Dell BSAFE Crypto-J Owner's manual

Brand: Dell

Model: BSAFE Crypto-J

Type: Owner's manual

Dell BSAFE Crypto-J is a software development toolkit that provides a comprehensive set of cryptographic functions for use in Java applications. It offers a wide range of capabilities, including:

Encryption and decryption of data using symmetric and asymmetric algorithms
Digital signatures and message authentication codes
Key generation and management
Random number generation
Hashing and message digests

Dell BSAFE Crypto-J is FIPS 140-2 validated, which means that it meets the U.S. government's standards for cryptographic modules. This makes it an ideal choice for applications that require a high level of security, such as financial transactions, healthcare records, and government communications.

Dell BSAFE Crypto-J is a software development toolkit that provides a comprehensive set of cryptographic functions for use in Java applications. It offers a wide range of capabilities, including:

Encryption and decryption of data using symmetric and asymmetric algorithms
Digital signatures and message authentication codes
Key generation and management
Random number generation
Hashing and message digests

Release Notes

17.07.19

RSA BSAFE

Crypto-J 6.2.5 Release Notes

This document summarizes the features of RSA BSAFE Crypto-J 6.2.5 (Crypto-J). It

outlines the new features, platform information, and resolved and known issues.

For details of the Crypto-J End of Primary Support dates, see the Product Version Life

Cycle Web site at

https://community.rsa.com/docs/DOC-73366.

Contents:

New Features ................................................................................................... 2

Changes ............................................................................................................ 3

Related Products ............................................................................................. 4

FIPS 140-2 Operations ................................................................................... 5

Operating Environment Information .............................................................. 6

Interoperability ................................................................................................ 14

Implementation Information .......................................................................... 15

Supported Hardware Devices ...................................................................... 16

Algorithms and Key Sizes ............................................................................ 17

Enhancements and Resolved Issues ......................................................... 28

Known Issues ................................................................................................. 29

Documentation ............................................................................................... 30

Support and Service ...................................................................................... 31

2 New Features

RSA BSAFE Crypto-J 6.2.5 Release Notes

New Features

This release of Crypto-J is designed to provide the following new features:

• Updated Algorithm support:

– Implementations of SHA3-224, SHA3-256, SHA3-384, SHA3-512,

SHAKE128, SHAKE256 available using the JCE MessageDigest API.

– Implementation of HKDF available using the JCE API.

– Implementation of HMAC/SHA3-224, HMAC/SHA3-256,

HMAC/SHA3-384, HMAC/SHA3-512 and CMAC available using the JCE

MAC API.

– Implementation of ChaCha20, available using the JCE API.

– Implementation of Poly1305, available using the JCE API.

– Implementation of ChaCha20-Poly1305 AEAD cipher, available using the

JCE API.

• Crypto-J gives deprecation warnings during compilation. In previous releases,

deprecated Crypto-J classes and class members were only documented as being

deprecated.

Features added in release 6.2.4.0.1:

There are no new features in release 6.2.4.0.1.

Features added in release 6.2.4:

The new features added in release 6.2.4 include:

• Updated platform support.

For more information, see Operating Environment Information.

• Support for the Single-Step KDF algorithm.

For more information, see Key Derivation Algorithms.

• Support for the RSA-KEM-KWS algorithm.

For more information, see Asymmetric Encryption and Decryption Algorithms.

• Key Confirmation extended JCE API added for use in SP 800 56 A/B Key

Agreement and Key Transport schemes.

Changes 3

RSA BSAFE Crypto-J 6.2.5 Release Notes

Changes

This release of Crypto-J is designed to include the following changes:

• The default key size for key generation of asymmetric keys has been changed to

reflect the minimum key size recommended in FIPS 186-4. Where the

KeyPairGenerator has not previously been initialized with a key size, keys

will be generated with the new default key size. For:

• The names of the jar files have been changed to reflect the release. For example:

cryptoj-6.2.5.jar.

• Fixes for specific issues.

For more information, see Enhancements and Resolved Issues:

Changes added in release 6.2.4.0.1:

Changes added in release 6.2.4 include fixes for specific issues.

