AI-generated Key Takeaways
-
The Java security package provides a framework for implementing fine-grained access control and managing cryptographic operations, including key generation and storage.
-
It supports provider-based implementations, allowing developers to leverage various security providers without modifying their code.
-
The package includes classes and interfaces for message digests, digital signatures, secure random number generation, and key management.
-
It offers tools for configuring security policies, defining permissions, and working with keystores and certificates.
Provides the classes and interfaces for the security framework.
This includes classes that implement an easily configurable,
fine-grained access control security architecture.
This package also supports
the generation and storage of cryptographic public key pairs,
as well as a number of exportable cryptographic operations
including those for message digest and signature generation. Finally,
this package provides classes that support signed/guarded objects
and secure random number generation.
Many of the classes provided in this package (the cryptographic
and secure random number generator classes in particular) are
provider-based. The class itself defines a programming interface
to which applications may write. The implementations themselves may
then be written by independent third-party vendors and plugged
in seamlessly as needed. Therefore application developers may
take advantage of any number of provider-based implementations
without having to add or rewrite code.
Package Specification
- Java™ Cryptography Architecture (JCA) Reference Guide
- PKCS #8: Private-Key Information Syntax Standard, Version 1.2, November 1993
- Java™ Cryptography Architecture Standard Algorithm Name Documentation
Related Documentation
For further documentation, please see:- Java™ SE Platform Security Architecture
- How to Implement a Provider in the Java™ Cryptography Architecture
- Default Policy Implementation and Policy File Syntax
- Permissions in the Java™ SE Development Kit (JDK)
- Summary of Tools for Java™ Platform Security
- keytool ( for Solaris/Linux) ( for Windows)
- jarsigner ( for Solaris/Linux) ( for Windows)
Interfaces
| AlgorithmConstraints | This interface specifies constraints for cryptographic algorithms, keys (key sizes), and other algorithm parameters. |
| DomainCombiner | Legacy security code; do not use. |
| Guard | This interface represents a guard, which is an object that is used to protect access to another object. |
| Key | The Key interface is the top-level interface for all keys. |
| KeyStore.Entry | A marker interface for KeyStore entry types. |
| KeyStore.Entry.Attribute | An attribute associated with a keystore entry. |
| KeyStore.LoadStoreParameter | A marker interface for KeyStore
load
and
store
parameters. |
| KeyStore.ProtectionParameter | A marker interface for keystore protection parameters. |
| Policy.Parameters | |
| Principal | This interface represents the abstract notion of a principal, which can be used to represent any entity, such as an individual, a corporation, and a login id. |
| PrivateKey | A private key. |
| PrivilegedAction<T> | Legacy security code; do not use. |
| PrivilegedExceptionAction<T> | Legacy security code; do not use. |
| PublicKey | A public key. |
Classes
| AccessControlContext | Legacy security code; do not use. |
| AccessController | Legacy security code; do not use. |
| AlgorithmParameterGenerator | The AlgorithmParameterGenerator class is used to generate a
set of
parameters to be used with a certain algorithm. |
| AlgorithmParameterGeneratorSpi | This class defines the Service Provider Interface (SPI)
for the AlgorithmParameterGenerator class, which
is used to generate a set of parameters to be used with a certain algorithm. |
| AlgorithmParameters | This class is used as an opaque representation of cryptographic parameters. |
| AlgorithmParametersSpi | This class defines the Service Provider Interface (SPI)
for the AlgorithmParameters class, which is used to manage
algorithm parameters. |
| AllPermission | Legacy security code; do not use. |
| BasicPermission | Legacy security code; do not use. |
| CodeSigner | This class encapsulates information about a code signer. |
| CodeSource | Legacy security code; do not use. |
| DigestInputStream | A transparent stream that updates the associated message digest using the bits going through the stream. |
| DigestOutputStream | A transparent stream that updates the associated message digest using the bits going through the stream. |
| GuardedObject | A GuardedObject is an object that is used to protect access to another object. |
| KeyFactory | Key factories are used to convert keys (opaque
cryptographic keys of type Key) into key specifications
(transparent representations of the underlying key material), and vice
versa. |
