Jipher Reference Information

8 Jipher Reference Information

Supported Algorithm Strings

The following table lists the algorithm strings and their aliases supported by Jipher. These strings are grouped by their associated engine class.

Table 8-1 Algorithm Strings Supported by Jipher

Engine	Supported Algorithm Strings and Their Aliases	Notes
`SecureRandom`	`DRBG` (`SHA1PRNG`, `CTRDRBG`, `CTRDRBG128`, `NativePRNG`, `NativePRNGNonBlocking`)	All aliases use the same underlying DRBG algorithm from OpenSSL
`MessageDigest`	`SHA-1` (`SHA`, `SHA1`, `1.3.14.3.2.26`, `OID.1.3.14.3.2.26` )	—
	`SHA-224` (`SHA224`, `2.16.840.1.101.3.4.2.4`, `OID.2.16.840.1.101.3.4.2.4`) `SHA-256` (`SHA256`, `2.16.840.1.101.3.4.2.1`, `OID.2.16.840.1.101.3.4.2.1`) `SHA-384` (`SHA384`, `2.16.840.1.101.3.4.2.2`, `OID.2.16.840.1.101.3.4.2.2`) `SHA-512` (`SHA512`, `2.16.840.1.101.3.4.2.3`, `OID.2.16.840.1.101.3.4.2.3`)	—
	`SHA3-224` (`2.16.840.1.101.3.4.2.7`, `OID.2.16.840.1.101.3.4.2.7`) `SHA3-256` (`2.16.840.1.101.3.4.2.8`, `OID.2.16.840.1.101.3.4.2.8`) `SHA3-384` (`2.16.840.1.101.3.4.2.9`, `OID.2.16.840.1.101.3.4.2.9`) `SHA3-512` (`2.16.840.1.101.3.4.2.10`, `OID.2.16.840.1.101.3.4.2.10`)	—
`Cipher`	`AES` (`Rijndael`, `2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`) `AES/CTR/NoPadding`	—
	`AES_128/ECB/NoPadding` (`2.16.840.1.101.3.4.1.1`, `OID.2.16.840.1.101.3.4.1.1`) `AES_192/ECB/NoPadding` (`2.16.840.1.101.3.4.1.21`, `OID.2.16.840.1.101.3.4.1.21`) `AES_256/ECB/NoPadding` (`2.16.840.1.101.3.4.1.41`, `OID.2.16.840.1.101.3.4.1.41`) `AES_128/CBC/PKCS5Padding` (`AES_128/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.2`, `OID.2.16.840.1.101.3.4.1.2`) `AES_192/CBC/PKCS5Padding` (`AES_192/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.22`, `OID.2.16.840.1.101.3.4.1.22`) `AES_256/CBC/PKCS5Padding` (`AES_256/CBC/PKCS7Padding`, `2.16.840.1.101.3.4.1.42`, `OID.2.16.840.1.101.3.4.1.42`) `AES_128/OFB/NoPadding` (`2.16.840.1.101.3.4.1.3`, `OID.2.16.840.1.101.3.4.1.3`) `AES_192/OFB/NoPadding` (`2.16.840.1.101.3.4.1.23`, `OID.2.16.840.1.101.3.4.1.23`) `AES_256/OFB/NoPadding` (`2.16.840.1.101.3.4.1.43`, `OID.2.16.840.1.101.3.4.1.43`) `AES_128/CFB/NoPadding` (`2.16.840.1.101.3.4.1.4`, `OID.2.16.840.1.101.3.4.1.4`) `AES_192/CFB/NoPadding` (`2.16.840.1.101.3.4.1.24`, `OID.2.16.840.1.101.3.4.1.24`) `AES_256/CFB/NoPadding` (`2.16.840.1.101.3.4.1.44`, `OID.2.16.840.1.101.3.4.1.44`) `AES/GCM/NoPadding` `AES_128/GCM/NoPadding` (`2.16.840.1.101.3.4.1.6`, `OID.2.16.840.1.101.3.4.1.6`) `AES_192/GCM/NoPadding` (`2.16.840.1.101.3.4.1.26`, `OID.2.16.840.1.101.3.4.1.26`) `AES_256/GCM/NoPadding` (`2.16.840.1.101.3.4.1.46`, `OID.2.16.840.1.101.3.4.1.46`)	—
	`DESede` (`TripleDES`)^Foot 1 `DESede/CBC/PKCS5Padding` (`DESede/CBC/PKCS7Padding`, `OID.1.2.840.113549.3.7`, `1.2.840.113549.3.7`)^Foot 1	—