For more information, see Enhancements and Resolved Issues.

Changes added in release 6.2.4:

Changes added in release 6.2.4 include:

• All JSAFE APIs are deprecated. The APIs are available for use, and will be

removed at some future time.

• Fixes for specific issues.

For more information, see Enhancements and Resolved Issues.

Important: The National Institute for Standards and Technologies (NIST) has

published an Update to Current Use and Deprecation of TDEA, announcing

their intention to deprecate the 3-key variant of Triple-DES, and disallow it

for use in TLS and other protocols. NIST is developing a draft deprecation

timeline for the 3-key variant of TDEA including a sunset date, and

recommends migration to AES as soon as possible.

RSA recommends caution when using Triple-DES.

Algorithm

Default Key Size

Current Previous

RSA 2048 1024

DSA 2048 1024

DH 2048 1024

EC 224 192

4 Related Products

RSA BSAFE Crypto-J 6.2.5 Release Notes

Related Products

The following related products are incorporated in this release of Crypto-J:

• RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) to provide native

cryptography support.

• RSA BSAFE Micro Edition Suite 4.1 (MES) to provide FIPS 140-2 native

cryptography support.

• OpenLDAP - JLDAP (oct_ndk_2007) to provide LDAP support.

Use of other versions of these products might work, but support is not guaranteed.

FIPS 140-2 Operations 5

RSA BSAFE Crypto-J 6.2.5 Release Notes

FIPS 140-2 Operations

Federal Information Processing Standards Publication 140-2 - Security Requirements

for Cryptographic Modules (FIPS 140-2) details the United States Government

requirements for cryptographic modules. For more information about the FIPS 140-2

standard and validation program, see the FIPS 140-2 page on the NIST Web site at

https://csrc.nist.gov/projects/cryptographic-module-validation-

program/standards.

The FIPS 140-2 validated configurations of this release inherit their FIPS 140-2 status

from the RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 (Crypto-J

JSAFE and JCE Software Module). For more information, see the RSA BSAFE

Crypto-J JSAFE and JCE Software Module Security Policy documents.

Note: FIPS 140-2 validation for the current release of the Crypto-J JSAFE

and JCE Software Module is in progress. When the validation process is

complete, the Security Policy documents might be updated and re-released, to

reflect the complete security requirements of FIPS 140-2 validation.

For the complete list of FIPS 140-2 tested and vendor affirmed operating

environments, and for detailed information about the Crypto-J JSAFE and JCE

Software Module and the secure operation of Crypto-J, see the RSA BSAFE Crypto-J

JSAFE and JCE Software Module Security Policy documents.

For details about the toolkit configuration and cryptographic implementation of

Crypto-J, see the “About the Crypto-J Toolkit” section of the RSA BSAFE Crypto-J

Installation Guide.

Note: As of February 2017, FIPS 140-2 module validations have a five year

life span from the date of the last validation. Unless modules are revalidated,

the validation expires and the module certificate is moved to the CMVP

Historical list.

Applications using modules from the CMVP Historical list are not

FIPS 140-2-compliant.

To confirm the validation state of a module, see the CMVP Validated Module page at

https://csrc.nist.gov/projects/cryptographic-module-validation-

program/validated-modules/search.

6 Operating Environment Information

RSA BSAFE Crypto-J 6.2.5 Release Notes

Operating Environment Information

Operating environment support for Crypto-J is separated into three categories:

• Primary Operating Environments: Crypto-J is designed and tested to support these

operating environments at the time of release.

For information about FIPS validation and testing, see FIPS 140-2 Operations.

• Secondary Operating Environments: these operating environments are not tested

with this release. These operating environments are expected to work, but support

is not guaranteed. If any issues are found, a specific request for investigation can

be made through RSA Customer Support.

• Tested JDK Update Versions: lists the tested JDK update versions for the

supported primary platforms and operating systems.

Primary Operating Environments

The following table lists the platforms and operating systems supported by Crypto-J at

the time of release, and details compiler information.

