Provides the classes and interfaces for the security framework. This includes classes that implement an easily configurable, fine-grained access control security architecture. This package also supports the generation and storage of cryptographic public key pairs, as well as a number of exportable cryptographic operations including those for message digest and signature generation. Finally, this package provides classes that support signed/guarded objects and secure random number generation. Many of the classes provided in this package (the cryptographic and secure random number generator classes in particular) are provider-based. The class itself defines a programming interface to which applications may write. The implementations themselves may then be written by independent third-party vendors and plugged in seamlessly as needed. Therefore application developers may take advantage of any number of provider-based implementations without having to add or rewrite code.
- Java Cryptography Architecture (JCA) Reference Guide
- PKCS #8: Private-Key Information Syntax Standard, Version 1.2, November 1993
- Java Security Standard Algorithm Names Specification
Related DocumentationFor further documentation, please see:
Interface Summary Interface Description AlgorithmConstraintsThis interface specifies constraints for cryptographic algorithms, keys (key sizes), and other algorithm parameters. Certificate Deprecated.A new certificate handling package is created in the Java platform. DomainCombinerA
DomainCombinerprovides a means to dynamically update the ProtectionDomains associated with the current
GuardThis interface represents a guard, which is an object that is used to protect access to another object. KeyThe Key interface is the top-level interface for all keys. KeyStore.EntryA marker interface for
KeyStore.Entry.AttributeAn attribute associated with a keystore entry. KeyStore.LoadStoreParameter KeyStore.ProtectionParameterA marker interface for keystore protection parameters. Policy.ParametersThis represents a marker interface for Policy parameters. PrincipalThis interface represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id. PrivateKeyA private key. PrivilegedAction<T>A computation to be performed with privileges enabled. PrivilegedExceptionAction<T>A computation to be performed with privileges enabled, that throws one or more checked exceptions. PublicKeyA public key. SecureRandomParametersA marker interface for parameters used in various
Class Summary Class Description AccessControlContextAn AccessControlContext is used to make system resource access decisions based on the context it encapsulates. AccessControllerThe AccessController class is used for access control operations and decisions. AlgorithmParameterGeneratorThe
AlgorithmParameterGeneratorclass is used to generate a set of parameters to be used with a certain algorithm.
AlgorithmParameterGeneratorSpiThis class defines the Service Provider Interface (SPI) for the
AlgorithmParameterGeneratorclass, which is used to generate a set of parameters to be used with a certain algorithm.
AlgorithmParametersThis class is used as an opaque representation of cryptographic parameters. AlgorithmParametersSpiThis class defines the Service Provider Interface (SPI) for the
AlgorithmParametersclass, which is used to manage algorithm parameters.
AllPermissionThe AllPermission is a permission that implies all other permissions. AuthProviderThis class defines login and logout methods for a provider. BasicPermissionThe BasicPermission class extends the Permission class, and can be used as the base class for permissions that want to follow the same naming convention as BasicPermission. CodeSignerThis class encapsulates information about a code signer. CodeSourceThis class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate chains that were used to verify signed code originating from that location. DigestInputStreamA transparent stream that updates the associated message digest using the bits going through the stream. DigestOutputStreamA transparent stream that updates the associated message digest using the bits going through the stream. DomainLoadStoreParameterConfiguration data that specifies the keystores in a keystore domain. DrbgParametersThis class specifies the parameters used by a DRBG (Deterministic Random Bit Generator). DrbgParameters.InstantiationDRBG parameters for instantiation. DrbgParameters.NextBytesDRBG parameters for random bits generation. DrbgParameters.ReseedDRBG parameters for reseed. GuardedObjectA GuardedObject is an object that is used to protect access to another object. Identity Deprecated.This class is no longer used. IdentityScope Deprecated.This class is no longer used. KeyFactoryKey factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the underlying key material), and vice versa.
KeyFactorySpiThis class defines the Service Provider Interface (SPI) for the
KeyPairThis class is a simple holder for a key pair (a public key and a private key). KeyPairGeneratorThe KeyPairGenerator class is used to generate pairs of public and private keys. KeyPairGeneratorSpiThis class defines the Service Provider Interface (SPI) for the
KeyPairGeneratorclass, which is used to generate pairs of public and private keys.
