE (Java Cryptography Extension) which provides support for the algorithms.

You can see how to install here:

http://download.oracle.com/javase/1.4.2/docs/guide/security/CryptoSpec.html#ProviderInstalling

The library can be found here: http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html

Answer 4

I tried the code posted by @Qwerky, but it's not very helpful. I had added the latest BouncyCastle provider, and the results I got were very confusing. This shows in better detail who's the provider, version, and the algorithm type and name.

for (Provider provider : Security.getProviders()) {
    System.out.println("Provider: " + provider.getName() + " version: " + provider.getVersion());
    for (Provider.Service service : provider.getServices()) {
        System.out.printf("  Type : %-30s  Algorithm: %-30s\n", service.getType(), service.getAlgorithm());
    }
}

Answer 5

There is still a 'pending' question asked by Qwerky: why using Jasypt instead of using javax.crypto?

Well, I would recommend using Jasypt as it is a simple way to crypto for beginners and highly configurable for experienced users.

With Jasypt, you can start taking benefit of javax.crypto quickly with a little knowledge of JCE and the cryptography. Whether you want to manage user passwords or encrypt/decrypt data, the framework provides a simple abstraction to the question.

In the same time, the framework exposes all the possibilities of the JCE specification to allow experienced users to be in full control.

In addition to this, Jasypt provides many more features out-of-the-box for well known questions (dealing with sensitive data stored in the database, ...)

Answer 6

Using Java 8 and above,

Stream.of(Security.getProviders()).flatMap(mapper -> Stream.of(mapper.getServices())).flatMap(Set::stream)
                .map(Provider.Service::getAlgorithm).distinct().sorted().forEach(System.out::println);