Table 1 Primary Operating Environment Information

Operating System

CPU

Architecture

CPU

Size

Compiler Version

Apple

Mac OS

X 10.11+

x86_64 64-bit Apple JDK 8.0

x86 32-bit

Canonical

Ubuntu

16.04 Server x86_64

64-bit

IBM

JDK 8.0

OpenJDK 8u

Oracle

JDK 8.0, 9.0.1

x86 32-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0

CentOS™ Project

CentOS 7.6 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

CentOS 6.10 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

Operating Environment Information 7

RSA BSAFE Crypto-J 6.2.5 Release Notes

FreeBSD

Foundation

FreeBSD 11.x x86_64 64-bit OpenJDK 8u

Google

Android™ 9.0

ARM

v8-A

64-bit Android SDK 28

Android 8.x ARM v8 64-bit Android SDK 26, 27

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

Android 7.x ARM v8 64-bit Android SDK 24. 25

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

IBM

AIX

7.2 PowerPC

64-bit IBM JDK 8.0

PowerPC 32-bit

Micro Focus

SUSE

Linux

Enterprise Server

12 SP4

x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

SUSE Linux Enterprise Server

12 SP3

x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

Microsoft

Windows

10 Enterprise

x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows 8.1 Enterprise x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK. 8.0

Oracle JDK 8.0, 9.0.1

Table 1 Primary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

Compiler Version

8 Operating Environment Information

RSA BSAFE Crypto-J 6.2.5 Release Notes

Microsoft (continued)

Windows Server 2016 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2012 R2 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2012 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2008 SP2 x86_64 64-bit IBM JDK. 8.0

Oracle JDK 8.0

Windows Server 2008

(SSLF configuration)

x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0

Oracle

Solaris

11 SPARC

64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

x86_64 64-bit Oracle JDK8.0

Solaris 10 SPARC v9 64-bit IBM JDK 8.0

Oracle JDK 8.0

x86_64 64-bit Oracle JDK8.0

Red Hat

Enterprise Linux 7.6 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.

Your RSA software contract might not grant you the right to develop

applications on all of the supported platforms listed. Contact your RSA sales

representative for information on the development platforms covered by your

contract.

Table 1 Primary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

Compiler Version

Operating Environment Information 9

RSA BSAFE Crypto-J 6.2.5 Release Notes

Secondary Operating Environments

The following table lists the secondary operating environments which are not tested

with this release, but can be requested through RSA Customer Support.

Table 2 Secondary Operating Environment Information

Operating System

CPU

Architecture

CPU

Size

JVM

Apple

Mac OS X 10.8+ x86_64 64-bit Apple JDK 7.0

x86 32-bit

Canonical

Ubuntu 16.04 Server x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

x86 32-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0, 9.0

(EA)

CentOS Project

CentOS 7.6 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

CentOS 6.9 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

FreeBSD Foundation

FreeBSD 11.x x86_64 64-bit OpenJDK 7u

FreeBSD 10.3 x86_64 64-bit OpenJDK 7u

Google

Android 6.x ARM v8 64-bit Android SDK 23

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

Android 5.x

ARM

32-bit Android SDK 21, 22

x86 32-bit

10 Operating Environment Information

RSA BSAFE Crypto-J 6.2.5 Release Notes

Google (continued)

Android 4.4.x

ARM

32-bit Android SDK 19

x86 32-bit

HPE

HP-UX 11.31

Itanium

64-bit HP JDK 7.0, 8.0

32-bit

IBM

AIX 7.2 PowerPC 64-bit IBM JDK 7.0, 7.1

32-bit

AIX 7.1 PowerPC 64-bit IBM JDK 7.0, 7.1, 8.0

32-bit

AIX 6.1 PowerPC 64-bit IBM JDK 7.0, 8.0

32-bit

Micro Focus

SUSE Linux Enterprise Server

12 SP 4

x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

SUSE Linux Enterprise Server

12 SP 3

x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

SUSE Linux Enterprise Server

11 SP4

x86_64 64-bit IBM JDK 7.0, 7.1, 8.0

OpenJDK 7u, 8u

Oracle JDK 7.0, 8.0x86 32-bit

Microsoft

Windows 10 Enterprise x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows 8.1 Enterprise x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Table 2 Secondary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

