JCA,它的提供者和JCE之间的关系?

时间:2014-01-09 19:36:26

标签: java cryptography jce jca

我认为JCA替代JCE很简单。但是,编写一些测试代码以获取我系统上的所有提供程序后显示情况并非如此。

我注意到以下内容:

  1. 某些算法有多个提供商(例如:MD5withRSA位于SunRsaSign以及SunJSSE
  2. JCA似乎有type个算法超出了JCE中的算法
  3. 第1项是有道理的,因为JCA(对我来说)是一个可供选择的JCE提供者的库/数组。

    第2项有点令人困惑,因为它表明JCA不是一组“相同”的JCE提供者;对于任何一种“类型”的提供者来说,它都是一种水坑,JCE是否接口。

    那么,是什么JCA,它的供应商和JCE之间的工作关系?提供者是否也存在于独立的孤岛中,或者它们是否相互“构建”/它们之间是否存在依赖关系?

    对于那些对代码感兴趣的人和提出这个问题的结果,下面列出了


    import java.security.Provider;
    import java.security.Security;
    import java.util.ArrayList;
    
    public class ConsoleListJca 
    {
        public static void main(String[] args) 
        {
            for (Provider provider : Security.getProviders()) 
            {
                System.out.println("Provider: " + provider.getName() + " (ver " + provider.getVersion() + ")");
                System.out.print("  Algorithms: ");
                ArrayList<String> algos = new ArrayList<String>();
                for (Provider.Service service : provider.getServices()) 
                {
                    algos.add(String.format( "%s (%s)", service.getAlgorithm(), service.getType()));
                }
                java.util.Collections.sort(algos);
                String algorsStr = algos.toString();
                // remove [ and ] from ArrayList's toString()
                algorsStr = algorsStr.substring(1, algorsStr.length()-1); 
                System.out.println(algorsStr);
                System.out.println();
            }
        }
    }
    

    和结果(格式化为SO)

    Provider: SUN (ver 1.7)
      Algorithms: CaseExactJKS (KeyStore), Collection (CertStore), DSA (AlgorithmParameterGenerator), 
                  DSA (AlgorithmParameters), DSA (KeyFactory), DSA (KeyPairGenerator), 
                  JKS (KeyStore), JavaLoginConfig (Configuration), JavaPolicy (Policy), 
                  LDAP (CertStore), MD2 (MessageDigest), MD5 (MessageDigest), NONEwithDSA (Signature), 
                  NativePRNG (SecureRandom), PKIX (CertPathBuilder), PKIX (CertPathValidator), 
                  SHA (MessageDigest), SHA-256 (MessageDigest), SHA-384 (MessageDigest), 
                  SHA-512 (MessageDigest), SHA1PRNG (SecureRandom), SHA1withDSA (Signature), 
                  X.509 (CertificateFactory), com.sun.security.IndexedCollection (CertStore)
    
    Provider: SunRsaSign (ver 1.7)
      Algorithms: MD2withRSA (Signature), MD5withRSA (Signature), RSA (KeyFactory), RSA (KeyPairGenerator), 
                  SHA1withRSA (Signature), SHA256withRSA (Signature), SHA384withRSA (Signature), 
                  SHA512withRSA (Signature)
    
    Provider: SunEC (ver 1.7)
      Algorithms: EC (AlgorithmParameters), EC (KeyFactory), EC (KeyPairGenerator), ECDH (KeyAgreement), 
                  NONEwithECDSA (Signature), SHA1withECDSA (Signature), SHA256withECDSA (Signature), 
                  SHA384withECDSA (Signature), SHA512withECDSA (Signature)
    
    Provider: SunJSSE (ver 1.7)
      Algorithms: Default (SSLContext), MD2withRSA (Signature), MD5andSHA1withRSA (Signature), 
                  MD5withRSA (Signature), NewSunX509 (KeyManagerFactory), PKCS12 (KeyStore), 
                  PKIX (TrustManagerFactory), RSA (KeyFactory), RSA (KeyPairGenerator), 
                  SHA1withRSA (Signature), SunX509 (KeyManagerFactory), SunX509 (TrustManagerFactory), 
                  TLSv1 (SSLContext), TLSv1.1 (SSLContext), TLSv1.2 (SSLContext)
    
