As you can imagine, in an area that is still evolving such as cryptography, any software designed to support use of it can be expected to evolve as well. Consequently, you can expect the list of algorithms and their modes of use presented in this appendix to change.
Updates to this list will appear in the file specifications.html , which is distributed in the source code releases of the Bouncy Castle provider. What follows gives you a picture of the algorithms supported by the Bouncy Castle provider as of release 1.28.
Asymmetric Ciphers
The RSA and ElGamal asymmetric ciphers are supported and can be used with the mode NONE, or ECB, and one of the following paddings:
- q NoPadding
- q PKCS1Padding
- q OAEPWith< digest >AndMFG1Padding, where digest is one of MD5, SHA1, SHA224, SHA384, or SHA512
Certificate Path Validation
The PKIX validation algorithm is supported.
Key Agreement Algorithms
Three key agreement algorithms are supported: DH, ECDH, and ECDHC.
Key Stores
The following keystore types are supported: BKS, UBER, and PKCS12 (BCPKCS12/PKCS12-DEF).
MAC Algorithms
The following symmetric cipher based MAC algorithms are supported: DES, DESEDE, IDEA, RC2, RC5, and Skipjack.
Two types of HMAC are supported as well:
- q HMac< digest > where < digest > is one of MD2, MD4, MD5, RIPEMD128, RIPEMD160, SHA1, SHA224, SHA256, SHA384, or SHA512
- q PBEWithHMac< digest >, where < digest > is one of RIPEMD160 or SHA1
Signature Algorithms
The following signature algorithms are available:
- q DSA, ECDSA, GOST-3410 (GOST-3410-94), ECGOST-3410 (GOST-3410-2001)
- q < digest > WithRSAEncryption, where < digest > is one of MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD128, RIPEMD160, or RIPEMD256
- q < digest > WithRSAAndMGF1, where < digest > is one of SHA1, SHA224, SHA256, SHA384, or SHA512
- q < digest > WithRSA/ISO9796-2, where < digest > is one of MD5, SHA1, or RIPEMD160
Message Digests
The following digests are supported: GOST3411, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, and Whirlpool.
Symmetric Block Ciphers
The following symmetric ciphers are supported: AES, Blowfish, CAST5, CAST6, DES, DESEDE, GOST- 28147, IDEA, RC2, RC5, RC6, Rijndael, Serpent, Skipjack, and Twofish.
Any of the ciphers can be combined with one of the following modes:
- q ECB. Electronic CodeBook mode
- q CBC. Cipher Block Chaining
- q OFB. Output Feedback Mode
- q CFB. Cipher Feedback Mode
- q SIC (CTR). Segmented Integer Counter mode (CounTeR mode)
- q OpenPGPCFB. Variation on CFB mode defined in OpenPGP
- q CTS. Cipher Text Stealing (should be used with NoPadding)
- q GOFB. OFB mode defined for the GOST-28147 encryption algorithm
and one of the following padding mechanisms:
- q NoPadding. No Padding
- q PKCS7Padding (PKCS5Padding). Padding mechanism defined in PKCS #5 and PKCS #7
- q ISO10126-2Padding. Padding mechanism defined in ISO 10126-2
- q ISO7816-4Padding. Padding mechanism defined in ISO 7816-4
- q TBCPadding. Trailing Bit Complement padding
- q X9.23Padding. Padding mechanism defined in X9.23
- q ZeroBytePadding. Padding with zero bytes (not recommended)
The following PBE algorithms are also supported:
- q PBEWithMD5AndDES
- q PBEWithSHA1AndDES
- q PBEWithSHA1AndRC2
- q PBEWithMD5AndRC2
- q PBEWithSHA1AndIDEA
- q PBEWithSHA1And3-KeyTripleDES
- q PBEWithSHA1And2-KeyTripleDES
- q PBEWithSHA1And40BitRC2
- q PBEWithSHA1And40BitRC4
- q PBEWithSHA1And128BitRC2
- q PBEWithSHA1And128BitRC4
- q PBEWithSHA1AndTwofish
Symmetric Stream Ciphers
The only stream cipher currently supported is RC4 (ARC4).