JVM

Operating Environment Information 11

RSA BSAFE Crypto-J 6.2.5 Release Notes

Microsoft (continued)

Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows Server 2016 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

Windows Server 2012 R2 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

Windows Server 2012 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

Windows Server 2008 SP2 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows Server 2008

(SSLF configuration)

x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

Oracle

Solaris 11 SPARC v9 64-bit Oracle JDK 7.0

SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1

x86_64 64-bit Oracle JDK 7.0

x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1

Solaris 10 SPARC v9 64-bit Oracle JDK 7.0

SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1

x86_64 64-bit Oracle JDK 7.0, 9.0.1

x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1

Table 2 Secondary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

JVM

12 Operating Environment Information

RSA BSAFE Crypto-J 6.2.5 Release Notes

Tested JDK Update Versions

The following table lists the supported primary platforms and operating systems, with

the tested JDK update version.

Red Hat

Enterprise Linux 7.6 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

Enterprise Linux 6.9 x86_64 64-bit IBM JDK 7.0, 7.1, 8.0

OpenJDK 7u, 8.u

Oracle JDK 7.0, 8.0x86 32-bit

Early Adopter

No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.

Table 3 Tested JDK Update Versions

Operating System CPU Compiler Version

Apple

Mac OS X 10.11+

All

Apple JDK 8.0 1.8.0_121.

Canonical Ubuntu

16.04 Server

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_191

Oracle JDK 1.8.0_74

32-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_121

Oracle JDK 1.8.0_74

CentOS Project CentOS

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_191

Oracle JDK 1.8.0_74

FreeBSD Foundation

FreeBSD

64-bit OpenJDK 1.8.0_181

IBM AIX

All IBM JDK 8.0 R28_20170314_2309_B340265

Micro Focus

SUSE Linux Enterprise

Server 12

64-bit OpenJDK 1.8.0_121

Oracle JDK 1.8.0_201

Microsoft Windows

64-bit IBM JDK 1.8.0 R28_Java8_SR3_20160719_1144_B312156

Oracle JDK1.8.0_201-b09

Table 2 Secondary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

JVM

Operating Environment Information 13

RSA BSAFE Crypto-J 6.2.5 Release Notes

Discontinued Environments

In this release of Crypto-J, RSA discontinues support for the following:

• Apple Mac OSX 10.7 32-bit and 64-bit

• Apple Mac OSX 10.6 32-bit and 64-bit

• Canonical Ubuntu 14.04 Server 32-bit and 64-bit

• Oracle JRockit 6.0.

In the next release of Crypto-J, RSA will discontinue support for Oracle JDK 9.

In the next release of Crypto-J, RSA might discontinue support for any of the

Secondary Operating Environments.

For subsequent releases of Crypto-J going forward, where a vendor discontinues

mainstream support for an operating system and platform combination, RSA

discontinues support from the same date.

Oracle Solaris

SPARC v9

64-bit

Oracle JDK 1.8.0_201-b09

x86_64

64-bit

Oracle JDK 1.8.0_65

Red Hat Enterprise

Linux 7

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_1311

Oracle JDK 1.8.0_201-b09

Table 3 Tested JDK Update Versions (continued)

Operating System CPU Compiler Version

14 Interoperability

RSA BSAFE Crypto-J 6.2.5 Release Notes

Interoperability

Application Server Interoperability

Crypto-J operates on the application servers on the platforms and in the scenarios

shown below, and has been tested under the following conditions:

• JCE dynamic loading

• JCE static loading

• JCE FIPS 140 dynamic loading

• JCE FIPS 140 static loading.

• Crypto-J provider registered statically and called explicitly while being bundled

with the application.

• Native support for cryptographic operations.

The following table lists the platform information for tested Application Servers.