	`AES/KW/NoPadding` (`AESWrap`, `AES-KW`) `AES_128/KW/NoPadding` (`AESWrap_128`, `2.16.840.1.101.3.4.1.5`, `OID.2.16.840.1.101.3.4.1.5`) `AES_192/KW/NoPadding` (`AESWrap_192`, `2.16.840.1.101.3.4.1.25`, `OID. 2.16.840.1.101.3.4.1.25`) `AES_256/KW/NoPadding` (`AESWrap_256`, `2.16.840.1.101.3.4.1.45`, `OID.2.16.840.1.101.3.4.1.45`)	RFC 3394
	`AES/KWP/NoPadding` (`AESWrapPad`, `AES-KWP`) `AES_128/KWP/NoPadding` (`AESWrapPad_128`, `2.16.840.1.101.3.4.1.8`, `OID.2.16.840.1.101.3.4.1.8`) `AES_192/KWP/NoPadding`, (`AESWrapPad_192`, `2.16.840.1.101.3.4.1.28`, `OID.2.16.840.1.101.3.4.1.28`) `AES_256/KWP/NoPadding` (`AESWrapPad_256`, `2.16.840.1.101.3.4.1.48`, `OID.2.16.840.1.101.3.4.1.48`)	RFC 5649
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	PBES2 password-based cipher
	`PBEWithSHA1AndDESede` (`1.2.840.113549.1.12.1.3`, `OID.1.2.840.113549.1.12.1.3`)^Foot 1	PKCS #12 password-based encryption. The key derivation function used for this algorithm is a not a FIPS 140-3 allowed algorithm. This algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140-3 Allowed Algorithms.
	`RSA/ECB/OAEPPadding` `RSA/ECB/OAEPWithSHA-1andMGF1Padding` (`RSA/ECB/OAEPWithSHA1andMGF1Padding`) `RSA/ECB/OAEPWithSHA-224andMGF1Padding` (`RSA/ECB/OAEPWithSHA224andMGF1Padding`) `RSA/ECB/OAEPWithSHA-256andMGF1Padding` (`RSA/ECB/OAEPWithSHA256andMGF1Padding`) `RSA/ECB/OAEPWithSHA-384andMGF1Padding` (`RSA/ECB/OAEPWithSHA384andMGF1Padding`) `RSA/ECB/OAEPWithSHA-512andMGF1Padding` (`RSA/ECB/OAEPWithSHA512andMGF1Padding`)	—
`KeyFactory`	`RSA` (`1.2.840.113549.1.1`, `OID.1.2.840.113549.1.1`, `1.2.840.113549.1.1.1`, `OID.1.2.840.113549.1.1.1`) `RSASSA-PSS` (`PSS`, `1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`) `EC` (`EllipticCurve`, `1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DSA` (`1.2.840.10040.4.1`, `OID.1.2.840.10040.4.1`, `1.3.14.3.2.12`)^Foot 1 `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—
`Signature`	`SHA1withRSA` (`1.2.840.113549.1.1.5`, `OID.1.2.840.113549.1.1.5`, `1.3.14.3.2.29`, `OID.1.3.14.3.2.29`)^Foot 1 `SHA224withRSA` (`1.2.840.113549.1.1.14`, `OID.1.2.840.113549.1.1.14`) `SHA256withRSA` (`1.2.840.113549.1.1.11`, `OID.1.2.840.113549.1.1.11`) `SHA384withRSA` (`1.2.840.113549.1.1.12`, `OID.1.2.840.113549.1.1.12`) `SHA512withRSA` (`1.2.840.113549.1.1.13`, `OID.1.2.840.113549.1.1.13`) `NONEwithRSA`	RSA with PKCS1
	`RSASSA-PSS` (`1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`)	—
	`SHA1withECDSA` (`1.2.840.10045.4.1`, `OID.1.2.840.10045.4.1`)^Foot 1 `SHA224withECDSA` (`1.2.840.10045.4.3.1`, `OID.1.2.840.10045.4.3.1`) `SHA256withECDSA` (`1.2.840.10045.4.3.2`, `OID.1.2.840.10045.4.3.2`) `SHA384withECDSA` (`1.2.840.10045.4.3.3`, `OID.1.2.840.10045.4.3.3`) `SHA512withECDSA` (`1.2.840.10045.4.3.4`, `OID.1.2.840.10045.4.4.4`) `NONEwithECDSA`	—
	`SHA1withDSA` (`DSA`, `DSS`, `SHA/DSA`, `SHA-1/DSA`, `SHA1/DSA`, `SHAwithDSA`, `DSAWithSHA1`, `1.2.840.10040.4.3`, `OID.1.2.840.10040.4.3`, `1.3.14.3.2.13`, `OID.1.3.14.3.2.13`, `1.3.14.3.2.27`, `OID.1.3.14.3.2.27`)^Foot 1 `SHA224withDSA` (`2.16.840.1.101.3.4.3.1`, `OID.2.16.840.1.101.3.4.3.1`)^Foot 1 `SHA256withDSA` (`2.16.840.1.101.3.4.3.2`, `OID.2.16.840.1.101.3.4.3.2`)^Foot 1 `SHA384withDSA` (`2.16.840.1.101.3.4.3.3`, `OID.2.16.840.1.101.3.4.3.3`)^Foot 1 `SHA512withDSA` (`2.16.840.1.101.3.4.3.4`, `OID.2.16.840.1.101.3.4.3.4`)^Foot 1 `NONEwithDSA` (`RawDSA`)^Foot 1	—
