How can I list the available Cipher algorithms?
I am getting a Cipher implementation with Cipher.getInstance(String algorithm). I am under the impression that the available algorithm names that I may pass di
-
To get a list of available cipher transformation names, use this code snippet:
TreeSet<String> algs = new TreeSet<>(); for (Provider provider : Security.getProviders()) { provider.getServices().stream() .filter(s -> "Cipher".equals(s.getType())) .map(Service::getAlgorithm) .forEach(algs::add); } algs.stream().forEach(System.out::println);Those names are compatible to be called via
Cipher.getInstance(). If an entry is missing the feedback mode or padding scheme, the JVM will fallback to the corresponding default.AES AESWrap AESWrap_128 AESWrap_192 AESWrap_256 AES_128/CBC/NoPadding AES_128/CFB/NoPadding AES_128/ECB/NoPadding AES_128/GCM/NoPadding AES_128/OFB/NoPadding AES_192/CBC/NoPadding AES_192/CFB/NoPadding AES_192/ECB/NoPadding AES_192/GCM/NoPadding AES_192/OFB/NoPadding AES_256/CBC/NoPadding AES_256/CFB/NoPadding AES_256/ECB/NoPadding AES_256/GCM/NoPadding AES_256/OFB/NoPadding ARCFOUR Blowfish ChaCha20 ChaCha20-Poly1305 DES DESede DESedeWrap PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA512AndAES_256 PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC4_128 PBEWithSHA1AndRC4_40 RC2 RSA RSA/ECB/PKCS1Paddingsee also JDK doc cipher algorithm names
To get a list of available TLS cipher suites, use this one-liner:
$ jrunscript -e "java.util.Arrays.asList(javax.net.ssl.SSLServerSocketFactory.getDefault().getSupportedCipherSuites()).stream().forEach(println)"Which outputs for JDK11:
TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA讨论(0) -
Seems like this is what you really need:
https://docs.oracle.com/javase/7/docs/api/java/security/Security.html#getAlgorithms(java.lang.String)
Returns a Set of Strings containing the names of all available algorithms or types for the specified Java cryptographic service (e.g., Signature, MessageDigest, Cipher, Mac, KeyStore).
讨论(0) -
The doc of Cipher.getInstance() says:
Note that the list of registered providers may be retrieved via the Security.getProviders() method
Clicking on the link leads to the doc of Provider, which has a method getServices() documented by :
Get an unmodifiable Set of all services supported by this Provider.
And clicking on the link leads to the doc of Provider which has a getAlgorithm() method.
Note that this is a very empirical method. A more logical method would be to read the documentation of the crypto libraries you're using. It must contain the list of supported algorithms.
Whatever the method you choose, reading the documentation helps a lot.
讨论(0) -
Here's my version based on the intructions from Atlassian:
- To include a cipher suite or protocol you require that is not enabled by default.
To exclude a cipher suite or protocol that is considered too weak to use, or for which a vulnerability has been discovered.
import java.util.Map; import java.util.TreeMap; import javax.net.ssl.SSLServerSocketFactory; public class Ciphers { public static void main(String[] args) { SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); String[] defaultCiphers = ssf.getDefaultCipherSuites(); String[] availableCiphers = ssf.getSupportedCipherSuites(); Map<String, Boolean> ciphers = new TreeMap<>(); for (String availableCipher : availableCiphers) { ciphers.put(availableCipher, Boolean.FALSE); } for (String defaultCipher : defaultCiphers) { ciphers.put(defaultCipher, Boolean.TRUE); } System.out.println("Default\tCipher"); for (Map.Entry<String, Boolean> cipher : ciphers.entrySet()) { if (Boolean.TRUE.equals(cipher.getValue())) { System.out.print('*'); } else { System.out.print(' '); } System.out.print('\t'); System.out.println(cipher.getKey()); } } }
Output:
Default Cipher
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
讨论(0) -
Once I have a list of providers, as described in JB Nizet's post, I still don't have a list of algorithms. I found that each Provider functions as a Properties object, and the Properties encode the algorithm names. I'm not entirely clear on if this is the correct way to look for them or not, and what exactly all the other properties mean, but I just wrote a routine that spewed all properties to System.out and grepped for various strings describing what I was looking for until I found it.
import java.security.*; for (Provider provider: Security.getProviders()) { System.out.println(provider.getName()); for (String key: provider.stringPropertyNames()) System.out.println("\t" + key + "\t" + provider.getProperty(key)); }讨论(0)
加载中...
- 热议问题