    Provider: SunJCE (ver 1.7)
      Algorithms: AES (AlgorithmParameters), AES (Cipher), AES (KeyGenerator), AESWrap (Cipher), 
                  ARCFOUR (Cipher), ARCFOUR (KeyGenerator), Blowfish (AlgorithmParameters), 
                  Blowfish (Cipher), Blowfish (KeyGenerator), DES (AlgorithmParameters), 
                  DES (Cipher), DES (KeyGenerator), DES (SecretKeyFactory), DESede (AlgorithmParameters), 
                  DESede (Cipher), DESede (KeyGenerator), DESede (SecretKeyFactory), DESedeWrap (Cipher), 
                  DiffieHellman (AlgorithmParameterGenerator), DiffieHellman (AlgorithmParameters), 
                  DiffieHellman (KeyAgreement), DiffieHellman (KeyFactory), 
                  DiffieHellman (KeyPairGenerator), HmacMD5 (KeyGenerator), HmacMD5 (Mac), 
                  HmacPBESHA1 (Mac), HmacSHA1 (KeyGenerator), HmacSHA1 (Mac), HmacSHA256 (KeyGenerator), 
                  HmacSHA256 (Mac), HmacSHA384 (KeyGenerator), HmacSHA384 (Mac), HmacSHA512 (KeyGenerator), 
                  HmacSHA512 (Mac), JCEKS (KeyStore), OAEP (AlgorithmParameters), PBE (AlgorithmParameters), 
                  PBEWithMD5AndDES (AlgorithmParameters), PBEWithMD5AndDES (Cipher), 
                  PBEWithMD5AndDES (SecretKeyFactory), PBEWithMD5AndTripleDES (AlgorithmParameters), 
                  PBEWithMD5AndTripleDES (Cipher), PBEWithMD5AndTripleDES (SecretKeyFactory), 
                  PBEWithSHA1AndDESede (AlgorithmParameters), PBEWithSHA1AndDESede (Cipher), 
                  PBEWithSHA1AndDESede (SecretKeyFactory), PBEWithSHA1AndRC2_40 (AlgorithmParameters), 
                  PBEWithSHA1AndRC2_40 (Cipher), PBEWithSHA1AndRC2_40 (SecretKeyFactory), 
                  PBKDF2WithHmacSHA1 (SecretKeyFactory), RC2 (AlgorithmParameters), RC2 (Cipher), 
                  RC2 (KeyGenerator), RSA (Cipher), SslMacMD5 (Mac), SslMacSHA1 (Mac), 
                  SunTls12Prf (KeyGenerator), SunTlsKeyMaterial (KeyGenerator), SunTlsMasterSecret (KeyGenerator), 
                  SunTlsPrf (KeyGenerator), SunTlsRsaPremasterSecret (KeyGenerator)
    
    Provider: SunJGSS (ver 1.7)
      Algorithms: 1.2.840.113554.1.2.2 (GssApiMechanism), 1.3.6.1.5.5.2 (GssApiMechanism)
    
    Provider: SunSASL (ver 1.7)
      Algorithms: CRAM-MD5 (SaslClientFactory), CRAM-MD5 (SaslServerFactory), DIGEST-MD5 (SaslClientFactory), 
                  DIGEST-MD5 (SaslServerFactory), EXTERNAL (SaslClientFactory), GSSAPI (SaslClientFactory), 
                  GSSAPI (SaslServerFactory), NTLM (SaslClientFactory), NTLM (SaslServerFactory), PLAIN (SaslClientFactory)
    
    Provider: XMLDSig (ver 1.0)
      Algorithms: DOM (KeyInfoFactory), DOM (XMLSignatureFactory), 
                  http://www.w3.org/2000/09/xmldsig#base64 (TransformService), 
                  http://www.w3.org/2000/09/xmldsig#enveloped-signature (TransformService), 
                  http://www.w3.org/2001/10/xml-exc-c14n# (TransformService), 
                  http://www.w3.org/2001/10/xml-exc-c14n#WithComments (TransformService), 
                  http://www.w3.org/2002/06/xmldsig-filter2 (TransformService), 
                  http://www.w3.org/2006/12/xml-c14n11 (TransformService), 
                  http://www.w3.org/2006/12/xml-c14n11#WithComments (TransformService), 
                  http://www.w3.org/TR/1999/REC-xpath-19991116 (TransformService), 
                  http://www.w3.org/TR/1999/REC-xslt-19991116 (TransformService), 
                  http://www.w3.org/TR/2001/REC-xml-c14n-20010315 (TransformService), 
                  http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments (TransformService)
    
    Provider: SunPCSC (ver 1.7)
      Algorithms: PC/SC (TerminalFactory)
    
    Provider: Apple (ver 1.1)
      Algorithms: KeychainStore (KeyStore)
    

2 个答案:

答案 0 :(得分:10)

JCA和JCE之间的基本区别在于JCE是JCA的扩展,而不是替代。 JCA包括MessageDigestSecureRandomKeyFactorySignatureKeyStore等类。 JCE添加了更多类加密,例如CipherKeyGenerationMacKeyGeneration。 JCA和JCE之间的区别在很大程度上已经消失,因为JCE已经提供标准运行时间了一段时间。

JCA/JCE旨在将加密实现与抽象分开。它是一个基于提供程序的体系结构,您可以在其中插入您选择的提供程序,例如BouncyCastle,它具有比标准Java运行时中包含的提供程序提供的更多加密算法支持。

答案 1 :(得分:0)

JCE 最初是一个单独的API,但现在 JCE被合并为JCA的一部分

从JDK 11文档中:

  

在JDK 1.4之前,JCE是非捆绑产品,因此,   JCA和JCE通常被称为独立,不同的   组件。由于JCE现在捆绑在JDK中,因此区别在于   变得不那么明显。由于JCE使用与   在JCA中,应该更恰当地将JCE视为   JCA。

现在, JCE是JCA的内置部分,而JCE一词在Java生态系统中逐渐消失。

简而言之: JCE 是历史上的技术/术语/概念。现代Java开发人员使用 JCA 来访问Java中的加密技术,而从不提及JCE。