`Mac`	`HmacSHA1` (`1.2.840.113549.2.7`, `OID.1.2.840.113549.2.7`) `HmacSHA224` (`1.2.840.113549.2.8`, `OID.1.2.840.113549.2.8`) `HmacSHA256` (`1.2.840.113549.2.9`, `OID.1.2.840.113549.2.9`) `HmacSHA384` (`1.2.840.113549.2.10`, `OID.1.2.840.113549.2.10`) `HmacSHA512` (`1.2.840.113549.2.11`, `OID.1.2.840.113549.2.11`)	—
`Mac`	`HmacPBESHA1` `HmacPBESHA224` `HmacPBESHA256` `HmacPBESHA384` `HmacPBESHA512`	PKCS #12 password-based encryption HMAC algorithms The key derivation function used for these algorithms is not a FIPS 140-3 allowed algorithm. These algorithms will be removed in a future release of Jipher. See Supported Non-FIPS 140-3 Allowed Algorithms.
`KeyGenerator`	`HmacSHA1` (`1.2.840.113549.2.7`, `OID.1.2.840.113549.2.7`) `HmacSHA224` (`1.2.840.113549.2.8`, `OID.1.2.840.113549.2.8`) `HmacSHA256` (`1.2.840.113549.2.9`, `OID.1.2.840.113549.2.9`) `HmacSHA384` (`1.2.840.113549.2.10`, `OID.1.2.840.113549.2.10`) `HmacSHA512` (`1.2.840.113549.2.11`, `OID.1.2.840.113549.2.11`)	—
	`AES` (`Rijndael`, `2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`) `AES_128/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.1`, `2.16.840.1.101.3.4.1.1`) `AES_192/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.21`, `2.16.840.1.101.3.4.1.21`) `AES_256/ECB/NoPadding` (`OID.2.16.840.1.101.3.4.1.41`, `2.16.840.1.101.3.4.1.41`) `AES_128/CBC/PKCS5Padding` (`AES_128/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.2`, `2.16.840.1.101.3.4.1.2`) `AES_192/CBC/PKCS5Padding` (`AES_192/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.22`, `2.16.840.1.101.3.4.1.22`) `AES_256/CBC/PKCS5Padding` (`AES_256/CBC/PKCS7Padding`, `OID.2.16.840.1.101.3.4.1.42`, `2.16.840.1.101.3.4.1.42`) `AES_128/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.3`, `2.16.840.1.101.3.4.1.3`) `AES_192/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.23`, `2.16.840.1.101.3.4.1.23`) `AES_256/OFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.43`, `2.16.840.1.101.3.4.1.43`) `AES_128/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.4`, `2.16.840.1.101.3.4.1.4`) `AES_192/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.24`, `2.16.840.1.101.3.4.1.24`) `AES_256/CFB/NoPadding` (`OID.2.16.840.1.101.3.4.1.44`, `2.16.840.1.101.3.4.1.44`) `AES_128/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.6`, `2.16.840.1.101.3.4.1.6`) `AES_192/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.26`, `2.16.840.1.101.3.4.1.26`) `AES_256/GCM/NoPadding` (`OID.2.16.840.1.101.3.4.1.46`, `2.16.840.1.101.3.4.1.46`)	—
	`SunTls12Prf` `SunTlsExtendedMasterSecret` `SunTlsKeyMaterial` (`SunTls12KeyMaterial`) `SunTlsRsaPremasterSecret` (`SunTls12RsaPremasterSecret`)	These non-standard KeyGenerator algorithms are needed to provide the cryptography required by the SunJSSE provider to support TLSv1.2.