Table 4 Application Server Interoperability

Platforms Application Server

Microsoft Windows Server 2012 R2, x86_64

Oracle Solaris 11, SPARC V8+

Red Hat Enterprise Linux 7.3, x86_64

IBM WebSphere

Application Server

7.0, 8.0 and 8.5

Oracle WebLogic Server 11gR1, 12c, 12cR2

Red Hat JBoss

EAP 6.x, 7.x

Red Hat JBoss WildFly

AS 8.2, 9.0.x, 10.1

Microsoft Windows Server 2012 R2, x86_64

Red Hat Enterprise Linux AS 7.3, x86_64

Apache™ Tomcat™ 7.0.x and 8.5

Implementation Information 15

RSA BSAFE Crypto-J 6.2.5 Release Notes

JSSE Interoperability

Crypto-J operates and has been tested with the JSSE providers on the platforms shown

below:

Java Web Start Interoperability

Crypto-J operates and has been tested with the Java Web Start on the platforms shown

below:

Implementation Information

The following Crypto-J jar files run on environments with JDK 7.0 and higher:

• jcm-6.2.5.jar

• jcmFIPS-6.2.5.jar

• cryptojcommon-6.2 .5.jar

The JCE provider is tested with the built-in JCE versions provided with JDK 7.0.

Table 5 JSSE Interoperability

Operating

System

CPU

JSSE

Provider

JDK Version

Microsoft

Windows Server

2012 R2

64-bit IBM 1.7.0 R27_Java727_SR3_20150407_1831_B243189

1.8.0 R28_Java8_SR3_20160719_1144_B312156

Oracle 1.7.0_80-b15

1.8.0_201-b09

Oracle Solaris 11.4 SPARC 9

64-bit

Oracle 1.8.0_201-b09

Red Hat Enterprise

Linux 7.6

64-bit

IBM

The IBMJCE provider must be registered in addition to JsafeJCE.

1.7.0 Linux amd64-64 Compressed References

20190125_408276

1.8.0_201

Oracle 1.7.0_80-b15

1.8.0_201-b09

Table 6 Application Server Interoperability

Platforms Supported JDK

Microsoft Windows Server 2012 R2, x86_64 Oracle JDK 7.0 and 8.0

Oracle Solaris 11, SPARC 9 Oracle JDK 7.0

Red Hat Enterprise Linux 7.6, x86_64 Oracle JDK 7.0 and 8.0

16 Supported Hardware Devices

RSA BSAFE Crypto-J 6.2.5 Release Notes

Supported Hardware Devices

The following table lists the PKCS #11 hardware device and features tested and

supported in this release of Crypto-J when using Oracle JDK 7.0 on a physical host

machine. No virtual environments are supported. JDKs, devices, and operations other

than that listed might work, but support is not guaranteed.

The supported device is subject to change in subsequent releases of Crypto-J.

Discontinued Hardware Devices

Where a vendor discontinues support for a hardware device, RSA discontinues

support from the same date.

Table 7 Supported Hardware Devices

Vendor and

Product

Features Operating System

RSA SecurID 800

USB token

Key Management:

• AES and RSA key generation

• Import and export symmetric keys

• Export RSA public key from token

Cryptographic Operations:

• AES encrypt and decrypt

• RSA sign and decrypt

• SHA-1 and SHA-256 message digests.

Certificate Store:

• Import and export certificates:

– RSA, DSA and EC certificates.

Microsoft Windows

Server 2008 SP2 64-bit

Algorithms and Key Sizes 17

RSA BSAFE Crypto-J 6.2.5 Release Notes

Algorithms and Key Sizes

The following algorithms and named curves are supported:

• Elliptic Curve Supported Named Curves

• Symmetric Encryption and Decryption Algorithms

• Asymmetric Encryption and Decryption Algorithms

• Digital Signature Schemes Algorithms

• Random Number Generation Algorithms

• Message Authentication Codes Algorithms

• Message Digest Algorithms

• Key Generation Algorithms

• Key Agreement Algorithms

• Key Derivation Algorithms

• Key Wrap Encryption and Decryption Algorithms

• Secret Sharing Algorithms

• Parameter Generation Algorithms.