KeyRepStandardized representation for serialized Key objects. KeyStoreThis class represents a storage facility for cryptographic keys and certificates. KeyStore.BuilderA description of a to-be-instantiated KeyStore object. KeyStore.CallbackHandlerProtectionA ProtectionParameter encapsulating a CallbackHandler. KeyStore.PasswordProtectionA password-based implementation of
KeyStoreentry that holds a
PrivateKeyand corresponding certificate chain.
KeyStoreentry that holds a
KeyStoreentry that holds a trusted
KeyStoreSpiThis class defines the Service Provider Interface (SPI) for the
MessageDigestThis MessageDigest class provides applications the functionality of a message digest algorithm, such as SHA-1 or SHA-256. MessageDigestSpiThis class defines the Service Provider Interface (SPI) for the
MessageDigestclass, which provides the functionality of a message digest algorithm, such as MD5 or SHA.
PermissionAbstract class for representing access to a system resource. PermissionCollectionAbstract class representing a collection of Permission objects. PermissionsThis class represents a heterogeneous collection of Permissions. PKCS12AttributeAn attribute associated with a PKCS12 keystore entry. PolicyA Policy object is responsible for determining whether code executing in the Java runtime environment has permission to perform a security-sensitive operation. PolicySpiThis class defines the Service Provider Interface (SPI) for the
ProtectionDomainThe ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals. ProviderThis class represents a "provider" for the Java Security API, where a provider implements some or all parts of Java Security. Provider.ServiceThe description of a security service. SecureClassLoaderThis class extends ClassLoader with additional support for defining classes with an associated code source and permissions which are retrieved by the system policy by default. SecureRandomThis class provides a cryptographically strong random number generator (RNG). SecureRandomSpiThis class defines the Service Provider Interface (SPI) for the
SecurityThis class centralizes all security properties and common security methods. SecurityPermissionThis class is for security permissions. SignatureThe Signature class is used to provide applications the functionality of a digital signature algorithm. SignatureSpiThis class defines the Service Provider Interface (SPI) for the
Signatureclass, which is used to provide the functionality of a digital signature algorithm.
SignedObjectSignedObject is a class for the purpose of creating authentic runtime objects whose integrity cannot be compromised without being detected. Signer Deprecated.This class is no longer used. TimestampThis class encapsulates information about a signed timestamp. UnresolvedPermissionThe UnresolvedPermission class is used to hold Permissions that were "unresolved" when the Policy was initialized. URIParameterA parameter that contains a URI pointing to data intended for a PolicySpi or ConfigurationSpi implementation.
Enum Summary Enum Description CryptoPrimitiveAn enumeration of cryptographic primitives. DrbgParameters.CapabilityThe reseedable and prediction resistance capabilities of a DRBG. KeyRep.TypeKey type.
Exception Summary Exception Description AccessControlExceptionThis exception is thrown by the AccessController to indicate that a requested access (to a critical system resource such as the file system or the network) is denied. DigestExceptionThis is the generic Message Digest exception. GeneralSecurityExceptionThe
GeneralSecurityExceptionclass is a generic security exception class that provides type safety for all the security-related exception classes that extend from it.
InvalidAlgorithmParameterExceptionThis is the exception for invalid or inappropriate algorithm parameters. InvalidKeyExceptionThis is the exception for invalid Keys (invalid encoding, wrong length, uninitialized, etc). InvalidParameterExceptionThis exception, designed for use by the JCA/JCE engine classes, is thrown when an invalid parameter is passed to a method. KeyExceptionThis is the basic key exception. KeyManagementExceptionThis is the general key management exception for all operations dealing with key management. KeyStoreExceptionThis is the generic KeyStore exception. NoSuchAlgorithmExceptionThis exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment. NoSuchProviderExceptionThis exception is thrown when a particular security provider is requested but is not available in the environment. PrivilegedActionExceptionThis exception is thrown by
doPrivileged(PrivilegedExceptionAction, AccessControlContext context)to indicate that the action being performed threw a checked exception.
ProviderExceptionA runtime exception for Provider exceptions (such as misconfiguration errors or unrecoverable internal errors), which may be subclassed by Providers to throw specialized, provider-specific runtime errors. SignatureExceptionThis is the generic Signature exception. UnrecoverableEntryExceptionThis exception is thrown if an entry in the keystore cannot be recovered. UnrecoverableKeyExceptionThis exception is thrown if a key in the keystore cannot be recovered.