`AlgorithmParameters`	`EC` (`1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`) `RSASSA-PSS` (`1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`)	—
	`AES` (`2.16.840.1.101.3.4.1`, `OID.2.16.840.1.101.3.4.1`, `2.16.840.1.101.3.4.1.2`, `OID.2.16.840.1.101.3.4.1.2`, `2.16.840.1.101.3.4.1.3`, `OID.2.16.840.1.101.3.4.1.3`, `2.16.840.1.101.3.4.1.4`, `OID.2.16.840.1.101.3.4.1.4`, `2.16.840.1.101.3.4.1.6`, `OID.2.16.840.1.101.3.4.1.6`, `2.16.840.1.101.3.4.1.22`, `OID.2.16.840.1.101.3.4.1.22`, `2.16.840.1.101.3.4.1.23`, `OID.2.16.840.1.101.3.4.1.23`, `2.16.840.1.101.3.4.1.24`, `OID.2.16.840.1.101.3.4.1.24`, `2.16.840.1.101.3.4.1.26`, `OID.2.16.840.1.101.3.4.1.26`, `2.16.840.1.101.3.4.1.42`, `OID.2.16.840.1.101.3.4.1.42`, `2.16.840.1.101.3.4.1.43`, `OID.2.16.840.1.101.3.4.1.43`, `2.16.840.1.101.3.4.1.44`, `OID.2.16.840.1.101.3.4.1.44`, `2.16.840.1.101.3.4.1.46` `OID.2.16.840.1.101.3.4.1.46`) `DESede` (`OID.1.2.840.113549.3.7`, `1.2.840.113549.3.7`)^Foot 1 `GCM` `OAEP` (`1.2.840.113549.1.1.7`, `OID.1.2.840.113549.1.1.7`)	—
	`PBES2` (`1.2.840.113549.1.5.13`, `OID.1.2.840.113549.1.5.13`) `PBE` `PBEWithSHA1AndDESede` (`OID.1.2.840.113549.1.12.1.3`, `1.2.840.113549.1.12.1.3`)^Foot 1	The key derivation function used for the PBEWithSHA1AndDESede algorithm is a not a FIPS 140-3 allowed algorithm. The PBEWithSHA1AndDESede algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140-3 Allowed Algorithms.
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	—
`KeyPairGenerator`	`RSA` (`1.2.840.113549.1.1`, `OID.1.2.840.113549.1.1`, `1.2.840.113549.1.1.1`, `OID.1.2.840.113549.1.1.1`) `RSASSA-PSS` (`PSS`, `1.2.840.113549.1.1.10`, `OID.1.2.840.113549.1.1.10`) `EC` (`EllipticCurve`, `1.2.840.10045.2.1`, `OID.1.2.840.10045.2.1`) `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—
`SecretKeyFactory`	`AES` `DESede` (`TripleDES`)^Foot 1	—
	`PBEWithHmacSHA1AndAES_128` `PBEWithHmacSHA224AndAES_128` `PBEWithHmacSHA256AndAES_128` `PBEWithHmacSHA384AndAES_128` `PBEWithHmacSHA512AndAES_128` `PBEWithHmacSHA1AndAES_256` `PBEWithHmacSHA224AndAES_256` `PBEWithHmacSHA256AndAES_256` `PBEWithHmacSHA384AndAES_256` `PBEWithHmacSHA512AndAES_256`	—
	`PBKDF2WithHmacSHA1` (`PBKDF2WithSHA1`, `1.2.840.113549.1.5.12`, `OID.1.2.840.113549.1.5.12`) `PBKDF2WithHmacSHA224` (`PBKDF2WithSHA224`) `PBKDF2WithHmacSHA256` (`PBKDF2WithSHA256`) `PBKDF2WithHmacSHA384` (`PBKDF2WithSHA384`) `PBKDF2WithHmacSHA512` (`PBKDF2WithSHA512`)	—
	`PBEWithSHA1AndDESede` (`OID.1.2.840.113549.1.12.1.3`, `1.2.840.113549.1.12.1.3`)^Foot 1	The key derivation function used for this algorithm is a not a FIPS 140-3 allowed algorithm. This algorithm will be removed in a future release of Jipher. See Supported Non-FIPS 140-3 Allowed Algorithms.
KeyAgreement	`ECDH` `DH` (`DiffieHellman`, `1.2.840.113549.1.3.1`, `OID.1.2.840.113549.1.3.1`)	—