| KeyFactorySpi | This class defines the Service Provider Interface (SPI)
for the KeyFactory class. |
| KeyPair | This class is a simple holder for a key pair (a public key and a private key). |
| KeyPairGenerator | The KeyPairGenerator class is used to generate pairs of public and private keys. |
| KeyPairGeneratorSpi | This class defines the Service Provider Interface (SPI)
for the |
| KeyRep | Standardized representation for serialized Key objects. |
| KeyStore | This class represents a storage facility for cryptographic keys and certificates. |
| KeyStore.Builder | A description of a to-be-instantiated KeyStore object. |
| KeyStore.CallbackHandlerProtection | A ProtectionParameter encapsulating a CallbackHandler. |
| KeyStore.PasswordProtection | A password-based implementation of ProtectionParameter. |
| KeyStore.PrivateKeyEntry | A KeyStore entry that holds a PrivateKey
and corresponding certificate chain. |
| KeyStore.SecretKeyEntry | A KeyStore entry that holds a SecretKey. |
| KeyStore.TrustedCertificateEntry | A KeyStore entry that holds a trusted
Certificate. |
| KeyStoreSpi | This class defines the Service Provider Interface (SPI)
for the KeyStore class. |
| MessageDigest | This MessageDigest class provides applications the functionality of a message digest algorithm, such as SHA-1 or SHA-256. |
| MessageDigestSpi | This class defines the Service Provider Interface (SPI)
for the MessageDigest class, which provides the functionality
of a message digest algorithm, such as MD5 or SHA. |
| Permission | Legacy security code; do not use. |
| PermissionCollection | Legacy security code; do not use. |
| Permissions | Legacy security code; do not use. |
| Policy | Legacy security code; do not use. |
| ProtectionDomain | Legacy security code; do not use. |
| Provider | This class represents a "provider" for the Java Security API, where a provider implements some or all parts of Java Security. |
| Provider.Service | The description of a security service. |
| SecureClassLoader | This class extends ClassLoader with additional support for defining classes with an associated code source and permissions which are retrieved by the system policy by default. |
| SecureRandom | This class provides a cryptographically strong random number generator (RNG). |
| SecureRandomSpi | This class defines the Service Provider Interface (SPI)
for the SecureRandom class. |
| Security | This class centralizes all security properties and common security methods. |
| SecurityPermission | Legacy security code; do not use. |
| Signature | The Signature class is used to provide applications the functionality of a digital signature algorithm. |
| SignatureSpi | This class defines the Service Provider Interface (SPI)
for the Signature class, which is used to provide the
functionality of a digital signature algorithm. |
| Timestamp | This class encapsulates information about a signed timestamp. |
Enums
| CryptoPrimitive | An enumeration of cryptographic primitives. |
| KeyRep.Type | Key type. |
Exceptions
| AccessControlException | This exception is thrown by the AccessController to indicate that a requested access (to a critical system resource such as the file system or the network) is denied. |
| DigestException | This is the generic Message Digest exception. |
| GeneralSecurityException | The GeneralSecurityException class is a generic
security exception class that provides type safety for all the
security-related exception classes that extend from it. |
| InvalidAlgorithmParameterException | This is the exception for invalid or inappropriate algorithm parameters. |
| InvalidKeyException | This is the exception for invalid Keys (invalid encoding, wrong length, uninitialized, etc). |
| InvalidParameterException | This exception, designed for use by the JCA/JCE engine classes, is thrown when an invalid parameter is passed to a method. |
| KeyException | This is the basic key exception. |
| KeyManagementException | This is the general key management exception for all operations dealing with key management. |
| KeyStoreException | This is the generic KeyStore exception. |
| NoSuchAlgorithmException | This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment. |
| NoSuchProviderException | This exception is thrown when a particular security provider is requested but is not available in the environment. |
| PrivilegedActionException | Legacy security code; do not use. |
| ProviderException | A runtime exception for Provider exceptions (such as misconfiguration errors or unrecoverable internal errors), which may be subclassed by Providers to throw specialized, provider-specific runtime errors. |
| SignatureException | This is the generic Signature exception. |
| UnrecoverableEntryException | This exception is thrown if an entry in the keystore cannot be recovered. |
| UnrecoverableKeyException | This exception is thrown if a key in the keystore cannot be recovered. |