18 Algorithms and Key Sizes

RSA BSAFE Crypto-J 6.2.5 Release Notes

Elliptic Curve Supported Named Curves

The following table lists the Named Elliptic Curves supported in this release.

Table 8 Elliptic Curve Supported Named Curves

Elliptic Curve Type

Equivalent Symmetric

Cipher Strength (bits)

Native

Support

PKCS #11

Koblitz Curve K-163 80 Yes No

Binary Curve B-163 80 Yes No

Prime Curve P-192 96 Yes No

Prime Curve P-224 112 Yes No

Koblitz Curve K-233 112 Yes No

Binary Curve B-233 112 Yes No

Prime Curve P-256 128 Yes Yes

Koblitz Curve K-283 128 Yes No

Binary Curve B-283 128 Yes No

Prime Curve P-384 192 Yes Yes

Koblitz Curve K-409 192 Yes No

Binary Curve B-409 192 Yes No

Prime Curve P-521 256 Yes No

Koblitz Curve K-571 256 Yes No

Binary Curve B-571 256 Yes No

Algorithms and Key Sizes 19

RSA BSAFE Crypto-J 6.2.5 Release Notes

Symmetric Encryption and Decryption Algorithms

The following table lists the supported symmetric encryption and decryption

algorithms in this release of Crypto-J.

Table 9 Symmetric Encryption and Decryption Algorithms

Algorithm Mode/Description

Key Bits

(or Equivalent)

Native

Support

PKCS #11

RC2 BPS, CBC, CFB

ECB, OFB

1- 1024 Yes No

RC4 N/A 8 - 2048 Yes No

RC5 BPS, CBC, CFB

ECB, OFB

0 - 2040 No No

AES BPS

CBC

CBC-CS1

CBC-CS2

CBC-CS3

CCM

CFB

CTR

ECB

GCM

128, 192, 256

Yes

XTS 256, 512 Yes No

ChaCha20 N/A 256 No No

ChaCha20

-Poly1305

N/A

256 No No

DES BPS, CBC, CFB

ECB, OFB

56 Yes No

Triple-DES BPS, CBC, CFB

ECB, OFB

112, 168 Yes No

Password-

Based

Encryption

PKCS5PBE-i-k

PKCS5V2PBE-i-k

PKCS12PBE-i-k

PKCS12V1PBE-i-k

Where i is the iteration count and k is the key size.

Depends on mode

selected.

Yes

20 Algorithms and Key Sizes

RSA BSAFE Crypto-J 6.2.5 Release Notes

Asymmetric Encryption and Decryption Algorithms

The following table lists the supported asymmetric encryption and decryption

algorithms supported in this release.

Table 10 Asymmetric Encryption and Decryption Algorithms

Algorithm Mode/Description

Key Bits

(or Equivalent)

Native

Support

PKCS #11

See Supported Hardware Devices of these Release Notes for specific details.

RSA RSA (2 primes) 256 - 4096 Yes Yes

Valid Padding Modes for the above are:

• OAEP

• PKCS #1 Block02 Padding

• No Padding (Raw RSA)

Optimal Asymmetric Encryption Padding

Yes

ECIES KDF2 XOR

AES

Triple-DES

Depends on curve

selected.

Yes No

RSA-KEM-KWS Key-Wrap Ciphers:

• AES-CCM

• AES-KW

• AES-KWP

KDFs:

• Single-Step KDF with

– SHA224

– SHA256

– SHA384

– SHA512

– SHA512-224

– SHA512-256

1024-4096 No No

Page is loading ...

Dell BSAFE Crypto-J Owner's manual

Brand: Dell

Model: BSAFE Crypto-J

Type: Owner's manual

Dell BSAFE Crypto-J is a software development toolkit that provides a comprehensive set of cryptographic functions for use in Java applications. It offers a wide range of capabilities, including:

Encryption and decryption of data using symmetric and asymmetric algorithms
Digital signatures and message authentication codes
Key generation and management
Random number generation
Hashing and message digests

Download PDF

report

Dell BSAFE Crypto-J Owner's manual

Dell BSAFE Crypto-J Owner's manual

Related papers

Other documents