^Footnote 1This algorithm is not supported if the FIPS 140 Enforcement Policy is set to FIPS_STRICT.

Supported Non-FIPS 140-3 Allowed Algorithms

Note:

Support for the PKCS #12 KDF algorithm will be removed in a future Jipher release. Once Jipher no longer supports the PKCS #12 KDF algorithm, it will no longer support the following algorithms (and aliases):

AlgorithmParameters
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
Cipher
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
SecretKeyFactory
- PBEWithSHA1AndDESede (OID.1.2.840.113549.1.12.1.3, 1.2.840.113549.1.12.1.3)
Mac
- HmacPBESHA1
- HmacPBESHA224
- HmacPBESHA256
- HmacPBESHA384
- HmacPBESHA512

Jipher supports the PKCS #12 Key Derivation Function (KDF) algorithm as described in Appendix B. Deriving Keys and IVs from Passwords and Salt in RFC 7292 - PKCS #12: Personal Information Exchange Syntax v1.1. This algorithm is not allowed by FIPS 140-3. This algorithm is supported for interoperability reasons, specifically to support the following:

Password integrity mode: Integrity is guaranteed through a Message Authentication Code (MAC) derived from a secret integrity password. The PKCS #12 KDF algorithm is used to derive a MAC key for this mode in the Mac algorithms HmacPBESHA1, HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, and HmacPBESHA512.
Password privacy mode: Personal information is encrypted with a symmetric key derived from a user name and a privacy password. The PKCS #12 KDF algorithm is used to derive a decryption key for this mode in the Cipher algorithm PBEWithSHA1AndDESede. Note that this use of the PKCS #12 KDF algorithm is deprecated.

Keysize Restrictions

Jipher uses the following default key sizes (in bits) and enforces the following restrictions for KeyGenerator and KeyPairGenerator.

KeyGenerator

Jipher honors the system property jdk.security.defaultKeySize, which enables users to configure the default key size used by KeyGenerator. The value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by a colon.

Table 8-2 KeyGenerator Algorithms and Default Key Sizes

Algorithm Name	Default Key Size	Restrictions and Comments
AES	256 if permitted by the cryptographic policy (see Import Limits on Cryptographic Algorithms), 128 otherwise.	Key size must be equal to 128, 192, or 256.
AES_128/<mode>/<padding>	128	Key size must be equal to 128.
AES_192/<mode>/<padding>	192	Key size must be equal to 192.
AES_256/<mode>/<padding>	256	Key size must be equal to 256.
HmacSHA1	160	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA224	224	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA256	256	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA384	384	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.
HmacSHA512	512	Key size must be at least 40 bits. Key sizes that are not a multiple of 8 are increased to the next multiple of 8.

KeyPairGenerator

Jipher honors the system property jdk.security.defaultKeySize, which enables users to configure the default key size used by KeyPairGenerator. The value of this property is a list of comma-separated entries. Each entry consists of a case-insensitive algorithm name and the corresponding default key size (in decimal) separated by a colon.

Table 8-3 KeyPairGenerator Algorithms and Default Key Sizes

Algorithm Name	Default Key Size	Restrictions and Comments
DiffieHellman	3072	Key size must be equal to 2048, 3072 or 4096. Algorithm parameter specification must specify an approved FFC Safe-prime group defined in SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups."
EC	256	Key size must be equal to 224, 256, 384, 521. Algorithm parameter specification must specify one the four approved ECC named curves listed in Approved ECC Named Curves and SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups" defined in RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier.
RSA and RSASSA-PSS	3072	Key size must be between 2,048 and 15,360 bits. The public exponent length must exceed 16 bits and cannot exceed 256 bits. If the key size exceeds 3072, then the public exponent length cannot exceed 64 bits.

Algorithm Name

Default Key Size

Restrictions and Comments

DiffieHellman

3072

Key size must be equal to 2048, 3072 or 4096.

Algorithm parameter specification must specify an approved FFC Safe-prime group defined in SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups."

256

Key size must be equal to 224, 256, 384, 521.

Algorithm parameter specification must specify one the four approved ECC named curves listed in Approved ECC Named Curves and SP 800-56A Rev. 3, "Appendix D: Approved ECC Curves and FFC Safe-prime Groups" defined in RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier.

RSA and RSASSA-PSS

3072

Key size must be between 2,048 and 15,360 bits.

The public exponent length must exceed 16 bits and cannot exceed 256 bits.

If the key size exceeds 3072, then the public exponent length cannot exceed 64 bits.

Approved ECC Named Curves

Standard for Efficient Cryptography Group (SECG) Name	NIST	OID
secp224r1	P-224	1.3.132.0.33
secp256r1	P-256	1.2.840.10045.3.1.7
secp384r1	P-384	1.3.132.0.34
secp521r1	P-521	1.3.132.0.35

Supported Elliptic Curve Names

Jipher supports only a fixed set of named (published) elliptic curves. These are NIST-recommended curves based on prime fields.

The following table lists the elliptic curves that are provided by Jipher.

Table 8-4 Supported Elliptic Curve Names

Elliptic Curve	Object Identifier and Aliases	Aliases
secp224r1	`1.3.132.0.33`	`P-224`, `P224`
secp256r1	`1.2.840.10045.3.1.7`	`P-256`, `P256`, `prime256v1`
secp384r1	`1.3.132.0.34`	`P-384`, `P384`
secp521r1	`1.3.132.0.35`	`P-521`, `P521`

Default Diffie-Hellman Parameters

When generating Diffie-Hellman (DH) key pairs, default DH parameters are selected based on key size. Supported key sizes are 2048, 3072, and 4096.

The default parameters are from RFC 7919: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security.

Table 8-5 Default DH Parameters

Key Size	Default Parameter
2048	`ffdhe2048`
3072	`ffdhe3072`
4096	`ffdhe4096`